def test_did_not_find_matching_jwk(
self, get_matching_jwk_mock: MagicMock,
caplog: pytest.LogCaptureFixture) -> None:
with pytest.raises(Unauthorized):
decode_jwt("x")
get_matching_jwk_mock.assert_called_once_with("x")
assert "Failed decoding JWT with following details" in caplog.text
def test_expired_jwt(self) -> None:
iat = int((datetime.utcnow() - timedelta(hours=12)).timestamp())
exp = int((datetime.utcnow() - timedelta(hours=6)).timestamp())
token_payload = {
"exp": exp,
"iat": iat,
"iss": "test-issuer",
"aud": "test-audience",
}
jwt_token = Authorizer.sign_authz(token_payload, SAMPLE_PRIVATE_KEY)
with pytest.raises(Unauthorized,
match="Your token has expired. Please refresh it."):
decode_jwt(jwt_token)
def test_missing_correct_audiences(
self, caplog: pytest.LogCaptureFixture) -> None:
iat = int(datetime.utcnow().timestamp())
exp = int((datetime.utcnow() + timedelta(hours=6)).timestamp())
token_payload = {
"exp": exp,
"iat": iat,
"iss": "test-issuer",
"aud": "test"
}
jwt_token = Authorizer.sign_authz(token_payload, SAMPLE_PRIVATE_KEY)
with pytest.raises(Unauthorized):
decode_jwt(jwt_token)
assert "Failed decoding JWT with any of JWK - details" in caplog.text
def get_user_details_from_auth_token(self) -> dict:
"""
Parses auth token for user details.
"""
parsed_user = {}
attributes = decode_jwt(self._token)
self._validate_attributes(attributes)
for key, value in attributes.items():
if key not in STANDARD_CLAIMS:
parsed_user[
remove_prefix(key) if REMOVE_PREFIXES else key] = value
return parsed_user
def _set_policy(self,
auth_jwt: str = None,
base_permission_policy: dict = None) -> None:
policy = base_permission_policy or {}
if auth_jwt is not None:
deep_update(policy, decode_jwt(auth_jwt))
self.refs = policy.get("refs", {})
try:
self.allow = policy["allow"]
self.deny = policy["deny"]
except KeyError as error:
raise PermissionDenied(
"Invalid policy in the authorization token") from error
def test_empty_public_keys(self) -> None:
with pytest.raises(RuntimeError):
decode_jwt("x")
def test_empty_allowed_audiences(self, _mocked_get_matching_jwk) -> None:
with pytest.raises(RuntimeError, match="ALLOWED_AUDIENCES"):
decode_jwt("x")
def test_proper_jwt(self, full_access_authz_payload: dict,
full_access_auth_header: str) -> None:
decoded_jwt_data = decode_jwt(full_access_auth_header)
assert decoded_jwt_data == full_access_authz_payload
def test_invalid_type(self, get_matching_jwk_mock: MagicMock) -> None:
msg = "error occurred during decoding"
with pytest.raises(RuntimeError, match=msg):
decode_jwt({"a"})
get_matching_jwk_mock.assert_called_once_with({"a"})