def test_denylist_enabled_without_callback(client): # set authjwt_secret_key for create token class SettingsOne(BaseSettings): authjwt_secret_key: str = "secret-key" # AuthJWT denylist won't trigger if value not True authjwt_denylist_enabled: bool = False @AuthJWT.load_config def get_settings_one(): return SettingsOne() Authorize = AuthJWT() token = Authorize.create_access_token(subject='test') response = client.get('/protected', headers={"Authorization": f"Bearer {token}"}) assert response.status_code == 200 class SettingsTwo(BaseSettings): authjwt_secret_key: str = "secret-key" authjwt_denylist_enabled: bool = True authjwt_denylist_token_checks: list = ["access"] @AuthJWT.load_config def get_settings_two(): return SettingsTwo() with pytest.raises(RuntimeError, match=r"@AuthJWT.token_in_denylist_loader"): response = client.get('/protected', headers={"Authorization": f"Bearer {token}"})
async def dispatch(self, request: Request, call_next): start_time = time.time() Authorize: AuthJWT = AuthJWT(request) username: str = None if (request.url.path == '/auth/refresh'): try: Authorize.jwt_refresh_token_required() username = Authorize.get_jwt_subject() except Exception as e: pass else: try: Authorize.jwt_optional() username = Authorize.get_jwt_subject() except AuthJWTException as e: username = None response = await call_next(request) process_time = (time.time() - start_time) * 1000 response.headers["X-Process-Time"] = f"{process_time:.2f}" general_logger.info( f"{request.client.host} {request.method} {request.url.path} {response.status_code} {process_time:.2f}" ) if username != None: msg = f"{request.client.host} {username} {request.method} {request.url.path} {response.status_code} {process_time:.2f}" if request.url.path.startswith('/admin'): admin_logger.info(msg) else: users_logger.info(msg) return response
async def test_jwt_format_error_user(self, client: AsyncClient, user: User) -> None: access_token = AuthJWT().create_access_token(subject=str(user.id)) headers = {"Authorization": f"Bearer {access_token}"} r = await client.get(base_user_url, headers=headers) assert r.status_code == 401
def __init__(self): self.jwt_auth = AuthJWT(None)
def Authorize(): return AuthJWT(authorization=None)
def authorization(): return AuthJWT()
def Authorize(): return AuthJWT()