def test_authenticate_valid(rf, monkeypatch, cognito_well_known_keys,
jwk_private_key_one):
token = create_jwt_token(
jwk_private_key_one,
{
"iss": "https://cognito-idp.eu-central-1.amazonaws.com/bla",
"aud": settings.COGNITO_AUDIENCE,
"sub": "username",
},
)
def func(payload):
return USER_MODEL(username=payload["sub"])
monkeypatch.setattr(USER_MODEL.objects,
"get_or_create_for_cognito",
func,
raising=False)
request = rf.get("/", HTTP_AUTHORIZATION=b"bearer %s" % token)
auth = backend.JSONWebTokenAuthentication()
user, auth_token = auth.authenticate(request)
assert user
assert user.username == "username"
assert auth_token == token
def test_validate_token_caching(
cognito_well_known_keys,
jwk_private_key_one,
settings,
responses,
is_cache_enabled,
responses_calls,
):
if is_cache_enabled is not None:
settings.COGNITO_PUBLIC_KEYS_CACHING_ENABLED = is_cache_enabled
token = create_jwt_token(
jwk_private_key_one,
{
"iss": "https://cognito-idp.eu-central-1.amazonaws.com/bla",
"aud": "my-audience",
"sub": "username",
},
)
auth = validator.TokenValidator("eu-central-1", "bla", "my-audience")
auth.validate(token)
assert len(responses.calls) == 1
auth_again = validator.TokenValidator("eu-central-1", "bla", "my-audience")
auth_again.validate(token)
assert len(responses.calls) == responses_calls
def get(self, req, *args, **kwargs):
authorizaion = req.META['HTTP_AUTHORIZATION']
token = authorizaion.replace("Bearer ", "")
data = get_data_from_token(token)
if data:
uid = int(kwargs.get('id')) if kwargs.get('id') else None
if uid:
user = get_user_model().objects.get(id=uid)
if user is not None:
obj = {
'id': uid,
'username': user.username,
'email': user.email,
'type': user.type,
'password': user.password,
'first_name': '',
'last_name': '',
'portrait': ''
}
token = create_jwt_token(obj)
return JsonResponse({'token': token, 'data': obj})
else:
return JsonResponse({'token': '', 'data': ''})
else:
return self.getList(req)
else:
return JsonResponse({'data': ''})
def post(self, req, *args, **kwargs):
""" sign up"""
user = None
ubody = req.body.decode('utf-8')
d = json.loads(ubody)
if d:
username = d.get('username')
email = d.get('email')
password = d.get('password')
utype = d.get('type')
else:
return JsonResponse({'token': '', 'user': ''})
if find_user(email) or find_user(username):
return JsonResponse({'token': '', 'user': ''})
else: # username, email cannot be empty
user = save_user(None, username, email, password, utype)
if user is not None:
obj = {
'username': username,
'email': email,
'type': utype,
'password': '',
'first_name': '',
'last_name': '',
'portrait': ''
}
token = create_jwt_token(obj)
return JsonResponse({'token': token, 'data': obj})
else:
return JsonResponse({'token': '', 'data': ''})
def test_validate_token(cognito_well_known_keys, jwk_private_key_one):
token = create_jwt_token(
jwk_private_key_one, {
'iss': 'https://cognito-idp.eu-central-1.amazonaws.com/bla',
'aud': 'my-audience',
'sub': 'username',
})
auth = validator.TokenValidator('eu-central-1', 'bla', 'my-audience')
auth.validate(token)
def post(self, req, *args, **kwargs):
'''Institution sign up'''
params = req.POST
user = None
username = params.get('username')
email = params.get('email')
password = params.get('password')
firstname = 'me' #params.get('firstname')
lastname = 'me' #params.get('lastname')
utype = 'business' #params.get('type')
portrait = '' #params.get('portrait')
r = None
try:
r = get_user_model().objects.get(email__iexact=email)
except Exception: # models.DoesNotExist:
pass
if r:
return JsonResponse({
'token': '',
'user': '',
'errors': [ERR_USER_EXIST]
})
else: # assume username, email alwayse have value
if params.get('lat') and params.get('lng'):
user = save_user(None, username, email, password, utype,
firstname, lastname, portrait)
if user is not None:
image = req.FILES.get("image")
restaurant = self.createRestaurant(params, image, user)
obj = {
'username': username,
'email': email,
'password': '',
'type': utype,
'password': '',
'first_name': '',
'last_name': '',
'portrait': '',
'restaurant_id': restaurant.id
}
token = create_jwt_token(obj)
return JsonResponse({
'token': token,
'user': to_json(user),
'errors': []
})
return JsonResponse({
'token': '',
'user': '',
'errors': [ERR_SAVE_USER_EXCEPTION]
})
def test_validate_token_error_key(cognito_well_known_keys,
jwk_private_key_two):
token = create_jwt_token(
jwk_private_key_two, {
'iss': 'https://cognito-idp.eu-central-1.amazonaws.com/bla',
'aud': 'my-audience',
'sub': 'username',
})
auth = validator.TokenValidator('eu-central-1', 'bla', 'my-audience')
