def test_create_guest_access_token(self, get_time_mock): now = time.time() get_time_mock.return_value = now # so we know what it should = user = {"username": "******"} resources = [{"some": "resource"}] rls = [{"dataset": 1, "clause": "access = 1"}] token = security_manager.create_guest_access_token( user, resources, rls) aud = get_url_host() # unfortunately we cannot mock time in the jwt lib decoded_token = jwt.decode( token, self.app.config["GUEST_TOKEN_JWT_SECRET"], algorithms=[self.app.config["GUEST_TOKEN_JWT_ALGO"]], audience=aud, ) self.assertEqual(user, decoded_token["user"]) self.assertEqual(resources, decoded_token["resources"]) self.assertEqual(now, decoded_token["iat"]) self.assertEqual(aud, decoded_token["aud"]) self.assertEqual("guest", decoded_token["type"]) self.assertEqual( now + (self.app.config["GUEST_TOKEN_JWT_EXP_SECONDS"]), decoded_token["exp"], )
def test_get_guest_user_no_user(self): user = None resources = [{"type": "dashboard", "id": 1}] rls = {} token = security_manager.create_guest_access_token(user, resources, rls) fake_request = FakeRequest() fake_request.headers[current_app.config["GUEST_TOKEN_HEADER_NAME"]] = token guest_user = security_manager.get_guest_user_from_request(fake_request) self.assertIsNone(guest_user) self.assertRaisesRegex(ValueError, "Guest token does not contain a user claim")
def test_get_guest_user_no_resource(self): user = {"username": "******"} resources = [] rls = {} token = security_manager.create_guest_access_token(user, resources, rls) fake_request = FakeRequest() fake_request.headers[current_app.config["GUEST_TOKEN_HEADER_NAME"]] = token security_manager.get_guest_user_from_request(fake_request) self.assertRaisesRegex( ValueError, "Guest token does not contain a resources claim" )
def test_create_guest_access_token_callable_audience(self, get_time_mock): now = time.time() get_time_mock.return_value = now app.config["GUEST_TOKEN_JWT_AUDIENCE"] = Mock(return_value="cool_code") user = {"username": "******"} resources = [{"some": "resource"}] rls = [{"dataset": 1, "clause": "access = 1"}] token = security_manager.create_guest_access_token(user, resources, rls) decoded_token = jwt.decode( token, self.app.config["GUEST_TOKEN_JWT_SECRET"], algorithms=[self.app.config["GUEST_TOKEN_JWT_ALGO"]], audience="cool_code", ) app.config["GUEST_TOKEN_JWT_AUDIENCE"].assert_called_once() self.assertEqual("cool_code", decoded_token["aud"]) self.assertEqual("guest", decoded_token["type"]) app.config["GUEST_TOKEN_JWT_AUDIENCE"] = None
def create_guest_token(self): user = {"username": "******"} resources = [{"some": "resource"}] rls = [{"dataset": 1, "clause": "access = 1"}] return security_manager.create_guest_access_token(user, resources, rls)