コード例 #1
0
def test_verify_wrong_app_fails(fake_email, fake_client_app,
                                create_fake_client_app):
    fake_client_app2 = create_fake_client_app()
    token = security_token.generate(fake_email, fake_client_app)

    with pytest.raises(security_token.TokenVerificationError):
        security_token.verify(token, fake_client_app2)
コード例 #2
0
def test_verify_wrong_issuer_app_id_fails(fake_email, fake_client_app):
    payload = {"iss": f"{config.ISSUER}/{uuid.uuid4()}", "sub": fake_email}
    # key = jwk.JWK(**fake_client_app.key)
    token = jwt.generate_jwt(
        payload,
        fake_client_app.get_key(),
        "ES256",
        datetime.timedelta(seconds=1),
    )

    with pytest.raises(security_token.TokenVerificationError):
        security_token.verify(token, fake_client_app)
コード例 #3
0
def test_verify_wrong_key_fails(fake_email, fake_client_app):
    key = jwk.JWK.generate(kty="EC", size=2048)
    payload = {"iss": f"{config.ISSUER}/12345", "sub": fake_email}
    token = jwt.generate_jwt(
        payload,
        key,
        "ES256",
        datetime.timedelta(minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES),
    )

    with pytest.raises(security_token.TokenVerificationError):
        security_token.verify(token, fake_client_app)
コード例 #4
0
def test_verify_wrong_issuer_domain_fails(fake_email, fake_client_app):
    payload = {
        "iss": f"https://example.com/{fake_client_app.app_id}",
        "sub": fake_email,
    }
    # key = jwk.JWK(**fake_client_app.key)
    token = jwt.generate_jwt(
        payload,
        fake_client_app.get_key(),
        "ES256",
        datetime.timedelta(seconds=1),
    )

    with pytest.raises(security_token.TokenVerificationError):
        security_token.verify(token, fake_client_app)
コード例 #5
0
def test_verify_expired_fails(fake_email, fake_client_app):
    payload = {
        "iss": f"{config.ISSUER}/{fake_client_app.app_id}",
        "sub": fake_email
    }
    token = jwt.generate_jwt(
        payload,
        fake_client_app.get_key(),
        "ES256",
        datetime.timedelta(seconds=1),
    )
    time.sleep(1)

    with pytest.raises(security_token.TokenVerificationError):
        security_token.verify(token, fake_client_app)
コード例 #6
0
def test_verify(fake_email, fake_client_app):
    token = security_token.generate(fake_email, fake_client_app)
    headers, claims = security_token.verify(token, fake_client_app)

    assert headers["alg"] == "ES256"
    assert claims["sub"] == fake_email
    assert claims["iss"] == f"{config.ISSUER}/app/{fake_client_app.app_id}"
    assert claims.get("iat") is not None
    assert claims.get("exp") is not None
コード例 #7
0
ファイル: token.py プロジェクト: rickh94/auth-service 
async def verify_token(
        vt: VerifyToken,
        client_app: ClientApp = Depends(check_client_app),
):
    """Ask the server to verify a token for a specific app"""
    try:
        headers, claims = security_token.verify(vt.idToken, client_app)
    except security_token.TokenVerificationError:
        raise HTTPException(status_code=401, detail=f"Invalid Token")
    return VerifiedTokenResponse(headers=headers, claims=claims)
コード例 #8
0
def test_verify_invalid_token_fails(fake_client_app):
    with pytest.raises(security_token.TokenVerificationError):
        security_token.verify("fakeheaders.fakeclaims.whoknows",
                              fake_client_app)
コード例 #9
0
def test_verify_ridiculous_token_fails(fake_client_app):
    with pytest.raises(security_token.TokenVerificationError):
        security_token.verify("not-even-a-real-token", fake_client_app)