def full_access_auth_header( full_access_authz_payload, # pylint: disable=redefined-outer-name ) -> str: return Authorizer.sign_authz( full_access_authz_payload, SAMPLE_PRIVATE_KEY, )
def test_sign_authz(self) -> None: token = Authorizer.sign_authz({ "allow": { ALL: ALL }, "deny": {} }, SAMPLE_PRIVATE_KEY) assert token == EXPECTED_TOKEN
def test_expired_jwt(self) -> None: iat = int((datetime.utcnow() - timedelta(hours=12)).timestamp()) exp = int((datetime.utcnow() - timedelta(hours=6)).timestamp()) token_payload = { "exp": exp, "iat": iat, "iss": "test-issuer", "aud": "test-audience", } jwt_token = Authorizer.sign_authz(token_payload, SAMPLE_PRIVATE_KEY) with pytest.raises(Unauthorized, match="Your token has expired. Please refresh it."): decode_jwt(jwt_token)
def test_missing_correct_audiences( self, caplog: pytest.LogCaptureFixture) -> None: iat = int(datetime.utcnow().timestamp()) exp = int((datetime.utcnow() + timedelta(hours=6)).timestamp()) token_payload = { "exp": exp, "iat": iat, "iss": "test-issuer", "aud": "test" } jwt_token = Authorizer.sign_authz(token_payload, SAMPLE_PRIVATE_KEY) with pytest.raises(Unauthorized): decode_jwt(jwt_token) assert "Failed decoding JWT with any of JWK - details" in caplog.text
def test_validate_one_with_expired(self, full_access_authz_payload) -> None: expired_timestamp = int( (datetime.utcnow() - timedelta(seconds=1)).timestamp()) with pytest.raises(Unauthorized): Authorizer( Authorizer.sign_authz( { **full_access_authz_payload, "exp": expired_timestamp, }, SAMPLE_PRIVATE_KEY, ), "test_resource", "permission_name", )
def limited_access_auth_header( full_access_authz_payload, # pylint: disable=redefined-outer-name ) -> str: return Authorizer.sign_authz( { **full_access_authz_payload, "allow": { "test_res": { "perm-name": { "allow": "*" } } }, "deny": {}, }, SAMPLE_PRIVATE_KEY, )
def test_sign_authz_no_kid_error(self) -> None: with pytest.raises(ValueError, match="private_key_jwk must have the 'kid' field"): Authorizer.sign_authz({}, private_key_jwk={})
def test_sign_authz_not_a_dict_error(self) -> None: with pytest.raises(ValueError, match="private_key_jwk must be a jwk dict"): Authorizer.sign_authz({}, private_key_jwk="")