with pytest.raises(validator.TokenError):
auth.validate(token)
def test_validate_token(cognito_well_known_keys, jwk_private_key_one):
token = create_jwt_token(
jwk_private_key_one,
{
"iss": "https://cognito-idp.eu-central-1.amazonaws.com/bla",
"aud": "my-audience",
"sub": "username",
},
)
auth = validator.TokenValidator("eu-central-1", "bla", "my-audience")
auth.validate(token)
def test_validate_token_error_key(cognito_well_known_keys,
jwk_private_key_two):
token = create_jwt_token(
jwk_private_key_two,
{
"iss": "https://cognito-idp.eu-central-1.amazonaws.com/bla",
"aud": "my-audience",
"sub": "username",
},
)
auth = validator.TokenValidator("eu-central-1", "bla", "my-audience")
with pytest.raises(validator.TokenError):
auth.validate(token)
def post(self, req, *args, **kwargs):
""" login"""
ubody = req.body.decode('utf-8')
d = json.loads(ubody)
if d:
password = d.get('password')
account = d.get('account')
if account and password:
r = find_user(account)
if r and r.check_password(password):
user = authenticate(req,
username=r.username,
password=password)
if user is not None:
login(req, user) # make use of django session
if r.type == 'business':
restaurant = Restaurant.objects.get(admin_id=r.id)
token = create_jwt_token({
'id': r.id,
'username': r.username,
'type': r.type,
'restaurant_id': restaurant.id
})
else:
token = create_jwt_token({
'id': r.id,
'username': r.username,
'type': r.type
})
r.password = ''
data = to_json(r)
if r.type == 'business':
data['restaurant_id'] = restaurant.id
return JsonResponse({'token': token, 'data': data})
else:
return JsonResponse({'token': '', 'data': ''})
return JsonResponse({'token': '', 'data': ''})
def test_authenticate_invalid(rf, cognito_well_known_keys,
jwk_private_key_two):
token = create_jwt_token(
jwk_private_key_two, {
'iss': 'https://cognito-idp.eu-central-1.amazonaws.com/bla',
'aud': settings.COGNITO_AUDIENCE,
'sub': 'username',
})
request = rf.get('/', HTTP_AUTHORIZATION=b'bearer %s' % token)
auth = backend.JSONWebTokenAuthentication()
with pytest.raises(AuthenticationFailed):
auth.authenticate(request)
async def register(request):
data = await request.json()
username, password = data['username'], data['password']
if UserService.get_user(username=username):
return utils.json_response({
"errors": [
{"username": "******"}
]
})
user = UserService.add_user(username, password)
return web.Response(text=utils.create_jwt_token(user.id))
def test_authenticate_invalid(rf, cognito_well_known_keys,
jwk_private_key_two):
token = create_jwt_token(
jwk_private_key_two,
{
"iss": "https://cognito-idp.eu-central-1.amazonaws.com/bla",
"aud": settings.COGNITO_AUDIENCE,
"sub": "username",
},
)
request = rf.get("/", HTTP_AUTHORIZATION=b"bearer %s" % token)
auth = backend.JSONWebTokenAuthentication()
with pytest.raises(AuthenticationFailed):
auth.authenticate(request)
def test_validate_token_caching(cognito_well_known_keys, jwk_private_key_one,
settings, responses, is_cache_enabled,
responses_calls):
if is_cache_enabled is not None:
settings.COGNITO_PUBLIC_KEYS_CACHING_ENABLED = is_cache_enabled
token = create_jwt_token(
jwk_private_key_one, {
'iss': 'https://cognito-idp.eu-central-1.amazonaws.com/bla',
'aud': 'my-audience',
'sub': 'username',
})
auth = validator.TokenValidator('eu-central-1', 'bla', 'my-audience')
auth.validate(token)
assert len(responses.calls) == 1
auth_again = validator.TokenValidator('eu-central-1', 'bla', 'my-audience')
auth_again.validate(token)
assert len(responses.calls) == responses_calls
async def login(request):
data = await request.json()
username, password = data['username'], data['password']
user = UserService.get_user(username=username)
if not user:
return utils.json_response({
"errors": [
{"username": "******"}
]
})
else:
if user.password == password:
return web.Response(text=utils.create_jwt_token(user.id))
return utils.json_response({
"errors": [
{"password": "******"}
]
})
def test_authenticate_valid(rf, monkeypatch, cognito_well_known_keys, jwk_private_key_one):
token = create_jwt_token(
jwk_private_key_one,
{
'iss': 'https://cognito-idp.eu-central-1.amazonaws.com/bla',
'aud': settings.COGNITO_AUDIENCE,
'sub': 'username',
})
def func(payload):
return USER_MODEL(
username=payload['sub'])
monkeypatch.setattr(
USER_MODEL.objects, 'get_or_create_for_cognito', func, raising=False)
request = rf.get('/', HTTP_AUTHORIZATION=b'bearer %s' % token)
auth = backend.JSONWebTokenAuthentication()
user, auth_token = auth.authenticate(request)
assert user
assert user.username == 'username'
assert auth_token == token
