def test_encode_jwt(self): self.test_generate_jwk() self.payload = {'hello': 'world'} self.encoded = JWTUtil.encode(self.payload, self.prv_jwk) print(f'encoded: {self.encoded}') extracted = JWTUtil.unverified_decode(self.encoded) print(f'payload: {extracted}') self.assertDictEqual(self.payload, extracted)
def test_refresh_token(self): self.test_issue_token() decoded = JWTUtil.unverified_decode(self.token.access_token) user_id = decoded['aud'] self.token = self.identity_v1.Token.refresh( {}, metadata=(('token', self.token.refresh_token), )) decoded = JWTUtil.unverified_decode(self.token.access_token) self.assertIsNotNone(self.token.access_token) self.assertEqual(user_id, decoded['aud'])
def test_generate_jwk(self): self.prv_jwk, self.pub_jwk = JWTUtil.generate_jwk() print(f'pub_jwk: {self.pub_jwk}') print(f'prv_jwk: {self.prv_jwk}') self.assertEqual(self.pub_jwk['n'], self.prv_jwk['n'])
def test_exceeded_maximum_refresh_count(self): self.test_issue_token() decoded = JWTUtil.unverified_decode(self.token.refresh_token) refresh_limit = decoded['ttl'] for i in range(refresh_limit): self.token = self.identity_v1.Token.refresh( {}, metadata=(('token', self.token.refresh_token), )) with self.assertRaisesRegex(Exception, 'ERROR_AUTHENTICATE_FAILURE'): self.identity_v1.Token.refresh( {}, metadata=(('token', self.token.refresh_token), ))
def validate(self, token): if not self._key: raise ERROR_AUTHENTICATE_FAILURE(message='Decode key is not set.') if not isinstance(token, (str, bytes)): raise ERROR_AUTHENTICATE_FAILURE(message='Invalid token format.') try: payload = JWTUtil.decode(token, self._key) except Exception: raise ERROR_AUTHENTICATE_FAILURE(message='UnKnown Exception.') return payload
def test_exceeded_maximum_refresh_count(self): self.test_issue_token() decoded = JWTUtil.unverified_decode(self.token.refresh_token) refresh_limit = decoded['ttl'] for i in range(refresh_limit): self.token = self.identity_v1.Token.refresh( {}, metadata=(('token', self.token.refresh_token), )) with self.assertRaises(Exception) as e: self.identity_v1.Token.refresh( {}, metadata=(('token', self.token.refresh_token), )) self.assertIn("ERROR_REFRESH_COUNT", str(e.exception))
def issue_access_token(self, user_type, user_id, domain_id, **kwargs): private_jwk = self._get_private_jwk(kwargs) timeout = kwargs.get('timeout', self.CONST_TOKEN_TIMEOUT) payload = { 'cat': 'ACCESS_TOKEN', 'user_type': user_type, 'did': domain_id, 'aud': user_id, 'iat': int(time.time()), 'exp': int(time.time() + timeout) } encoded = JWTUtil.encode(payload, private_jwk) return encoded
def validate(self, token, options=None): if not self._key: raise ERROR_AUTHENTICATE_FAILURE(message='Decode key is not set.') if not isinstance(token, (str, bytes)): raise ERROR_AUTHENTICATE_FAILURE(message='Invalid token format.') if options is None: options = {} try: payload = JWTUtil.decode(token, self._key, options=options) except Exception: raise ERROR_AUTHENTICATE_FAILURE( message='Token is invalid or expired.') return payload
def __init__(self, transaction, config, **kwargs): super().__init__(transaction, config, **kwargs) """ Overwrite configuration Remote Repository has different authentication. So do not use your token at meta. Use another authentication algorithm like token Args: conn: dict (endpoint, version, ...) """ #_LOGGER.debug("[RemoteRepositoryConnector] meta: %s" % self.transaction.meta) #_LOGGER.debug("[RemoteRepositoryConnector] self.conn: %s" % self.conn) e = parse_grpc_endpoint(self.conn['endpoint']) self.client = pygrpc.client(endpoint=e['endpoint'], ssl_enabled=e['ssl_enabled']) # Update meta (like domain_id) # TODO: change meta to marketplace token meta = self.transaction.get_connection_meta() new_meta = [] if 'credential' in self.conn: credential = self.conn['credential'] if 'token' in credential: # self.meta = [('token',credential['token'])] self._token = credential['token'] else: # TODO: raise ERROR raise ERROR_CONFIGURATION(key='credential') for (k, v) in meta: if k != 'token' and v is not None: new_meta.append((k, v)) elif k == 'token': new_meta.append(('token', self._token)) self.meta = new_meta # Update domain_id # This repository is not our domain. # find domain_id from token decoded_token = JWTUtil.unverified_decode(self._token) self.domain_id = decoded_token['did']
