def test_require_access_scopes_valid(jwks, app, scopes, token_kwargs):
token = create_access_token(**token_kwargs)
headers = [("Authorization", "Bearer {}".format(token))]
with app.test_request_context("/", headers=headers):
resp = require_auth0(scopes=scopes)(noop)()
assert resp.status_code == 200
def test_userinfo_cache(app):
with app.app_context():
with requests_mock.mock() as m:
m.get("/userinfo",
status_code=200,
json=CANNED_USERINFO["STANDARD"])
resp = fetch_auth0_userinfo(create_access_token())
assert resp.status_code == 200
def test_require_auth0_userinfo_expired_token(jwks, app):
# Make sure requiring userinfo also validates the token first.
expired_token = create_access_token(exp=1)
headers = [("Authorization", "Bearer {}".format(expired_token))]
with app.test_request_context("/", headers=headers):
with pytest.raises(ProblemException) as exc_info:
require_auth0(scopes=(), userinfo=True)(noop)()
assert exc_info.value.status == 401
assert exc_info.value.title == "Token Expired"
def test_require_access_token_invalid(jwks, app, token_kwargs, status, title):
token = create_access_token(**token_kwargs)
headers = [("Authorization", "Bearer {}".format(token))]
with app.test_request_context("/", headers=headers):
with pytest.raises(ProblemException) as exc_info:
require_auth0(scopes=())(noop)()
assert exc_info.value.status == status
assert exc_info.value.title == title
def test_require_access_token_valid(
jwks,
app,
token_kwargs,
):
token = create_access_token(**token_kwargs)
headers = [('Authorization', 'Bearer {}'.format(token))]
with app.test_request_context('/', headers=headers):
resp = require_auth0(scopes=())(noop)()
assert resp.status_code == 200
def test_require_auth0_userinfo_auth0_jwks_invalid_response_error(
app, response_text, status, title):
token = create_access_token()
headers = [("Authorization", "Bearer {}".format(token))]
with app.test_request_context("/", headers=headers):
with requests_mock.mock() as m:
m.get("/.well-known/jwks.json", text=response_text)
with pytest.raises(ProblemException) as exc_info:
require_auth0(scopes=(), userinfo=True)(noop)()
assert exc_info.value.status == status
assert exc_info.value.title == title
def test_require_auth0_userinfo_succeeded(jwks, app):
token = create_access_token()
headers = [("Authorization", "Bearer {}".format(token))]
with app.test_request_context("/", headers=headers):
with requests_mock.mock() as m:
m.get("/userinfo",
status_code=200,
json=CANNED_USERINFO["STANDARD"])
resp = require_auth0(scopes=(), userinfo=True)(noop)()
assert isinstance(g.auth0_user, A0User)
assert resp.status_code == 200
def test_require_auth0_userinfo_auth0_failures(jwks, app, a0status, a0kwargs,
status, title):
token = create_access_token()
headers = [("Authorization", "Bearer {}".format(token))]
with app.test_request_context("/", headers=headers):
with requests_mock.mock() as m:
m.get("/userinfo", status_code=a0status, **a0kwargs)
with pytest.raises(ProblemException) as exc_info:
require_auth0(scopes=(), userinfo=True)(noop)()
assert exc_info.value.status == status
assert exc_info.value.title == title
def test_require_access_token_no_kid_match(jwks, app):
key = copy.deepcopy(TEST_KEY_PRIV)
key["kid"] = "BOGUSKID"
token = create_access_token(key=key)
headers = [("Authorization", "Bearer {}".format(token))]
with app.test_request_context("/", headers=headers):
with pytest.raises(ProblemException) as exc_info:
require_auth0(scopes=())(noop)()
assert exc_info.value.status == 400
assert exc_info.value.title == "Authorization Header Invalid"
assert exc_info.value.detail == (
"Appropriate key for Authorization header could not be found")
def test_require_auth0_userinfo_auth0_jwks_request_errors(
app, exc, status, title
):
token = create_access_token()
headers = [('Authorization', 'Bearer {}'.format(token))]
with app.test_request_context('/', headers=headers):
with requests_mock.mock() as m:
m.get('/.well-known/jwks.json', exc=exc)
with pytest.raises(ProblemException) as exc_info:
require_auth0(scopes=(), userinfo=True)(noop)()
assert exc_info.value.status == status
assert exc_info.value.title == title
def test_user_email(userinfo, expected_email):
token = create_access_token()
user = A0User(token, userinfo)
assert user.email == expected_email
def test_user_is_in_groups(userinfo, groups, result):
token = create_access_token()
user = A0User(token, userinfo)
assert user.is_in_groups(*groups) == result
