def test_token_scope(self):
token = self.get_token()
auth = JSONWebTokenAuthentication()
with self.assertRaises(AuthenticationFailed) as error:
auth.validate_claims(token)
self.assertIn('Invalid JWT scope', str(error.exception))
def test_not_yet_valid_token(self):
token = self.get_token()
token['nbf'] = token['exp']
auth = JSONWebTokenAuthentication()
with self.assertRaises(AuthenticationFailed) as error:
auth.validate_claims(token)
self.assertIn('JWT not yet valid', str(error.exception))
def test_token_too_old(self):
token = self.get_token()
token['iat'] = token['nbf']
auth = JSONWebTokenAuthentication()
with self.assertRaises(AuthenticationFailed) as error:
auth.validate_claims(token)
self.assertIn('JWT too old', str(error.exception))
def test_validate_authorized_party_missing(self):
token = self.get_token()
token['aud'] += ['second-audience']
auth = JSONWebTokenAuthentication()
with self.assertRaises(AuthenticationFailed) as error:
auth.validate_claims(token)
self.assertIn('Missing JWT authorized party', str(error.exception))
def test_validate_authorized_party_invalid(self):
token = self.get_token()
token['azp'] = 'authorized-party'
auth = JSONWebTokenAuthentication()
with self.assertRaises(AuthenticationFailed) as error:
auth.validate_claims(token)
self.assertIn('Invalid JWT authorized party', str(error.exception))
def test_invalid_header(self):
# Two spaces, must only have one
with patch('oidc_provider.authentication.get_authorization_header', return_value='Bearer bad token'):
auth = JSONWebTokenAuthentication()
with self.assertRaises(AuthenticationFailed):
auth.authenticate(None)
# No spaces at all
with patch('oidc_provider.authentication.get_authorization_header', return_value='Bearer'):
auth = JSONWebTokenAuthentication()
with self.assertRaises(AuthenticationFailed):
auth.authenticate(None)
def test_token_iat_valid(self):
token = self.get_token()
token['iat'] = token['nbf']
auth = JSONWebTokenAuthentication()
self.assertEqual(auth.validate_claims(token), None)
def test_validate_claims_issuer(self, config_patch):
auth = JSONWebTokenAuthentication()
with self.assertRaises(AuthenticationFailed) as error:
auth.authenticate(None)
self.assertIn('Invalid JWT issuer', str(error.exception))
def test_validate_claims_audience(self, mock_aud):
auth = JSONWebTokenAuthentication()
with self.assertRaises(AuthenticationFailed) as error:
auth.authenticate(None)
self.assertIn('Invalid JWT audience', str(error.exception))
def test_bad_JWT_format(self, mock_header):
result = JSONWebTokenAuthentication().authenticate(None)
self.assertEqual(result, None)
def test_valid_token(self):
auth = JSONWebTokenAuthentication()
user, authenticated = auth.authenticate({})
self.assertTrue(authenticated)