def test_validate_aud(self): id_token = jwt.encode({'alg': 'HS256'}, {'aud': 'foo'}, 'k') claims_options = { 'aud': { 'essential': True, 'value': 'foo' } } claims = jwt.decode(id_token, 'k', claims_options=claims_options) claims.validate() claims.options = { 'aud': {'values': ['bar']} } self.assertRaises( errors.InvalidClaimError, claims.validate ) id_token = jwt.encode({'alg': 'HS256'}, {'aud': ['foo', 'bar']}, 'k') claims = jwt.decode(id_token, 'k', claims_options=claims_options) claims.validate() # no validate claims.options = {'aud': {'values': []}} claims.validate()
def test_encode_sensitive_data(self): # check=False won't raise error jwt.encode({'alg': 'HS256'}, {'password': ''}, 'k', check=False) self.assertRaises(errors.InsecureClaimError, jwt.encode, {'alg': 'HS256'}, {'password': ''}, 'k') self.assertRaises(errors.InsecureClaimError, jwt.encode, {'alg': 'HS256'}, {'text': '4242424242424242'}, 'k')
def test_validate_exp(self): id_token = jwt.encode({'alg': 'HS256'}, {'exp': 'invalid'}, 'k') claims = jwt.decode(id_token, 'k') self.assertRaises(errors.InvalidClaimError, claims.validate) id_token = jwt.encode({'alg': 'HS256'}, {'exp': 1234}, 'k') claims = jwt.decode(id_token, 'k') self.assertRaises(errors.ExpiredTokenError, claims.validate)
def test_validate_nbf(self): id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 'invalid'}, 'k') claims = jwt.decode(id_token, 'k') self.assertRaises(errors.InvalidClaimError, claims.validate) id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 1234}, 'k') claims = jwt.decode(id_token, 'k') claims.validate() id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 1234}, 'k') claims = jwt.decode(id_token, 'k') self.assertRaises(errors.InvalidTokenError, claims.validate, 123)
def test_validate_iat(self): id_token = jwt.encode({'alg': 'HS256'}, {'iat': 'invalid'}, 'k') claims = jwt.decode(id_token, 'k') self.assertRaises( errors.InvalidClaimError, claims.validate )
def tokenize(payload, subject=None, **kwargs): """Generates a token for the given payload. Args: payload (dict): Payload subject (str): Subject of the encryption Returns: String: JWT token """ header = {'alg': 'RS256'} data = { 'data': payload, 'iat': date_time.time(), 'exp': date_time.time(manipulate=True, manipulation_type='ADD', **kwargs), 'aud': 'Yard-it.com.ng', 'iss': 'Yard-it-API', 'sub': subject } private_key = getenv('JWT_PRIVATE_KEY') token = jwt.encode(header=header, payload=data, key=private_key).decode(CHARSETS[0]) return token
def make_payload(self, alg, timeout, user_id): self.auth_url = AUTH_URL if user_id: sub = user_id sub_type = 'user' else: sub = self.enterprise_id sub_type = 'enterprise' exp = int(time.time()) + timeout claim = { "iss": self.client_id, "sub": sub, "box_sub_type": sub_type, "aud": self.auth_url, "jti": self.random_string(64), "exp": exp } assertion_header = { 'alg': alg, 'typ': u'JWT', 'kid': self.public_key_id } assertion = jwt.encode(assertion_header, claim, self.key).decode('utf-8') return ('grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer' '&client_id={}' '&client_secret={}' '&assertion={}').format(self.client_id, self.client_secret, assertion)
def test_validate_essential_claims(self): id_token = jwt.encode({'alg': 'HS256'}, {'iss': 'foo'}, 'k') claims_options = {'iss': {'essential': True, 'values': ['foo']}} claims = jwt.decode(id_token, 'k', claims_options=claims_options) claims.validate() claims.options = {'sub': {'essential': True}} self.assertRaises(errors.MissingClaimError, claims.validate)
def test_use_jws(self): payload = {'name': 'hi'} private_key = read_file_path('rsa_private.pem') pub_key = read_file_path('rsa_public.pem') data = jwt.encode({'alg': 'RS256'}, payload, private_key) self.assertEqual(data.count(b'.'), 2) claims = jwt.decode(data, pub_key) self.assertEqual(claims['name'], 'hi')
def test_validate_jti(self): id_token = jwt.encode({'alg': 'HS256'}, {'jti': 'bar'}, 'k') claims_options = { 'jti': { 'validate': lambda c, o: o == 'foo' } } claims = jwt.decode(id_token, 'k', claims_options=claims_options) self.assertRaises( errors.InvalidClaimError, claims.validate )
def test_invalid_values(self): id_token = jwt.encode({'alg': 'HS256'}, {'iss': 'foo'}, 'k') claims_options = {'iss': {'values': ['bar']}} claims = jwt.decode(id_token, 'k', claims_options=claims_options) self.assertRaises( errors.InvalidClaimError, claims.validate, ) claims.options = {'iss': {'value': 'bar'}} self.assertRaises( errors.InvalidClaimError, claims.validate, )
def encode(self, payload): data = { 'iss': self.config['iss'], 'aud': self.config['aud'], 'jwi': 'eclogue', # 'exp': int(time.time()) + 10000, 'exp': int(time.time()) + int(self.config.get('exp')) } if payload: data.update(payload) key = self.config['key'] return jwt.encode(self.header, data, key)
def post(self, name): if name: users.append({'id': len(users) + 1, 'name': name}) #Nuevo usuario payload = { #'id': id, 'name': name, } encoded_token = jwt.encode(header, payload, key) return print(encoded_token), print(jwt.decode(encoded_token, key)) else: abort(404)
def test_encode_datetime(self): now = datetime.datetime.utcnow() id_token = jwt.encode({'alg': 'HS256'}, {'exp': now}, 'k') claims = jwt.decode(id_token, 'k') self.assertIsInstance(claims.exp, int)