def test_override_configs(self): self.app.config['JWT_TOKEN_LOCATION'] = 'cookies' self.app.config['JWT_HEADER_NAME'] = 'Auth' self.app.config['JWT_HEADER_TYPE'] = 'JWT' self.app.config['JWT_COOKIE_SECURE'] = True self.app.config['JWT_ACCESS_COOKIE_NAME'] = 'banana1' self.app.config['JWT_REFRESH_COOKIE_NAME'] = 'banana2' self.app.config['JWT_ACCESS_COOKIE_PATH'] = '/banana/' self.app.config['JWT_REFRESH_COOKIE_PATH'] = '/banana2/' self.app.config['JWT_COOKIE_CSRF_PROTECT'] = False self.app.config['JWT_ACCESS_CSRF_COOKIE_NAME'] = 'banana1a' self.app.config['JWT_REFRESH_CSRF_COOKIE_NAME'] = 'banana2a' self.app.config['JWT_CSRF_HEADER_NAME'] = 'bananaaaa' self.app.config['JWT_ACCESS_TOKEN_EXPIRES'] = timedelta(minutes=5) self.app.config['JWT_REFRESH_TOKEN_EXPIRES'] = timedelta(days=7) self.app.config['JWT_ALGORITHM'] = 'HS512' self.app.config['JWT_BLACKLIST_ENABLED'] = True self.app.config['JWT_BLACKLIST_STORE'] = simplekv.memory.DictStore() self.app.config['JWT_BLACKLIST_TOKEN_CHECKS'] = 'all' with self.app.test_request_context(): self.assertEqual(get_token_location(), 'cookies') self.assertEqual(get_jwt_header_name(), 'Auth') self.assertEqual(get_jwt_header_type(), 'JWT') self.assertEqual(get_cookie_secure(), True) self.assertEqual(get_access_cookie_name(), 'banana1') self.assertEqual(get_refresh_cookie_name(), 'banana2') self.assertEqual(get_access_cookie_path(), '/banana/') self.assertEqual(get_refresh_cookie_path(), '/banana2/') self.assertEqual(get_cookie_csrf_protect(), False) self.assertEqual(get_access_csrf_cookie_name(), 'banana1a') self.assertEqual(get_refresh_csrf_cookie_name(), 'banana2a') self.assertEqual(get_csrf_header_name(), 'bananaaaa') self.assertEqual(get_access_expires(), timedelta(minutes=5)) self.assertEqual(get_refresh_expires(), timedelta(days=7)) self.assertEqual(get_algorithm(), 'HS512') self.assertEqual(get_blacklist_enabled(), True) self.assertIsInstance(get_blacklist_store(), simplekv.memory.DictStore) self.assertEqual(get_blacklist_checks(), 'all') self.app.config['JWT_TOKEN_LOCATION'] = 'banana' self.app.config['JWT_HEADER_NAME'] = '' self.app.config['JWT_ACCESS_TOKEN_EXPIRES'] = 'banana' self.app.config['JWT_REFRESH_TOKEN_EXPIRES'] = 'banana' self.app.testing = True # Propagate exceptions with self.app.test_request_context(): with self.assertRaises(RuntimeError): get_jwt_header_name() with self.assertRaises(RuntimeError): get_access_expires() with self.assertRaises(RuntimeError): get_refresh_expires() with self.assertRaises(RuntimeError): get_token_location()
def unset_jwt_cookies(response): """ Takes a flask response object, and configures it to unset (delete) the JWT cookies. Basically, this is a logout helper method if using cookies to store the JWT """ response.set_cookie(get_refresh_cookie_name(), value='', expires=0, secure=get_cookie_secure(), httponly=True, path=get_refresh_cookie_path()) response.set_cookie(get_access_cookie_name(), value='', expires=0, secure=get_cookie_secure(), httponly=True, path=get_access_cookie_path()) return response
def set_access_cookies(response, encoded_access_token): """ Takes a flask response object, and configures it to set the encoded access token in a cookie (as well as a csrf access cookie if enabled) """ # Set the access JWT in the cookie response.set_cookie(get_access_cookie_name(), value=encoded_access_token, secure=get_cookie_secure(), httponly=True, path=get_access_cookie_path()) # If enabled, set the csrf double submit access cookie if get_cookie_csrf_protect(): response.set_cookie(get_access_csrf_cookie_name(), value=_get_csrf_token(encoded_access_token), secure=get_cookie_secure(), httponly=False, path='/')
def test_default_configs(self): with self.app.test_request_context(): self.assertEqual(get_token_location(), 'headers') self.assertEqual(get_jwt_header_name(), 'Authorization') self.assertEqual(get_jwt_header_type(), 'Bearer') self.assertEqual(get_cookie_secure(), False) self.assertEqual(get_access_cookie_name(), 'access_token_cookie') self.assertEqual(get_refresh_cookie_name(), 'refresh_token_cookie') self.assertEqual(get_access_cookie_path(), None) self.assertEqual(get_refresh_cookie_path(), None) self.assertEqual(get_cookie_csrf_protect(), True) self.assertEqual(get_access_csrf_cookie_name(), 'csrf_access_token') self.assertEqual(get_refresh_csrf_cookie_name(), 'csrf_refresh_token') self.assertEqual(get_csrf_header_name(), 'X-CSRF-TOKEN') self.assertEqual(get_access_expires(), timedelta(minutes=15)) self.assertEqual(get_refresh_expires(), timedelta(days=30)) self.assertEqual(get_algorithm(), 'HS256') self.assertEqual(get_blacklist_enabled(), False) self.assertEqual(get_blacklist_store(), None) self.assertEqual(get_blacklist_checks(), 'refresh')