Exemple #1
0
def cli(loop, aiohttp_client):
    global global_secret
    secret_manager = SecretManager( 
        secret = 'testsecret' ,    
        refresh_interval = '1s' , 
        scheme = "Bearer" ,  
        algorithm = 'HS256' ,     
        exptime = '2s' ,     
    )
    global_secret = secret_manager
    jwt = JWTHelper(
        unauthorized_return_route = '' , 
        unauthorized_return_route_handler = unauthorised,
        authorized_return_page_handler = authorised,
        secret_manager = secret_manager 
    )
    app = web.Application(
        middlewares=[ 
            jwt.pre_jwt_identifier(),
            jwt.post_jwt_router(),
        ]
    )
    app.router.add_get('/index.html' , authorised)
    app.router.add_get('/login.html' , unauthorised)
    loop.create_task(secret_manager.auto_refresh())
    return loop.run_until_complete(aiohttp_client(app))
Exemple #2
0
async def test_with_auth(cli):
    secret_selected = global_secret.get_secrets()[0]
    secret_manager = SecretManager( secret = secret_selected)
    jwt = secret_manager.encode({'username' : 'jacky'})
    headers = {
        'Authorization': "Bearer " + jwt
    }

    resp = await cli.get('/index.html' , headers = {})
    assert resp.status == 200
    assert await resp.text() == "fail"

    await asyncio.sleep(0.5)
    resp = await cli.get('/index.html' , headers = headers)
    assert resp.status == 200
    assert await resp.text() == "pass"

    await asyncio.sleep(1)
    resp = await cli.get('/index.html' , headers = headers)
    assert resp.status == 200
    assert await resp.text() == "pass"

    await asyncio.sleep(1)
    resp = await cli.get('/index.html' , headers = headers)
    assert resp.status == 200
    assert await resp.text() == "fail"

    assert secret_selected != global_secret.get_secrets()[0]
Exemple #3
0
async def test_unicode(cli):
    secret_manager = SecretManager( secret = 'testsecret' )
    jwt = secret_manager.encode({'username' : '你好世界'})
    headers = {
        'Authorization': "Bearer " + jwt
    }

    resp = await cli.get('/index.html' , headers = headers)
    assert resp.status == 200
    r_json = json.loads(await resp.text())
    assert 'username' in r_json
    assert r_json['username'] == '你好世界'

    resp = await cli.get('/bear' , headers = headers)
    assert resp.status == 200
    assert await resp.text() == '你好世界'
Exemple #4
0
def cli(loop, aiohttp_client):
    secret_manager = SecretManager( 
        secret = 'testsecret' ,    
        refresh_interval = '30d' , 
        scheme = "Bearer" ,  
        algorithm = 'HS256' ,     
        exptime = '30d' ,     
    )
    jwt = JWTHelper(
        unauthorized_return_route = '' , 
        unauthorized_return_route_handler = index,
        authorized_return_page_handler = index,
        secret_manager = secret_manager , 
        token_getter = basic_token_getter,  
        identifier =  basic_identifier ,   
        whitelist = () , 
        protected_apis = [] 
    )
    app = web.Application(
        middlewares=[ 
            jwt.pre_jwt_identifier(),
            jwt.post_jwt_router(),
        ]
    )
    app.router.add_get('/index.html' , index)
    app.router.add_get('/bear' ,bear)
    return loop.run_until_complete(aiohttp_client(app))
Exemple #5
0
async def test_idnt(cli):
    secret_manager = SecretManager( secret = 'testsecret' )
    jwt = secret_manager.encode({'username' : 'jacky'})
    headers = {
        'Authorization': "Bearer " + jwt
    }

    resp = await cli.get('/index.html' , headers = headers)
    assert resp.status == 200
    r_json = json.loads(await resp.text())
    assert 'username' in r_json
    assert r_json['username'] == 'jacky'
    assert r_json['full_jwt_payload'] == secret_manager.decode(jwt , 'testsecret')

    resp = await cli.get('/index.html')
    assert resp.status == 200
    r_json = json.loads(await resp.text())
    assert r_json == None
Exemple #6
0
def cli(loop, aiohttp_client):
    secret_manager = SecretManager(secret='testsecret')
    global_secret = secret_manager
    jwt = JWTHelper(unauthorized_return_route='',
                    unauthorized_return_route_handler=unauthorised,
                    authorized_return_page_handler=authorised,
                    secret_manager=secret_manager,
                    whitelist=('/css/.+', ))
    app = web.Application(middlewares=[
        jwt.pre_jwt_identifier(),
        jwt.post_jwt_router(),
    ])
    app.router.add_get('/index.html', authorised)
    app.router.add_get('/login.html', unauthorised)
    app.router.add_get('/css/1.css', public_css1)
    app.router.add_get('/css/2.css', public_css2)
    loop.create_task(secret_manager.auto_refresh())
    return loop.run_until_complete(aiohttp_client(app))
Exemple #7
0
async def test_with_auth(cli):
    secret_manager = SecretManager(secret='testsecret')
    jwt = secret_manager.encode({'username': '******'})
    headers = {'Authorization': "Bearer " + jwt}

    resp = await cli.get('/css/1.css', headers=headers)
    assert resp.status == 200
    assert await resp.text() == 'css1'

    resp = await cli.get('/css/2.css', headers=headers)
    assert resp.status == 200
    assert await resp.text() == 'css2'

    resp = await cli.get('/css/3.css', headers=headers)
    assert resp.status == 200
    assert await resp.text() == 'pass'

    resp = await cli.get('/css/3.css', headers={})
    assert resp.status == 200
    assert await resp.text() == 'fail'

    resp = await cli.get('/css/1.css', headers=headers)
    assert resp.status == 200
    assert await resp.text() == 'css1'