Esempio n. 1
0
def test_denylist_enabled_without_callback(client):
    # set authjwt_secret_key for create token
    class SettingsOne(BaseSettings):
        authjwt_secret_key: str = "secret-key"
        # AuthJWT denylist won't trigger if value not True
        authjwt_denylist_enabled: bool = False

    @AuthJWT.load_config
    def get_settings_one():
        return SettingsOne()

    Authorize = AuthJWT()

    token = Authorize.create_access_token(subject='test')

    response = client.get('/protected',
                          headers={"Authorization": f"Bearer {token}"})
    assert response.status_code == 200

    class SettingsTwo(BaseSettings):
        authjwt_secret_key: str = "secret-key"
        authjwt_denylist_enabled: bool = True
        authjwt_denylist_token_checks: list = ["access"]

    @AuthJWT.load_config
    def get_settings_two():
        return SettingsTwo()

    with pytest.raises(RuntimeError,
                       match=r"@AuthJWT.token_in_denylist_loader"):
        response = client.get('/protected',
                              headers={"Authorization": f"Bearer {token}"})
Esempio n. 2
0
    async def dispatch(self, request: Request, call_next):
        start_time = time.time()
        Authorize: AuthJWT = AuthJWT(request)

        username: str = None
        if (request.url.path == '/auth/refresh'):
            try:
                Authorize.jwt_refresh_token_required()
                username = Authorize.get_jwt_subject()
            except Exception as e:
                pass
        else:
            try:
                Authorize.jwt_optional()
                username = Authorize.get_jwt_subject()
            except AuthJWTException as e:
                username = None

        response = await call_next(request)
        process_time = (time.time() - start_time) * 1000
        response.headers["X-Process-Time"] = f"{process_time:.2f}"

        general_logger.info(
            f"{request.client.host} {request.method} {request.url.path} {response.status_code} {process_time:.2f}"
        )

        if username != None:
            msg = f"{request.client.host} {username} {request.method} {request.url.path} {response.status_code} {process_time:.2f}"
            if request.url.path.startswith('/admin'):
                admin_logger.info(msg)
            else:
                users_logger.info(msg)

        return response
Esempio n. 3
0
 async def test_jwt_format_error_user(self, client: AsyncClient,
                                      user: User) -> None:
     access_token = AuthJWT().create_access_token(subject=str(user.id))
     headers = {"Authorization": f"Bearer {access_token}"}
     r = await client.get(base_user_url, headers=headers)
     assert r.status_code == 401
Esempio n. 4
0
 def __init__(self):
     self.jwt_auth = AuthJWT(None)
Esempio n. 5
0
def Authorize():
    return AuthJWT(authorization=None)
Esempio n. 6
0
def authorization():
    return AuthJWT()
Esempio n. 7
0
def Authorize():
    return AuthJWT()