def test_with_malformed_token(self, app, _payload):
token = jwt.encode(_payload, app.config["SECRET_KEY"]) + b"'"
with app.app_context():
with pytest.raises(JWTError, match="Invalid or malformed token"):
_decode_jwt(token)
def test_token_without_exp_claim(self, app, _payload):
app.config["JWT_LEEWAY"] = timedelta(seconds=10)
del _payload["exp"]
token = jwt.encode(_payload, app.config["SECRET_KEY"])
error_msg = 'Token is missing the "exp" claim'
with app.app_context():
with pytest.raises(JWTError, match=error_msg):
_decode_jwt(token)
def test_with_expired_token(self, app):
app.config["JWT_LEEWAY"] = timedelta(seconds=10)
iat = datetime(1900, 5, 13, 17, 52, 44, 524300)
exp = iat + timedelta(seconds=400)
payload = {"iat": iat, "exp": exp}
token = jwt.encode(payload, app.config["SECRET_KEY"])
with app.app_context():
with pytest.raises(JWTError, match="Token has expired"):
_decode_jwt(token)
def test_token_without_iss_claim_when_is_required(self, app, _payload):
app.config["JWT_REQUIRED_CLAIMS"] = ["iss"]
app.config["JWT_ISSUER"] = "acme.local"
app.config["JWT_LEEWAY"] = timedelta(seconds=10)
del _payload["iss"]
token = jwt.encode(_payload, app.config["SECRET_KEY"])
error_msg = 'Token is missing the "iss" claim'
with app.app_context():
with pytest.raises(JWTError, match=error_msg):
_decode_jwt(token)
def test_token_with_wrong_iss_claim(self, app, _payload):
app.config["JWT_ISSUER"] = "acme.local"
app.config["JWT_LEEWAY"] = timedelta(seconds=10)
app.config["JWT_REQUIRED_CLAIMS"] = ["iss"]
_payload["iss"] = "malicious.issuer"
token = jwt.encode(_payload, app.config["SECRET_KEY"])
with app.app_context():
with pytest.raises(JWTError, match="Invalid issuer"):
_decode_jwt(token)
def test_with_valid_token_without_iss(self, app, _payload):
app.config["JWT_LEEWAY"] = timedelta(seconds=10)
token = jwt.encode(_payload, app.config["SECRET_KEY"])
with app.app_context():
decoded_payload = _decode_jwt(token)
assert decoded_payload["sub"] == "coyote"
def test_with_valid_token_with_aud_claim(self, app):
app.config["SERVER_NAME"] = "acme.local"
app.config["JWT_LEEWAY"] = timedelta(seconds=10)
payload = getpayload(aud="acme")
token = jwt.encode(payload, app.config["SECRET_KEY"])
with app.app_context():
decoded_payload = _decode_jwt(token)
assert decoded_payload["iss"] == "acme.local"
assert decoded_payload["sub"] == "coyote"
assert decoded_payload["aud"] == "acme"
def test_passing_invalid_data_types(self):
with pytest.raises(ValueError, match="is not a valid JWT string"):
_decode_jwt(None)
with pytest.raises(ValueError, match="is not a valid JWT string"):
_decode_jwt(1)
with pytest.raises(ValueError, match="is not a valid JWT string"):
_decode_jwt(True)