def test_get_token_issuer_should_handle_invalid_token_with_no_iss(): token = create_jwt_token("key", "client_id") token = jwt.encode(payload={ 'iat': 1234 }, key='1234', headers={ 'typ': 'JWT', 'alg': 'HS256' }).decode() with pytest.raises(TokenIssuerError): get_token_issuer(token)
def test_get_token_issuer_should_handle_invalid_token_with_no_iss(): token = create_jwt_token("key", "client_id") token = jwt.encode(payload={'iat': 1234}, key='1234', headers={ 'typ': 'JWT', 'alg': 'HS256' }) with pytest.raises(TokenIssuerError) as e: get_token_issuer(token) assert "Invalid token: iss field not provided. See our requirements" in e.value.message
def __get_token_issuer(auth_token): try: issuer = get_token_issuer(auth_token) except TokenIssuerError: raise AuthError("Invalid token: iss field not provided", 403) except TokenDecodeError: raise AuthError(GENERAL_TOKEN_ERROR_MESSAGE, 403) return issuer
def __get_token_issuer(auth_token): try: client = get_token_issuer(auth_token) except TokenIssuerError: raise AuthError("Invalid token: iss field not provided", 403) except TokenDecodeError: raise AuthError("Invalid token: signature, api token is not valid", 403) return client
def requires_auth(): auth_token = get_auth_token(request) try: client = get_token_issuer(auth_token) except TokenDecodeError as e: raise AuthError(e.message, 403) except TokenIssuerError: raise AuthError("Invalid token: iss not provided", 403) if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'): g.service_id = current_app.config.get('ADMIN_CLIENT_USER_NAME') return handle_admin_key(auth_token, current_app.config.get('ADMIN_CLIENT_SECRET')) try: service = dao_fetch_service_by_id(client) except DataError: raise AuthError("Invalid token: service id is not the right data type", 403) except NoResultFound: raise AuthError("Invalid token: service not found", 403) if not service.api_keys: raise AuthError("Invalid token: service has no API keys", 403) if not service.active: raise AuthError("Invalid token: service is archived", 403) for api_key in service.api_keys: try: get_decode_errors(auth_token, api_key.unsigned_secret) except TokenDecodeError: continue if api_key.expiry_date: raise AuthError("Invalid token: API key revoked", 403) g.service_id = api_key.service_id _request_ctx_stack.top.api_user = api_key return else: # service has API keys, but none matching the one the user provided raise AuthError("Invalid token: signature, api token is not valid", 403)
def test_should_return_issuer_from_token(): token = create_jwt_token("key", "client_id") issuer = get_token_issuer(token) assert issuer == "client_id"
def test_should_handle_invalid_token_for_issuer_lookup(): with pytest.raises(TokenDecodeError) as e: get_token_issuer("token") assert "Invalid token: signature. See our requirements" in e.value.message
def test_should_handle_invalid_token_for_issuer_lookup(): with pytest.raises(TokenDecodeError) as e: get_token_issuer("token") assert e.value.message == "Invalid token"