def test_issue_token(self): token_param = { 'credentials': { 'user_id': self.user.user_id, 'password': self.pw }, 'domain_id': self.domain.domain_id } issue_token = self.identity_v1.Token.issue(token_param) self.token = issue_token print(f'issued_token: {issue_token}') self.assertIsNotNone(issue_token.access_token) self.assertIsNotNone(issue_token.refresh_token) decoded = JWTUtil.unverified_decode(issue_token.access_token) self.assertEqual(self.user.user_id, decoded['aud'])
def issue_refresh_token(self, user_type, user_id, domain_id, **kwargs): refresh_private_jwk = self._get_refresh_private_jwk(kwargs) ttl = kwargs.get('ttl', self.CONST_REFRESH_TTL) timeout = kwargs.get('timeout', self.CONST_REFRESH_TIMEOUT) refresh_key = self._generate_refresh_key() payload = { 'cat': 'REFRESH_TOKEN', 'user_type': user_type, 'did': domain_id, 'aud': user_id, 'iat': int(time.time()), 'exp': int(time.time() + timeout), "key": refresh_key, 'ttl': ttl } encoded = JWTUtil.encode(payload, refresh_private_jwk) if self.CONST_REFRESH_ONCE: self._set_refresh_token_cache(refresh_key) return encoded
def test_create_api_key(self, domain_id=None): param = { 'user_id': self.user.user_id, 'domain_id': domain_id if domain_id is not None else self.domain.domain_id } api_key_vo = self.identity_v1.APIKey.create(param) self.api_key = api_key_vo self.api_keys.append(self.api_key) self.assertEqual(api_key_vo.user_id, param['user_id']) api_key = api_key_vo.api_key print(f'api_key: {api_key}') decoded = JWTUtil.unverified_decode(api_key) print(f'api_key(decoded): {decoded}') self.assertEqual(api_key_vo.user_id, param['user_id']) self.assertIn(decoded['ver'], self.versions) self.assertIsNotNone(decoded['key'])
def generate_api_key(self) -> Tuple[str, Any]: key = utils.random_string() payload = { 'cat': 'API_KEY', 'user_type': 'USER', 'did': self.domain_id, 'aud': self.aud_id, 'iat': int(time.time()), 'key': key, 'ver': '2020-03-04' } encoded = JWTUtil.encode(payload, self.prv_jwk) _LOGGER.debug(f'[KeyGenerator] Generated payload. ( ' f'cat: {payload.get("cat")}, ' f'ver: {payload.get("ver")}, ' f'key(masked): {payload.get("key")[0:8]}*****, ' f'aud: {payload.get("aud")}, ' f'did: {payload.get("did")} )') return key, encoded
def generate_api_key(self, api_key_id: str, user_type: str = 'USER') -> Tuple[str, Any]: payload = { 'cat': 'API_KEY', 'user_type': user_type, 'did': self.domain_id, 'aud': self.audience, 'iat': int(time.time()), 'api_key_id': api_key_id, 'ver': '2020-12-07' } encoded = JWTUtil.encode(payload, self.prv_jwk) _LOGGER.debug(f'[KeyGenerator] Generated payload. ( ' f'cat: {payload.get("cat")}, ' f'user_type: {payload.get("user_type")}, ' f'did: {payload.get("did")}, ' f'aud: {payload.get("aud")}, ' f'api_key_id: {payload.get("api_key_id")}, ' f'version: {payload.get("version")} )') return encoded
def test_create_api_key(self, domain_id=None): params = { 'user_id': self.user.user_id, 'domain_id': domain_id if domain_id is not None else self.domain.domain_id } self.api_key = self.identity_v1.APIKey.create( params, metadata=(('token', self.owner_token), )) self.api_keys.append(self.api_key) self.assertEqual(self.api_key.user_id, params['user_id']) api_key = self.api_key.api_key print(f'api_key: {api_key}') decoded = JWTUtil.unverified_decode(api_key) print(f'api_key(decoded): {decoded}') self.assertEqual(self.api_key.user_id, params['user_id']) self.assertIn(decoded['ver'], self.versions) self.assertIsNotNone(decoded['api_key_id'])
def test_decode_jwt(self): self.test_encode_jwt() decoded = JWTUtil.decode(self.encoded, self.pub_jwk) print(f'decoded: {decoded}') self.assertDictEqual(self.payload, decoded)
def _get_domain_id_from_token(token): decoded_token = JWTUtil.unverified_decode(token) return decoded_token['did']