def test_decode_unknown_alg(): headers = json.dumps({u"kid": u"1", u"alg": u"fakealg"}) token = b".".join( map(lambda seg: base64.b64encode(seg.encode("utf-8")), [headers, u"{}", u"sig"])) with pytest.raises(ValueError) as excinfo: jwt.decode(token) assert excinfo.match(r"fakealg")
def test_decode_missing_crytography_alg(monkeypatch): monkeypatch.delitem(jwt._ALGORITHM_TO_VERIFIER_CLASS, "ES256") headers = json.dumps({u"kid": u"1", u"alg": u"ES256"}) token = b".".join( map(lambda seg: base64.b64encode(seg.encode("utf-8")), [headers, u"{}", u"sig"])) with pytest.raises(ValueError) as excinfo: jwt.decode(token) assert excinfo.match(r"cryptography")
def test_decode_bad_token_too_early(token_factory): token = token_factory( claims={ "iat": _helpers.datetime_to_secs(_helpers.utcnow() + datetime.timedelta(hours=1)) }) with pytest.raises(ValueError) as excinfo: jwt.decode(token, PUBLIC_CERT_BYTES) assert excinfo.match(r"Token used too early")
def test_decode_bad_token_expired(token_factory): token = token_factory( claims={ "exp": _helpers.datetime_to_secs(_helpers.utcnow() - datetime.timedelta(hours=1)) }) with pytest.raises(ValueError) as excinfo: jwt.decode(token, PUBLIC_CERT_BYTES) assert excinfo.match(r"Token expired")
def test_decode_with_invalid_audience(token_factory): with pytest.raises(ValueError) as excinfo: payload = jwt.decode( token_factory(), certs=PUBLIC_CERT_BYTES, audience=["*****@*****.**", "*****@*****.**"]) assert excinfo.match(r"Token has wrong audience")
def test_decode_valid_with_audience(token_factory): payload = jwt.decode( token_factory(), certs=PUBLIC_CERT_BYTES, audience=["*****@*****.**", "*****@*****.**"]) assert payload["aud"] == "*****@*****.**" assert payload["user"] == "billy bob" assert payload["metadata"]["meta"] == "data"
def test_decode_no_key_id(token_factory): token = token_factory(key_id=False) certs = {"2": PUBLIC_CERT_BYTES} payload = jwt.decode(token, certs) assert payload["user"] == "billy bob"
def test_decode_no_cert(token_factory): certs = {"2": PUBLIC_CERT_BYTES} with pytest.raises(ValueError) as excinfo: jwt.decode(token_factory(), certs) assert excinfo.match(r"Certificate for key id 1 not found")
def test_decode_multicert_bad_cert(token_factory): certs = {"1": OTHER_CERT_BYTES, "2": PUBLIC_CERT_BYTES} with pytest.raises(ValueError) as excinfo: jwt.decode(token_factory(), certs) assert excinfo.match(r"Could not verify token signature")
def test_decode_wrong_cert(token_factory): with pytest.raises(ValueError) as excinfo: jwt.decode(token_factory(), OTHER_CERT_BYTES) assert excinfo.match(r"Could not verify token signature")
def test_decode_bad_token_wrong_audience(token_factory): token = token_factory() audience = "*****@*****.**" with pytest.raises(ValueError) as excinfo: jwt.decode(token, PUBLIC_CERT_BYTES, audience=audience) assert excinfo.match(r"Token has wrong audience")
def test_decode_bad_token_no_iat_or_exp(signer): token = jwt.encode(signer, {"test": "value"}) with pytest.raises(ValueError) as excinfo: jwt.decode(token, PUBLIC_CERT_BYTES) assert excinfo.match(r"Token does not contain required claim")
def test_decode_bad_token_not_json(): token = b".".join([base64.urlsafe_b64encode(b"123!")] * 3) with pytest.raises(ValueError) as excinfo: jwt.decode(token, PUBLIC_CERT_BYTES) assert excinfo.match(r"Can\'t parse segment")
def test_decode_bad_token_not_base64(): with pytest.raises((ValueError, TypeError)) as excinfo: jwt.decode("1.2.3", PUBLIC_CERT_BYTES) assert excinfo.match(r"Incorrect padding|more than a multiple of 4")
def test_decode_bad_token_wrong_number_of_segments(): with pytest.raises(ValueError) as excinfo: jwt.decode("1.2", PUBLIC_CERT_BYTES) assert excinfo.match(r"Wrong number of segments")
def test_decode_valid_unverified(token_factory): payload = jwt.decode(token_factory(), certs=OTHER_CERT_BYTES, verify=False) assert payload["aud"] == "*****@*****.**" assert payload["user"] == "billy bob" assert payload["metadata"]["meta"] == "data"
def test_roundtrip_explicit_key_id(token_factory): token = token_factory(key_id="3") certs = {"2": OTHER_CERT_BYTES, "3": PUBLIC_CERT_BYTES} payload = jwt.decode(token, certs) assert payload["user"] == "billy bob"
def test_decode_valid_es256(token_factory): payload = jwt.decode(token_factory(use_es256_signer=True), certs=EC_PUBLIC_CERT_BYTES) assert payload["aud"] == "*****@*****.**" assert payload["user"] == "billy bob" assert payload["metadata"]["meta"] == "data"