def test_userWithNoTokenAtAllIsRefused(self):
request = mockRequestObjectClass({}, {})
with self.assertRaises(Exception) as context:
decodedToken = apiSecurityCheck(request, tenant, [], [], [],
jwtSecret)
self.checkGotRightExceptionType(context, Unauthorized)
def test_sendInNonTokenHeader(self):
headers = {'aa': 'somestring'}
request = mockRequestObjectClass(headers, {})
with self.assertRaises(Exception) as context:
decodedToken = apiSecurityCheck(request, tenant, [], ['aa'], [],
jwtSecret)
self.checkGotRightExceptionType(context, Unauthorized)
def test_JWTTokenIsInAuthorizationHeader(self):
token = generateToken(jwtSecret, 'someRoleWeWant')
headers = {'Authorization': 'Bearer ' + token}
request = mockRequestObjectClass(headers, {})
decodedToken = apiSecurityCheck(request, tenant, ['someRoleWeWant'],
[], [], jwtSecret)
def test_workingJWTTokenInGotRole(self):
token = generateToken(jwtSecret, 'someRoleWeWant')
headers = {'aa': token}
request = mockRequestObjectClass(headers, {})
decodedToken = apiSecurityCheck(request, tenant, ['someRoleWeWant'],
['aa'], [], jwtSecret)
def test_invalidJWTTokenSignatureSkipMakesItWork(self):
token = generateToken(jwtSecret2)
headers = {'aa': token}
request = mockRequestObjectClass(headers, {})
decodedToken = apiSecurityCheck(request,
tenant, [], ['aa'], [],
jwtSecret,
skipSignatureValidation=True)
def test_differentJWTTokenIsInAuthorizationHeaderRightTokenInAAHeader(
self):
token = generateToken(jwtSecret, 'someRoleWeWant')
token2 = generateToken(jwtSecret2, 'someRoleWeWant')
headers = {'Authorization': 'Bearer ' + token2}
headers['aa'] = token
request = mockRequestObjectClass(headers, {})
decodedToken = apiSecurityCheck(request, tenant, ['someRoleWeWant'],
['aa'], [], jwtSecret)
def test_workingJWTTokenInGotRoleButNotSearchingThatHeader(self):
token = generateToken(jwtSecret, 'someRoleWeWant')
headers = {'aa': token}
request = mockRequestObjectClass(headers, {})
with self.assertRaises(Exception) as context:
decodedToken = apiSecurityCheck(request, tenant,
['someRoleWeWant'], ['bb'], [],
jwtSecret)
self.checkGotRightExceptionType(context, Unauthorized)
def test_workingJWTTokenInHeaderMissingRole(self):
token = generateToken(jwtSecret)
d = DecodedTokenClass(jwtSecret, token)
headers = {'aa': token}
request = mockRequestObjectClass(headers, {})
with self.assertRaises(Exception) as context:
decodedToken = apiSecurityCheck(request, tenant,
['someRoleWeWant'], ['aa'], [],
jwtSecret)
self.checkGotRightExceptionType(context, Forbidden)
def test_invalidJWTTokenSignatureFails(self):
token = generateToken(jwtSecret2)
headers = {'aa': token}
request = mockRequestObjectClass(headers, {})
with self.assertRaises(Exception) as context:
decodedToken = apiSecurityCheck(request, tenant, [], ['aa'], [],
jwtSecret)
self.checkGotRightExceptionType(context, Unauthorized)
self.assertEqual(str(context.exception),
'401 Unauthorized: InvalidSignatureError',
msg="Wrong error message returned")
def test_callSecurityWithInvalidToken(self):
token = 'Someinvlaidnonbase64String'
headersToSearch = ['cddc']
headers = {'cddc': token}
request = mockRequestObjectClass(headers, {})
with self.assertRaises(Exception) as context:
decodedToken = apiSecurityCheck(request, tenant, [],
headersToSearch, [], jwtSecret)
self.checkGotRightExceptionType(context, Unauthorized)
self.assertEqual(str(context.exception),
'401 Unauthorized: Problem with token',
msg="Wrong error message returned")
def test_tokenExpiry(self):
curTime.freeze(
datetime.datetime.now(pytz.timezone("UTC")) -
datetime.timedelta(seconds=int(50)))
token = generateToken(jwtSecret)
headers = {'aa': token}
request = mockRequestObjectClass(headers, {})
with self.assertRaises(Exception) as context:
decodedToken = apiSecurityCheck(request, tenant, [], ['aa'], [],
jwtSecret)
self.checkGotRightExceptionType(context, Unauthorized)
self.assertEqual(str(context.exception),
"401 Unauthorized: ExpiredSignatureError")
