def test_auth_verify_broken_bearer_token(self): with self.assertRaises(AuthenticationFailed): decoded_claims, user_id = JWTAccessToken.token_data( 'incorrect_format', True) with self.assertRaises(AuthenticationFailed): decoded_claims, user_id = JWTAccessToken.token_data( 'token xyz', True)
def test_auth_verify_bearer_expired_token(self): settings = get_settings() keyset = get_keyset() kid = "2aedafba-8170-4064-b704-ce92b7c89cc6" key = keyset.get_key(kid) exp_time = round(time.time()) - 1000 for user_id_field in settings['USER_ID_FIELDS']: token = jwt.JWT(header={ "kid": kid, "alg": "ES256" }, claims={ 'exp': exp_time, user_id_field: '*****@*****.**' }) token.make_signed_token(key) bearer = 'Bearer {}'.format(token.serialize()) with self.assertRaises(AuthenticationFailed) as cm: decoded_claims, user_id = JWTAccessToken.token_data( bearer, True) e = cm.exception self.assertTrue( str(e).startswith('API authz problem: token expired'))
def test_auth_verify_bearer_token_missing_user_id(self): keyset = get_keyset() kid = "2aedafba-8170-4064-b704-ce92b7c89cc6" key = keyset.get_key(kid) token = jwt.JWT(header={ "kid": kid, "alg": "ES256" }, claims={'will_not_match': "*****@*****.**"}) token.make_signed_token(key) bearer = 'Bearer {}'.format(token.serialize()) with self.assertRaises(AuthenticationFailed): decoded_claims, user_id = JWTAccessToken.token_data(bearer, True)
def test_auth_verify_bearer_token_missing_signature(self): keyset = get_keyset() kid = "2aedafba-8170-4064-b704-ce92b7c89cc6" key = keyset.get_key(kid) token = jwt.JWT(header={ "kid": "wrong_key_id", "alg": "ES256" }, claims={'will_not_match': "*****@*****.**"}) token.make_signed_token(key) bearer = 'Bearer {}'.format(token.serialize()) with self.assertRaises(AuthenticationFailed) as cm: decoded_claims, user_id = JWTAccessToken.token_data(bearer, True) e = cm.exception self.assertTrue(str(e).startswith('token key not present'))
def test_auth_verify_bearer_token(self): settings = get_settings() keyset = get_keyset() kid = "2aedafba-8170-4064-b704-ce92b7c89cc6" key = keyset.get_key(kid) token = jwt.JWT(header={ "kid": kid, "alg": "ES256" }, claims={settings['USER_ID_FIELD']: "*****@*****.**"}) token.make_signed_token(key) bearer = token.serialize() decoded_claims, user_id = JWTAccessToken.token_data( 'Bearer {}'.format(bearer), True) self.assertEqual(user_id, "*****@*****.**")