def test_missing_other_token_fields(client, bad_token):
    # this test is for if any fields in the token
    # that are NOT checked by PyJWT are missing
    #   ex: 'sub', 'user'
    auth_header = {'Authorization': create_token(bad_token)}

    response = client.post(test_url,
                           headers=auth_header,
                           json=valid_data,
                           as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert response.json['description'] == 'Invalid JWT Credentials'

    response = client.put(f'{test_url}/1',
                          headers=auth_header,
                          json={'color': 'purple'},
                          as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert response.json['description'] == 'Invalid JWT Credentials'

    response = client.delete(f'{test_url}/1',
                             headers=auth_header,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert response.json['description'] == 'Invalid JWT Credentials'
Example #2
0
def test_auth_file_invalid(make_client):
    # create temp file
    empty_file = Path('./empty.txt')
    empty_file.touch()
    assert empty_file.exists()

    # set service to use temp file as auth public key
    api = create_custom_auth_setup_api({'public_key': empty_file})
    client = make_client(api)

    # fail on attempt to use a valid token
    response = client.post(
        '/v1/potions/types',
        headers={'Authorization': create_token(token, adjust_times=True)},
        json={
            'related_stat': 'Health',
            'color': 'red'
        },
        as_response=True)
    assert response.status_code == 401
    assert response.json[
        'description'] == 'Error Decoding Token: Unable to Read Key. Contact System Admin.'

    # remove temp file
    empty_file.unlink()
    assert not empty_file.exists()
Example #3
0
def test_valid_auth_token(client):
    delete_all()
    response = client.post(
        test_url,
        headers={'Authorization': create_token(token, adjust_times=True)},
        json=valid_data,
        as_response=True)
    assert response.status_code == 201
    delete_all()
Example #4
0
def test_bearer_case_insensitive(client, bearer_case):
    delete_all()
    token_value = create_token(token,
                               adjust_times=True)[7:]  # removes 'Bearer '
    response = client.post(
        test_url,
        headers={'Authorization': f'{bearer_case} {token_value}'},
        json=valid_data,
        as_response=True)
    assert response.status_code == 201
Example #5
0
def test_valid_no_auth_routes(client, url):
    delete_all()
    # valid header
    response = client.get(
        url,
        headers={'Authorization': create_token(token, adjust_times=True)},
        as_response=True)
    assert response.status_code == 200
    # invalid header
    response = client.get(url,
                          headers={'Authorization': 'notvalid'},
                          as_response=True)
    assert response.status_code == 200
    # no header
    response = client.get(url, as_response=True)
    assert response.status_code == 200
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Error Decoding Token' in response.json['description']

    response = client.delete(f'{test_url}/1',
                             headers=bad_token,
                             as_response=True)
    assert response.status_code == 401
    assert response.json['title'] == '401 Unauthorized'
    assert 'Error Decoding Token' in response.json['description']


@pytest.mark.parametrize('bad_token', [
    create_token({
        'sub': '1234567890',
        'name': 'Jane Doe',
        'admin': True
    }),
    create_token({
        'sub': '1234567890',
        'name': 'Jane Doe',
        'admin': True,
        'iat': 1516239022,
        'nbf': 1588115206
    }),
    create_token({
        'sub': '1234567890',
        'name': 'Jane Doe',
        'admin': True,
        'iat': 1516239022,
        'exp': 1588116029,
Example #7
0
import copy
import pytest

from tests.helpers.temp_application import client
from tests.helpers.data_manager import prepopulate
from tests.helpers.data_manager import delete_all
from tests.helpers.auth_token import create_token, token

# token only required on non-GET requests
valid_token = {'Authorization': create_token(token)}

POTIONS = '/v1/potions'
POTION_TYPE = '/v1/potions/types'
POTENCY = '/v1/potions/potency'
INVENTORY = '/v1/inventory'
EMPTY = []


def test_delete_all_helper(client):
    # starts empty
    resp = client.get(POTION_TYPE, as_response=True)
    assert resp.status_code == 200
    if resp.json['results']:
        delete_all()
        resp = client.get(POTION_TYPE, as_response=True)
        assert resp.status_code == 200

    assert resp.json['results'] == EMPTY

    # add some potions
    client.post(POTION_TYPE,