def test_modified_cyphertext_is_error():
try:
c1 = hj.JWTClient(hj.JWTClient.generate_key())
c2 = hj.JWTClient(hj.JWTClient.generate_key())
json = {'hello': 'world'}
c2.decode(str(c1.encode(json)) + "evil")
assert False
except jwt.exceptions.DecodeError:
pass
def test_decode_message_from_different_key_is_error():
try:
c = hj.JWTClient(hj.JWTClient.generate_key())
attacker = hj.JWTClient(hj.JWTClient.generate_key())
json = {'hello': 'world'}
c.decode(attacker.encode(json))
assert False
except jwt.exceptions.DecodeError:
pass
def test_bad_input_is_error():
try:
c = hj.JWTClient(hj.JWTClient.generate_key())
c.decode('garbage')
assert False
except jwt.exceptions.DecodeError:
pass
def test_bad_jwt_key(self):
fname = pkg_resources.resource_filename(
__name__,
'jwt-test-user.json')
with open(fname) as f:
userdata = json.loads(f.read())
token = hj.JWTClient(hj.JWTClient.generate_key()).encode(userdata).decode('ascii')
bc = batch.client.BatchClient(url=os.environ.get('BATCH_URL'), token=token)
try:
b = bc.create_batch()
j = b.create_job('alpine', ['false'])
assert False, j
except requests.HTTPError as e:
if e.response.status_code == 401:
pass
else:
assert False, e
def test_bad_jwt_key(self):
fname = pkg_resources.resource_filename(__name__, 'jwt-test-user.json')
with open(fname) as f:
userdata = json.loads(f.read())
token = hj.JWTClient(hj.JWTClient.generate_key()).encode(userdata)
session = aiohttp.ClientSession(
raise_for_status=True, timeout=aiohttp.ClientTimeout(total=60))
bc = batch.client.BatchClient(session,
url=os.environ.get('BATCH_URL'),
token=token)
try:
b = bc.create_batch()
j = b.create_job('alpine', ['false'])
b.submit()
assert False, j
except aiohttp.ClientResponseError as e:
if e.status == 401:
pass
else:
assert False, e
finally:
bc.close()
import hailjwt as hj
import json
import sys
with open(sys.argv[1]) as f:
c = hj.JWTClient(f.read())
sys.stdout.buffer.write(c.encode(json.loads(sys.stdin.read())))
await batch.mark_job_complete(self)
async def to_dict(self):
result = {'id': self.id, 'state': self._state}
if self._state == 'Complete':
result['exit_code'] = self.exit_code
result['duration'] = self.duration
if self.attributes:
result['attributes'] = self.attributes
return result
with open(os.environ.get('HAIL_JWT_SECRET_KEY_FILE',
'/jwt-secret/secret-key')) as f:
jwtclient = hj.JWTClient(f.read())
def authenticated_users_only(fun):
def wrapped(request, *args, **kwargs):
encoded_token = request.cookies.get('user')
if encoded_token is not None:
try:
userdata = jwtclient.decode(encoded_token)
if 'userdata' in fun.__code__.co_varnames:
return fun(request, *args, userdata=userdata, **kwargs)
return fun(request, *args, **kwargs)
except jwt.exceptions.DecodeError as de:
log.info(f'could not decode token: {de}')
raise web.HTTPUnauthorized(headers={'WWW-Authenticate': 'Bearer'})
def test_round_trip():
c = hj.JWTClient(hj.JWTClient.generate_key())
json = {'hello': 'world'}
assert c.decode(c.encode(json)) == json
def test_unsafe_decode():
c = hj.JWTClient(hj.JWTClient.generate_key())
json = {'hello': 'world'}
assert hj.JWTClient.unsafe_decode(c.encode(json)) == json
def test_fewer_than_256_bits_is_error():
try:
hj.JWTClient(secrets.token_bytes(31))
assert False
except ValueError as err:
assert re.search('found secret key with 31 bytes', str(err))
