Python verify_auth_tokenの例

プログラミング言語: Python

名前空間/パッケージ名: privacyidea.api.lib.utils

メソッド/関数: verify_auth_token

hotexamples.comのコード掲載数: 6

Python verify_auth_token - 6件のコード例が見つかりました。すべてオープンソースプロジェクトから抽出されたPythonのprivacyidea.api.lib.utils.verify_auth_tokenの実例で、最も評価が高いものを厳選しています。コード例の評価を行っていただくことで、より質の高いコード例が表示されるようになります。

コード例 #1

ファイルを表示

    def test_03_verify_auth_token(self):
        # create a jwt with a trusted private key
        with open("tests/testdata/jwt_sign.key", "r") as f:
            key = f.read()

        with mock.patch("logging.Logger.warning") as mock_log:
            auth_token = jwt.encode(payload={
                "role": "user",
                "user": "******",
                "realm": "realm1",
                "resolver": "resolverX"
            },
                                    key=key,
                                    algorithm="RS256")
            r = verify_auth_token(auth_token=auth_token, required_role="user")
            self.assertEqual(r.get("realm"), "realm1")
            self.assertEqual(r.get("user"), "userA")
            self.assertEqual(
                r.get("resolver"),
                "resolverX",
            )
            self.assertEqual(r.get("role"), "user")
            mock_log.assert_called_once_with(
                "Unsupported JWT algorithm in PI_TRUSTED_JWT.")

        # The signature has expired
        expired_token = jwt.encode(payload={
            "role":
            "admin",
            "exp":
            datetime.datetime.utcnow() - datetime.timedelta(seconds=1000)
        },
                                   key=key,
                                   algorithm="RS256")
        self.assertRaises(AuthError,
                          verify_auth_token,
                          auth_token=expired_token,
                          required_role="admin")

        # The signature does not match
        with mock.patch("logging.Logger.info") as mock_log:
            auth_token = jwt.encode(payload={
                "role": "user",
                "user": "******",
                "realm": "realm1",
                "resolver": "resolverX"
            },
                                    key=key,
                                    algorithm="RS256")
            r = verify_auth_token(auth_token=auth_token, required_role="user")
            mock_log.assert_any_call("A given JWT definition does not match.")

コード例 #2

ファイルを表示

ファイル: certificate.py プロジェクト: Reality9/privacyidea

def before_request():
    """
    This is executed before the request
    """
    # remove session from param and gather all parameters, either
    # from the Form data or from JSON in the request body.
    request.all_data = remove_session_from_param(request.values, request.data)
    # Verify the authtoken!
    authtoken = request.all_data.get("authtoken")
    r = verify_auth_token(authtoken, ["user", "admin"])
    request.PI_username = r.get("username")
    request.PI_realm = r.get("realm")
    request.PI_role = r.get("role")

コード例 #3

ファイルを表示

def before_request():
    """
    This is executed before the request
    """
    # remove session from param and gather all parameters, either
    # from the Form data or from JSON in the request body.
    request.all_data = get_all_params(request.values, request.data)
    # Verify the authtoken!
    authtoken = request.all_data.get("authtoken")
    r = verify_auth_token(authtoken, ["user", "admin"])
    request.PI_username = r.get("username")
    request.PI_realm = r.get("realm")
    request.PI_role = r.get("role")

コード例 #4

ファイルを表示

ファイル: auth.py プロジェクト: zachlewis2020/privacyidea

def check_auth_token(required_role=None):
    """
    This checks the authentication token

    You need to pass an authentication header:

        PI-Authorization: <token>

    You can do this using httpie like this:

        http -j POST http://localhost:5000/system/getConfig Authorization:ewrt
    """
    auth_token = request.headers.get('PI-Authorization')
    if not auth_token:
        auth_token = request.headers.get('Authorization')
    r = verify_auth_token(auth_token, required_role)
    g.logged_in_user = {"username": r.get("username"),
                        "realm": r.get("realm"),
                        "role": r.get("role")}

コード例 #5

ファイルを表示

ファイル: auth.py プロジェクト: privacyidea/privacyidea

def check_auth_token(required_role=None):
    """
    This checks the authentication token

