def generate_access_tokens(request: WSGIRequest, user: User): # generate bearer token bearer_token = BearerToken(OAuth2Validator()) request.scopes = ["read", "write"] request.state = None request.extra_credentials = None request.grant_type = 'client_credentials' request.client = Application.objects.get( client_id=settings.SOCIAL_AUTH_CLIENT_ID, client_secret=settings.SOCIAL_AUTH_CLIENT_SECRET) token = bearer_token.create_token(request) # generate JWT issuer = settings.JWT_ISSUER payload_enricher = getattr(settings, 'JWT_PAYLOAD_ENRICHER', None) extra_data = {'username': user.username} if user else {} jwt_request = HttpRequest() jwt_request.POST = extra_data if payload_enricher: fn = import_string(payload_enricher) extra_data.update(fn(jwt_request)) payload = generate_payload(issuer, token['expires_in'], **extra_data) token['access_token_jwt'] = encode_jwt(payload) return token
def test_post_valid_jwt_header(self): now = datetime.utcnow() payload = { 'iss': 'issuer', 'exp': now + timedelta(seconds=100), 'iat': now, 'sub': 'subject', 'usr': '******', 'org': 'some_org', } jwt_value = utils.encode_jwt(payload) response = self.client.post( '/jwt/', {'example': 'example'}, HTTP_AUTHORIZATION='JWT {}'.format(jwt_value), content_type='application/json') self.assertEqual(response.status_code, 200) sessionkeys_expected = {} try: items = payload.iteritems() except AttributeError: # python 3.6 items = payload.items() for k, v in items: if k not in ('exp', 'iat'): sessionkeys_expected['jwt_{}'.format(k)] = v self.assertEqual(json.loads(response.content), sessionkeys_expected)
def test_post_valid_jwt_with_auth(self): now = datetime.utcnow() payload = { 'iss': 'issuer', 'exp': now + timedelta(seconds=100), 'iat': now, 'username': '******', } jwt_value = utils.encode_jwt(payload) with override_settings(JWT_AUTH_DISABLED=False): response = self.client.post( '/jwt_auth/', {'example': 'example'}, HTTP_AUTHORIZATION='JWT {}'.format(jwt_value), content_type='application/json') self.assertEqual(response.status_code, 200) self.assertEqual(json.loads(response.content), {'username': '******'}) with override_settings(JWT_AUTH_DISABLED=True): response = self.client.post( '/jwt_auth/', {'example': 'example'}, HTTP_AUTHORIZATION='JWT {}'.format(jwt_value), content_type='application/json') self.assertEqual(response.status_code, 403)
def test_decode_jwt_expired(self): payload = self._get_payload() now = datetime.utcnow() payload['exp'] = now - timedelta(seconds=1) payload['iat'] = now jwt_value = utils.encode_jwt(payload) self.assertRaises(jwt.ExpiredSignatureError, utils.decode_jwt, jwt_value)
def _create_headers(user: CoreUser, organization_uuid: string) -> dict: extra_data = { "organization_uuid": organization_uuid, "core_user_uuid": user.core_user_uuid, "username": user.username, } payload = generate_payload(settings.JWT_ISSUER, expires_in=600, **extra_data) token = encode_jwt(payload) return {"Authorization": "JWT " + token, "Content-Type": "application/json"}
def test_encode_jwt(self): payload_in = self._get_payload() encoded = utils.encode_jwt(payload_in) self.assertIn(type(encoded).__name__, ('unicode', 'str')) headers, payload, verify_signature = encoded.split(".") self.assertDictEqual(json.loads(base64.b64decode(headers)), { "typ": "JWT", "alg": "RS256" }) payload += '=' * (-len(payload) % 4) # add padding self.assertEqual(json.loads(base64.b64decode(payload).decode("utf-8")), payload_in)
def test_encode_jwt_hs256(self): payload_in = self._get_payload() encoded = utils.encode_jwt(payload_in) self.assertIn(type(encoded).__name__, ('unicode', 'str')) headers, payload, verify_signature = encoded.split('.') self.assertDictEqual(json.loads(base64.b64decode(headers)), { 'typ': 'JWT', 'alg': 'HS256' }) payload += '=' * (-len(payload) % 4) self.assertEqual(json.loads(base64.b64decode(payload).decode('utf-8')), payload_in)
def test_post_valid_jwt_with_auth_and_scope_is_valid(self): now = datetime.utcnow() payload = { 'iss': 'issuer', 'exp': now + timedelta(seconds=100), 'iat': now, 'username': '******', 'scope': 'write', # Correct scope } jwt_value = utils.encode_jwt(payload) response = self.client.post( '/jwt_auth_scope/', {'example': 'example'}, HTTP_AUTHORIZATION='JWT {}'.format(jwt_value), content_type='application/json') self.assertEqual(response.status_code, 200)
def test_decode_jwt(self): payload = self._get_payload() jwt_value = utils.encode_jwt(payload) payload_out = utils.decode_jwt(jwt_value) self.assertDictEqual(payload, payload_out)
def test_decode_jwt_public_key_not_found(self): payload = self._get_payload() jwt_value = utils.encode_jwt(payload) self.assertRaises(ImproperlyConfigured, utils.decode_jwt, jwt_value)