def test_forget_gives_a_challenge_header(self): policy = JWTAuthenticationPolicy() req = self._make_authenticated_request("*****@*****.**", "/") headers = policy.forget(req) self.assertEqual(len(headers), 1) self.assertEqual(headers[0][0], "WWW-Authenticate") self.assertTrue(headers[0][1] == "Bearer")
def test_forget_gives_a_challenge_header(self): policy = JWTAuthenticationPolicy() req = self._make_authenticated_request("*****@*****.**", "/") headers = policy.forget(req) self.assertEqual(len(headers), 1) self.assertEqual(headers[0][0], "WWW-Authenticate") self.assertTrue(headers[0][1] == "JWT")
def test_can_get_claims_from_token(self): claims = {'urn:websandhq.co.uk/auth:jti': 'hello'} req = self._make_authenticated_request("*****@*****.**", "/auth", claims=claims) policy = JWTAuthenticationPolicy( master_secret="V8 JUICE IS 1/8TH GASOLINE") encoded_claims = policy.get_claims(req) self.assertTrue('urn:websandhq.co.uk/auth:jti' in encoded_claims) self.assertEqual(encoded_claims['urn:websandhq.co.uk/auth:jti'], 'hello')
def test_can_get_claims_from_token(self): claims = { 'urn:websandhq.co.uk/auth:jti': 'hello' } req = self._make_authenticated_request("*****@*****.**", "/auth", claims=claims) policy = JWTAuthenticationPolicy( master_secret="V8 JUICE IS 1/8TH GASOLINE") encoded_claims = policy.get_claims(req) self.assertTrue('urn:websandhq.co.uk/auth:jti' in encoded_claims) self.assertEqual(encoded_claims['urn:websandhq.co.uk/auth:jti'], 'hello')
def test_from_settings_can_explicitly_set_all_properties(self): policy = JWTAuthenticationPolicy.from_settings({ "jwtauth.find_groups": "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups", "jwtauth.master_secret": MASTER_SECRET, # "jwtauth.decode_mac_id": "pyramid_macauth.tests:stub_decode_mac_id", # "jwtauth.encode_mac_id": "pyramid_macauth.tests:stub_encode_mac_id", }) self.assertEqual(policy.find_groups, stub_find_groups) self.assertEqual(policy.master_secret, MASTER_SECRET)
def test_default_groupfinder_returns_empty_list(self): policy = JWTAuthenticationPolicy() req = self._make_request("/auth") self.assertEqual(policy.find_groups("test", req), [])
def test_forget_gives_a_challenge_header_with_custom_scheme(self): policy = JWTAuthenticationPolicy(scheme='Bearer') req = self._make_authenticated_request("*****@*****.**", "/") headers = policy.forget(req) self.assertTrue(headers[0][1] == "Bearer")
def test_remember_does_nothing(self): policy = JWTAuthenticationPolicy() req = self._make_authenticated_request("*****@*****.**", "/") self.assertEqual(policy.remember(req, "*****@*****.**"), [])
def test_from_settings_produces_sensible_defaults(self): policy = JWTAuthenticationPolicy.from_settings({}) # Using __code__ here is a Py2/Py3 compatible way of checking # that a bound and unbound method point to the same function object. self.assertEqual(policy.find_groups.__code__, JWTAuthenticationPolicy.find_groups.__code__)
def configure_karl(config, load_zcml=True): # Authorization/Authentication policies settings = config.registry.settings authentication_policy = MultiAuthenticationPolicy([ JWTAuthenticationPolicy.from_settings(settings), AuthTktAuthenticationPolicy( settings['who_secret'], callback=group_finder, cookie_name=settings['who_cookie']), # for b/w compat with bootstrapper RepozeWho1AuthenticationPolicy(callback=group_finder), BasicAuthenticationPolicy(), ]) config.set_authorization_policy(ACLAuthorizationPolicy()) config.set_authentication_policy(authentication_policy) # Static tree revisions routing static_rev = settings.get('static_rev') if not static_rev: static_rev = _guess_static_rev() settings['static_rev'] = static_rev config.add_static_view('/static/%s' % static_rev, 'karl.views:static', cache_max_age=60 * 60 * 24 * 365) # Add a redirecting static view to all _other_ revisions. def _expired_static_predicate(info, request): # We add a redirecting route to all static/*, # _except_ if it starts with the active revision segment. path = info['match']['path'] return path and path[0] != static_rev config.add_route('expired-static', '/static/*path', custom_predicates=(_expired_static_predicate, )) # Need a session if using Velruse config.set_session_factory(Session(settings['who_secret'])) config.include('karl.debugload') config.include('karl.underprofile') if load_zcml: config.hook_zca() config.include('pyramid_zcml') config.load_zcml('standalone.zcml') debug = asbool(settings.get('debug', 'false')) if not debug: config.add_view('karl.errorpage.errorpage', context=Exception, renderer="karl.views:templates/errorpage.pt") config.add_view('karl.errorpage.errorpage', context=HTTPNotFound, renderer="karl.views:templates/errorpage.pt") config.add_view('karl.errorpage.errorpage', context=NotFound, renderer="karl.views:templates/errorpage.pt") config.add_view('karl.errorpage.errorpage', context=ReadOnlyError, renderer="karl.views:templates/errorpage.pt") debugtoolbar = asbool(settings.get('debugtoolbar', 'false')) if debugtoolbar and pyramid_debugtoolbar: config.include(pyramid_debugtoolbar) config.add_subscriber(block_webdav, NewRequest) # override renderer for jwtauth requests config.add_renderer(name='karl_json', factory=karl_json_renderer_factory) config.add_subscriber(jwtauth_override, NewRequest) if slowlog is not None: config.include(slowlog) if perfmetrics is not None: config.include(perfmetrics) if 'intranet_search_paths' in settings: settings['intranet_search_paths'] = settings[ 'intranet_search_paths'].split() else: settings['intranet_search_paths'] = ('/profiles', '/offices') # admin5 Admin UI config.include('admin5') config.include('karl.box')