def test_not_ok(self): auth_mixin = AuthMixin() auth_mixin.request = RequestMock(headers={}) with self.assertRaises(ServiceAuthError) as cm: auth_mixin.get_access_token(require_auth=True) self.assertEqual( 'HTTP 401: Authorization header missing (Authorization header is expected)', f'{cm.exception}') auth_mixin.request = RequestMock( headers={'Authorization': 'Beerer my_t0k3n'}) with self.assertRaises(ServiceAuthError) as cm: auth_mixin.get_access_token() self.assertEqual( 'HTTP 401: Invalid header (Authorization header must start with "Bearer")', f'{cm.exception}') auth_mixin.request = RequestMock(headers={'Authorization': 'Bearer'}) with self.assertRaises(ServiceAuthError) as cm: auth_mixin.get_access_token() self.assertEqual('HTTP 401: Invalid header (Bearer token not found)', f'{cm.exception}') auth_mixin.request = RequestMock( headers={'Authorization': 'Bearer my t0k3n'}) with self.assertRaises(ServiceAuthError) as cm: auth_mixin.get_access_token() self.assertEqual( 'HTTP 401: Invalid header (Authorization header must be Bearer token)', f'{cm.exception}')
def test_expired_access_token(self): auth_mixin = AuthMixin() auth_mixin.service_context = ServiceContextMock(config=dict( Authentication=dict(Domain='xcube-dev.eu.auth0.com', Audience='https://xcube-dev/api/'))) expired_token = \ "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6" \ "Ik5VSkdSVUV5UWpNeE16UTVRVGMzTnpRM05URkNRa1ky" \ "TURGRE5qQkJSak5ETlRBeVFrWXdOUSJ9.eyJpc3MiOiJ" \ "odHRwczovL3hjdWJlLWRldi5ldS5hdXRoMC5jb20vIiw" \ "ic3ViIjoidzJOb0RFcnlJcE5SdEFRVkgxVG9VNlhUdXJ" \ "FNTQ5RldAY2xpZW50cyIsImF1ZCI6Imh0dHBzOi8veGN" \ "1YmUtZGV2L2FwaS8iLCJpYXQiOjE1Nzk0NTUxMDMsImV" \ "4cCI6MTU3OTU0MTUwMywiYXpwIjoidzJOb0RFcnlJcE5" \ "SdEFRVkgxVG9VNlhUdXJFNTQ5RlciLCJndHkiOiJjbGl" \ "lbnQtY3JlZGVudGlhbHMiLCJwZXJtaXNzaW9ucyI6W11" \ "9.NtGuVp0yY8foR_eFiEmH0eXvCx85cvb5b1cPWCKs6L" \ "CNniUJJ3VnX5Fek08puW7Jidy-tj1UTzyG569dSHGDu3" \ "10Mf7xpQ9gyfZCWcaohERxsv9MrxHziqfGVnxv051rOB" \ "_c-fYyymrFnlsIqWeahcS7znvPoMovPO7E8MxVaIqxd_" \ "S4zKVlH025F-bDvytuwXD-rFmYVElCg7u2uOZKqjpF3l" \ "ZCWc50_F1jSGcEQZv4daQJY-3lfU6TnEQAuGWlOVRrCN" \ "u05nlUBFPz6G82tB_nsP1uTa8uElOzoalVttXufLIeU0" \ "FL8Sv-lC6wUJTZAFpykLNmpA-vhkSeTqMv4g" auth_mixin.request = RequestMock( headers={'Authorization': f'Bearer {expired_token}'}) with self.assertRaises(ServiceAuthError) as cm: auth_mixin.get_id_token() self.assertEqual('HTTP 401: Token expired (Token is expired)', f'{cm.exception}')
def test_ok(self): access_token = self._fetch_access_token() auth_mixin = AuthMixin() auth_mixin.service_context = ServiceContextMock(config=dict( Authentication=dict(Domain='xcube-dev.eu.auth0.com', Audience='https://xcube-dev/api/'))) auth_mixin.request = RequestMock( headers={'Authorization': f'Bearer {access_token}'}) id_token = auth_mixin.get_id_token() self.assertEqual('https://xcube-dev.eu.auth0.com/', id_token.get('iss')) self.assertEqual('https://xcube-dev/api/', id_token.get('aud')) self.assertEqual('w2NoDEryIpNRtAQVH1ToU6XTurE549FW', id_token.get('azp')) self.assertEqual('client-credentials', id_token.get('gty')) self.assertEqual('w2NoDEryIpNRtAQVH1ToU6XTurE549FW@clients', id_token.get('sub')) self.assertEqual(['read:datasets'], id_token.get('permissions')) exp = id_token.get('exp') iat = id_token.get('iat') self.assertIsInstance(exp, int) self.assertIsInstance(iat, int) self.assertEqual(86400, exp - iat)
def test_missing_auth_config(self): auth_mixin = AuthMixin() auth_mixin.service_context = ServiceContextMock(config={}) auth_mixin.request = RequestMock( headers={'Authorization': f'Bearer my_t0k3n'}) with self.assertRaises(ServiceAuthError) as cm: auth_mixin.get_id_token(require_auth=True) self.assertEqual( 'HTTP 401: Invalid header (Received access token, ' 'but this server doesn\'t support authentication.)', f'{cm.exception}')
def test_missing_access_token(self): auth_mixin = AuthMixin() auth_mixin.request = RequestMock(headers={}) self.assertEqual(None, auth_mixin.get_id_token())
def test_ok(self): auth_mixin = AuthMixin() auth_mixin.request = RequestMock( headers={'Authorization': 'Bearer my_t0k3n'}) self.assertEqual('my_t0k3n', auth_mixin.get_access_token())