def test_require_jwt_decorator(self): mock = Mock(return_value="success") mock.__name__ = 'test_mock' mock_fn = jwt.require_jwt(mock) bad_header = { "Authorization": "Bearer this-is-not-a-token" } nobearer_header = { "Authorization": "this-is-not-a-token" } token = jwt.create_token_for_user(self.default_user) with self.app.test_request_context(headers=bad_header): res = mock_fn() self.assertEqual(401, res.status_code) with self.app.test_request_context(headers=nobearer_header): res = mock_fn() self.assertEqual(401, res.status_code) with self.app.test_request_context(): res = mock_fn() self.assertEqual(401, res.status_code) good_header = { "Authorization": "Bearer %s" % token } with self.app.test_request_context(headers=good_header): res = mock_fn() self.assertEqual("success", res)
def setUp(self): super(BaseTestCase, self).setUp() self.app = create_app(config.Testing) self.app_context = self.app.app_context() self.client = self.app.test_client() self.app_context.push() self.db = db self.db.drop_all() self.db.create_all() self.user = dict( username="******", password="******", first_name="Test", last_name="User", _admin=True ) self.document = dict( title="This is a Test Title", body="Body Body Body, likeasomebody" ) self.tag = {"title": "TAGGY"} self.default_user = User.create(self.user) self.default_document = Document.create(self.document) self.default_document.user = self.default_user self.tag = Tag.create(self.tag) self.tag.user = self.default_user self.default_document.tags.append(self.tag) self.db.session.commit() self.redis_store = RedisStore(store=FakeStrictRedis, name='test') token = jwt.create_token_for_user(self.default_user) self.headers = [ ('Content-Type', 'application/json'), ('Authorization', 'Bearer %s' % token) ]
def setUp(self): super(BaseTestCase, self).setUp() self.app = create_app(config.Testing) self.app_context = self.app.app_context() self.client = self.app.test_client() self.app_context.push() self.db = db self.db.drop_all() self.db.create_all() self.user = dict(username="******", password="******", first_name="Test", last_name="User", _admin=True) self.document = dict(title="This is a Test Title", body="Body Body Body, likeasomebody") self.tag = {"title": "TAGGY"} self.default_user = User.create(self.user) self.default_document = Document.create(self.document) self.default_document.user = self.default_user self.tag = Tag.create(self.tag) self.tag.user = self.default_user self.default_document.tags.append(self.tag) self.db.session.commit() self.redis_store = RedisStore(store=FakeStrictRedis, name='test') token = jwt.create_token_for_user(self.default_user) self.headers = [('Content-Type', 'application/json'), ('Authorization', 'Bearer %s' % token)]
def test_verify_token(self): good_token = jwt.create_token_for_user(self.default_user) succ, payload = jwt.verify_token(good_token) self.assertTrue(succ) self.assertEqual(payload.get('first_name'), 'Test') succ, bad_payload = jwt.verify_token("lsdkjfdskjfs") self.assertFalse(succ) self.assertIn("tampered", bad_payload)
def auth_login(): data = request.get_json() username = data.get('username') password = data.get('password') user = User.query.filter_by(username=username).first() xhr = MakeResponse(200) if user and user.authenticate(password): token = jwt.create_token_for_user(user) res = dict(access_token=token) xhr.set_body(res) return xhr.response else: xhr.set_error(401, {"error": "Trouble authenticating"}) return xhr.response
def refresh_auth_token(): data = request.get_json() agent = request.headers.get('User-Agent') refresh_token = data.get('refresh_token') user = api.helpers.get_user() user_id = user.id xhr = MakeResponse(200) if jwt.verify_refresh_token(refresh_token, user_id, agent): token = jwt.create_token_for_user(user) xhr.set_body(dict(access_token=token)) return xhr.response xhr.set_error( 401, "Could not refresh, please try logging out and logging back in.") return xhr.response
def refresh_auth_token(): data = request.get_json() agent = request.headers.get('User-Agent') refresh_token = data.get('refresh_token') user = api.helpers.get_user() user_id = user.id xhr = MakeResponse(200) if jwt.verify_refresh_token(refresh_token, user_id, agent): token = jwt.create_token_for_user(user) xhr.set_body(dict(access_token=token)) return xhr.response xhr.set_error( 401, "Could not refresh, please try logging out and logging back in." ) return xhr.response
def test_require_jwt_decorator(self): mock = Mock(return_value="success") mock.__name__ = 'test_mock' mock_fn = jwt.require_jwt(mock) bad_header = {"Authorization": "Bearer this-is-not-a-token"} nobearer_header = {"Authorization": "this-is-not-a-token"} token = jwt.create_token_for_user(self.default_user) with self.app.test_request_context(headers=bad_header): res = mock_fn() self.assertEqual(401, res.status_code) with self.app.test_request_context(headers=nobearer_header): res = mock_fn() self.assertEqual(401, res.status_code) with self.app.test_request_context(): res = mock_fn() self.assertEqual(401, res.status_code) good_header = {"Authorization": "Bearer %s" % token} with self.app.test_request_context(headers=good_header): res = mock_fn() self.assertEqual("success", res)
def test_create_token_for_user(self): token = jwt.create_token_for_user(self.default_user) self.assertGreater(len(token), 20)