def _get_tokens(user: User, session_id: Union[str, UUID]) -> TokenCollection: token_payload = {"user_id": user.id, "session_id": str(session_id)} access_token, access_token_expired_at = encode_jwt(token_payload) refresh_token, refresh_token_expired_at = encode_jwt( token_payload, token_type=TOKEN_TYPE_REFRESH, ) return TokenCollection( refresh_token=refresh_token, refresh_token_expired_at=refresh_token_expired_at, access_token=access_token, access_token_expired_at=access_token_expired_at, )
async def test_get_rendered_page__ok(self, unauth_client, user): token = encode_jwt({"user_id": user.id}) response = await unauth_client.get(self.path, params={"t": token}) assert response.status == 200 content = await response.text() assert token in content assert user.email in content
def test_user_does_not_exist__fail(self, client, user): user_id = 0 token, _ = encode_jwt({"user_id": user_id}, token_type=TOKEN_TYPE_RESET_PASSWORD) response_data = self._assert_fail_response(client, token) self.assert_auth_invalid( response_data, f"Couldn't found active user with id={user_id}.")
def test__token_invalid_type__fail(self, client, user): token, _ = encode_jwt({"user_id": user.id}, token_type=TOKEN_TYPE_REFRESH) response_data = self._assert_fail_response(client, token) self.assert_auth_invalid( response_data, "Token type 'reset_password' expected, got 'refresh' instead.")
def test_user_inactive__fail(self, client, user, dbs): await_(user.update(dbs, is_active=False)) await_(dbs.commit()) token, _ = encode_jwt({"user_id": user.id}, token_type=TOKEN_TYPE_RESET_PASSWORD) response_data = self._assert_fail_response(client, token) self.assert_auth_invalid( response_data, f"Couldn't found active user with id={user.id}.")
async def test_get_rendered_page__token_expired__fail( self, unauth_client, user): token = encode_jwt({"user_id": user.id}, expiration_seconds=-10) response = await unauth_client.get(self.path, params={"t": token}) assert response.status == 200 content = await response.text() assert token not in content assert "Provided token is missed or incorrect" in content
def _generate_token(user: User): payload = { "user_id": user.id, "email": user.email, "jti": f"token-{uuid.uuid4()}", # JWT ID "slt": get_salt(), } return encode_jwt(payload, expiration_seconds=settings.RESET_PASSWORD_LINK_EXP)
def test_check_auth__token_t_mismatch__fail(self, client, user, user_session, token_type, dbs): await_(user_session.update(dbs, is_active=False)) await_(dbs.commit()) token, _ = encode_jwt({"user_id": user.id}, token_type=token_type) request = self._prepare_request(dbs, user, user_session) with pytest.raises(AuthenticationFailedError) as err: await_( BaseAuthJWTBackend(request).authenticate_user( token, token_type="access")) assert err.value.details == f"Token type 'access' expected, got '{token_type}' instead."
def _generate_token(user: User) -> str: payload = { "user_id": user.id, "email": user.email, "jti": f"token-{uuid.uuid4()}", # JWT ID "slt": get_salt(), } token, _ = encode_jwt( payload, token_type=TOKEN_TYPE_RESET_PASSWORD, expires_in=settings.RESET_PASSWORD_LINK_EXPIRES_IN, ) return token
def _prepare_request(db_session: AsyncSession, user: User, user_session: UserSession): jwt, _ = encode_jwt({ "user_id": user.id, "session_id": user_session.public_id }) scope = { "type": "http", "headers": [(b"authorization", f"Bearer {jwt}".encode("latin-1"))] } request = Request(scope) request.db_session = db_session return request
def test_refresh_token__token_not_refresh__fail(self, client, user, token_type): refresh_token, _ = encode_jwt({"user_id": user.id}, token_type=token_type) response = client.post(self.url, json={"refresh_token": refresh_token}) response_data = self.assert_fail_response( response, status_code=401, response_status=ResponseStatus.AUTH_FAILED) assert response_data == { "error": "Authentication credentials are invalid.", "details": f"Token type 'refresh' expected, got '{token_type}' instead.", }
async def test_token_invalid__fail(self, unauth_client, user): token = encode_jwt({"user_id": user.id}) + "fake-post" new_password = "******" response = await unauth_client.post(self.path, data={ "token": token, "password_1": new_password, "password_2": new_password }) assert response.status == 401 response_data = await response.json() assert response_data == { "details": "Invalid token header. Token could not be decoded as JWT.", "message": "Authentication credentials are invalid", }
async def test_change_password_success__ok(self, unauth_client, user, web_app): token = encode_jwt({"user_id": user.id}) new_password = "******" response = await unauth_client.post(self.path, data={ "token": token, "password_1": new_password, "password_2": new_password }) assert response.status == 200 response_data = await response.json() assert response_data["redirect_url"] == str( web_app.router["index"].url_for()) user = await User.async_get(web_app.objects, id=user.id) assert user.verify_password(new_password)
async def test_user_does_not_exist__fail(self, unauth_client, user, db_objects): user_id = "fake-user-id" token = encode_jwt({"user_id": user_id}) new_password = "******" response = await unauth_client.post(self.path, data={ "token": token, "password_1": new_password, "password_2": new_password }) assert response.status == 401 response_data = await response.json() assert response_data == { "message": "Authentication credentials are invalid", "details": f"Active user #{user_id} not found or token is invalid.", }
def test_change_password__ok(self, client, user, user_session, dbs): token, _ = encode_jwt( { "user_id": user.id, "session_id": user_session.public_id }, token_type=TOKEN_TYPE_RESET_PASSWORD, ) request_data = { "token": token, "password_1": self.new_password, "password_2": self.new_password, } client.logout() response = client.post(self.url, json=request_data) response_data = self.assert_ok_response(response) assert_tokens(response_data, user) await_(dbs.refresh(user)) assert user.verify_password(self.new_password)
def _prepare_token(db_session: AsyncSession, user: User, is_active=True, refresh=True) -> UserSession: token_type = TOKEN_TYPE_REFRESH if refresh else TOKEN_TYPE_ACCESS session_id = str(uuid.uuid4()) refresh_token, _ = encode_jwt( { "user_id": user.id, "session_id": session_id }, token_type=token_type) user_session = await_( UserSession.async_create( db_session, db_commit=True, user_id=user.id, is_active=is_active, public_id=session_id, refresh_token=refresh_token, expired_at=datetime.utcnow(), )) return user_session
def test__token_expired__fail(self, client, user): token, _ = encode_jwt({"user_id": user.id}, expires_in=-10) response_data = self._assert_fail_response( client, token, ResponseStatus.SIGNATURE_EXPIRED) self.assert_auth_invalid(response_data, "JWT signature has been expired for token")
def login(self, user: User): user_session = create_user_session(self.db_session, user) jwt, _ = encode_jwt({"user_id": user.id, "session_id": user_session.public_id}) self.headers["Authorization"] = f"Bearer {jwt}" return user_session