コード例 #1
0
    def test_raises_if_aud_doesnt_match_api_key(self):
        self.payload["aud"] = "bad audience"

        with self.assertRaises(session_token.SessionTokenError) as cm:
            session_token.decode_from_header(self.build_auth_header(),
                                             api_key=self.api_key,
                                             secret=self.secret)

        self.assertEqual("Invalid audience", str(cm.exception))
コード例 #2
0
    def test_raises_jwt_error_if_session_token_is_expired(self):
        self.payload["exp"] = timestamp((datetime.now() + timedelta(0, -10)))

        with self.assertRaises(session_token.SessionTokenError) as cm:
            session_token.decode_from_header(self.build_auth_header(),
                                             api_key=self.api_key,
                                             secret=self.secret)

        self.assertEqual("Signature has expired", str(cm.exception))
コード例 #3
0
    def test_raises_if_issuer_hostname_is_invalid(self):
        self.payload["iss"] = "bad_shop_hostname"

        with self.assertRaises(session_token.InvalidIssuerError) as cm:
            session_token.decode_from_header(self.build_auth_header(),
                                             api_key=self.api_key,
                                             secret=self.secret)

        self.assertEqual("Invalid issuer", str(cm.exception))
コード例 #4
0
    def test_raises_if_iss_and_dest_dont_match(self):
        self.payload["dest"] = "bad_shop.myshopify.com"

        with self.assertRaises(session_token.MismatchedHostsError) as cm:
            session_token.decode_from_header(self.build_auth_header(),
                                             api_key=self.api_key,
                                             secret=self.secret)

        self.assertEqual("The issuer and destination do not match",
                         str(cm.exception))
コード例 #5
0
    def test_raises_if_token_authentication_header_is_not_bearer(self):
        authorization_header = "Bad auth header"

        with self.assertRaises(session_token.TokenAuthenticationError) as cm:
            session_token.decode_from_header(authorization_header,
                                             api_key=self.api_key,
                                             secret=self.secret)

        self.assertEqual(
            "The HTTP_AUTHORIZATION_HEADER provided does not contain a Bearer token",
            str(cm.exception))
コード例 #6
0
    def test_raises_jwt_error_if_invalid_alg(self):
        bad_session_token = jwt.encode(self.payload, None, algorithm="none")
        invalid_header = "Bearer {session_token}".format(
            session_token=bad_session_token)

        with self.assertRaises(session_token.SessionTokenError) as cm:
            session_token.decode_from_header(invalid_header,
                                             api_key=self.api_key,
                                             secret=self.secret)

        self.assertEqual("The specified alg value is not allowed",
                         str(cm.exception))
コード例 #7
0
    def test_raises_jwt_error_if_invalid_signature(self):
        bad_session_token = jwt.encode(self.payload,
                                       "bad_secret",
                                       algorithm="HS256")
        invalid_header = "Bearer {session_token}".format(
            session_token=bad_session_token)

        with self.assertRaises(session_token.SessionTokenError) as cm:
            session_token.decode_from_header(invalid_header,
                                             api_key=self.api_key,
                                             secret=self.secret)

        self.assertEqual("Signature verification failed", str(cm.exception))
コード例 #8
0
 def wrapper(*args, **kwargs):
     try:
         decoded_session_token = session_token.decode_from_header(
             authorization_header=authorization_header(args[0]),
             api_key=apps.get_app_config("shopify_app").SHOPIFY_API_KEY,
             secret=apps.get_app_config("shopify_app").SHOPIFY_API_SECRET,
         )
         with shopify_session(decoded_session_token):
             return func(*args, **kwargs)
     except session_token.SessionTokenError:
         return HttpResponse(status=401)
コード例 #9
0
    def test_returns_decoded_payload(self):
        decoded_payload = session_token.decode_from_header(
            self.build_auth_header(), api_key=self.api_key, secret=self.secret)

        self.assertEqual(self.payload, decoded_payload)