Exemple #1
0
def test_verify_wrong_app_fails(fake_email, fake_client_app,
                                create_fake_client_app):
    fake_client_app2 = create_fake_client_app()
    token = security_token.generate(fake_email, fake_client_app)

    with pytest.raises(security_token.TokenVerificationError):
        security_token.verify(token, fake_client_app2)
Exemple #2
0
def test_verify(fake_email, fake_client_app):
    token = security_token.generate(fake_email, fake_client_app)
    headers, claims = security_token.verify(token, fake_client_app)

    assert headers["alg"] == "ES256"
    assert claims["sub"] == fake_email
    assert claims["iss"] == f"{config.ISSUER}/app/{fake_client_app.app_id}"
    assert claims.get("iat") is not None
    assert claims.get("exp") is not None
Exemple #3
0
def test_exported_key_verifies_token(fake_client_app, fake_email):
    token = security_token.generate(fake_email, fake_client_app)
    exported_key_dict = security_client_app.export_public_key(fake_client_app)
    key = jwk.JWK(**exported_key_dict)

    headers, claims = jwt.verify_jwt(token, key, allowed_algs=["ES256"])

    assert headers["alg"] == "ES256"
    assert claims["sub"] == fake_email
    assert claims["iss"] == f"{config.ISSUER}/app/{fake_client_app.app_id}"
Exemple #4
0
def test_exported_key_doesnt_verify_invalid_token(
    fake_client_app, fake_email, create_fake_client_app
):
    fake_client_app2 = create_fake_client_app()
    token = security_token.generate(fake_email, fake_client_app)
    exported_key_dict = security_client_app.export_public_key(fake_client_app2)
    key = jwk.JWK(**exported_key_dict)

    assert fake_client_app.get_key() != fake_client_app2.get_key()
    with pytest.raises(InvalidJWSSignature):
        jwt.verify_jwt(token, key, allowed_algs=["ES256"])
Exemple #5
0
def test_generate(fake_email, fake_client_app):
    token = security_token.generate(fake_email, fake_client_app)
    assert token is not None

    headers, claims = jwt.verify_jwt(token,
                                     fake_client_app.get_key(),
                                     allowed_algs=["ES256"])

    assert headers["alg"] == "ES256"
    assert claims["sub"] == fake_email
    assert claims["iss"] == f"{config.ISSUER}/app/{fake_client_app.app_id}"
Exemple #6
0
async def confirm_otp(
        confirm_code: ConfirmCode,
        client_app: ClientApp = Depends(check_client_app),
):
    """Confirm authentication by one time code"""
    if not security_otp.verify(confirm_code.email, confirm_code.code,
                               client_app.app_id):
        raise HTTPException(status_code=401, detail="Invalid Code.")
    id_token = security_token.generate(confirm_code.email, client_app)
    refresh_token = None
    if client_app.get_refresh_key():
        refresh_token = await security_token.generate_refresh_token(
            confirm_code.email, client_app)
    return IssueToken(idToken=id_token, refreshToken=refresh_token)
Exemple #7
0
async def confirm_magic(
    secret: str = Query(...),
    id_: str = Query(..., alias="id"),
    client_app: ClientApp = Depends(check_client_app),
):
    """This endpoint confirms magic links. Do not use directly."""
    if email := security_magic.verify(id_, secret, client_app.app_id):
        id_token = security_token.generate(email, client_app)
        redirect_url = f"{client_app.redirect_url}?idToken={quote_plus(id_token)}"
        if client_app.get_refresh_key():
            refresh_token = await security_token.generate_refresh_token(
                email, client_app
            )
            redirect_url = f"{redirect_url}&refreshToken={quote_plus(refresh_token)}"
        return RedirectResponse(redirect_url)