    You need to pass an authentication header:

        PI-Authorization: <token>

    You can do this using httpie like this:

        http -j POST http://localhost:5000/system/getConfig Authorization:ewrt
    """
    auth_token = request.headers.get('PI-Authorization')
    if not auth_token:
        auth_token = request.headers.get('Authorization')
    r = verify_auth_token(auth_token, required_role)
    g.logged_in_user = {"username": r.get("username"),
                        "realm": r.get("realm"),
                        "role": r.get("role")}

コード例 #6

ファイルを表示

ファイル: test_api_lib_utils.py プロジェクト: zeigerpuppy/privacyidea

    def test_03_verify_auth_token(self):
        # create a jwt with a trusted private key
        with open("tests/testdata/jwt_sign.key", "r") as f:
            key = f.read()

        # successful authentication with wildcard user, starting with an "h" and ending with "s"
        auth_token = jwt.encode(payload={
            "role": "user",
            "username": "******",
            "realm": "realmX",
            "resolver": "resolverX"
        },
                                key=key,
                                algorithm="RS256")
        r = verify_auth_token(auth_token=auth_token, required_role="user")
        self.assertEqual(r.get("realm"), "realmX")
        self.assertEqual(r.get("username"), "hans")
        self.assertEqual(
            r.get("resolver"),
            "resolverX",
        )
        self.assertEqual(r.get("role"), "user")

        # A user starting with hans and ending with "t" is not allowed
        auth_token = jwt.encode(payload={
            "role": "user",
            "username": "******",
            "realm": "realmX",
            "resolver": "resolverX"
        },
                                key=key,
                                algorithm="RS256")
        with warnings.catch_warnings():
            warnings.simplefilter('ignore', category=DeprecationWarning)
            self.assertRaisesRegexp(
                AuthError,
                "The username hanswurst is not allowed to impersonate via JWT.",
                verify_auth_token,
                auth_token=auth_token,
                required_role="user")

        # A user ending with hans is not allowed
        # A user starting with hans and ending with "t" is not allowed
        auth_token = jwt.encode(payload={
            "role": "user",
            "username": "******",
            "realm": "realmX",
            "resolver": "resolverX"
        },
                                key=key,
                                algorithm="RS256")
        with warnings.catch_warnings():
            warnings.simplefilter('ignore', category=DeprecationWarning)
            self.assertRaisesRegexp(
                AuthError,
                "The username kleinerhans is not allowed to impersonate via JWT.",
                verify_auth_token,
                auth_token=auth_token,
                required_role="user")

        # Successful authentication with dedicated user
        with mock.patch("logging.Logger.warning") as mock_log:
            auth_token = jwt.encode(payload={
                "role": "user",
                "username": "******",
                "realm": "realm1",
                "resolver": "resolverX"
            },
                                    key=key,
                                    algorithm="RS256")
            r = verify_auth_token(auth_token=auth_token, required_role="user")
            self.assertEqual(r.get("realm"), "realm1")
            self.assertEqual(r.get("username"), "userA")
            self.assertEqual(
                r.get("resolver"),
                "resolverX",
            )
            self.assertEqual(r.get("role"), "user")
            # ...but there is an unsupported configuration
            mock_log.assert_called_once_with(
                "Unsupported JWT algorithm in PI_TRUSTED_JWT.")

        # The signature has expired
        expired_token = jwt.encode(payload={
            "role":
            "admin",
            "exp":
            datetime.datetime.utcnow() - datetime.timedelta(seconds=1000)
        },
                                   key=key,
                                   algorithm="RS256")
        self.assertRaises(AuthError,
                          verify_auth_token,
                          auth_token=expired_token,
                          required_role="admin")

        # The signature does not match
        with mock.patch("logging.Logger.info") as mock_log:
            auth_token = jwt.encode(payload={
                "role": "user",
                "username": "******",
                "realm": "realm1",
                "resolver": "resolverX"
            },
                                    key=key,
                                    algorithm="RS256")
            r = verify_auth_token(auth_token=auth_token, required_role="user")
            mock_log.assert_any_call("A given JWT definition does not match.")