예제 #1
0
 def test_generate_from_key_string(self):
     private1, public1 = generate_key_pair()
     private2, public2 = generate_key_pair()
     header = create_auth_header('foo', key=private1)
     self.assertTrue(header.startswith('JWT '))
     token = header.split(' ', 1)[1]
     self.assertFalse(verify(token, public2))
     self.assertTrue(verify(token, public1))
 def test_generate_from_key_string(self):
     private1, public1 = generate_key_pair()
     private2, public2 = generate_key_pair()
     header = create_auth_header('foo', key=private1)
     self.assertTrue(header.startswith('JWT '))
     token = header.split(' ', 1)[1]
     self.assertFalse(verify(token, public2))
     self.assertTrue(verify(token, public1))
    def test_bad_nonce(self):
        private, public = generate_key_pair()

        t = token.sign('guido', private, generate_nonce=lambda username, iat: 1)
        token_data = token.verify(t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertTrue(token_data)

        t = token.sign('guido', private, generate_nonce=lambda username, iat: 1)
        token_data = token.verify(t, public, validate_nonce=lambda username, iat, nonce: nonce == 2)
        self.assertFalse(token_data)

        t = token.sign('guido', private, generate_nonce=lambda username, iat: 2)
        token_data = token.verify(t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertFalse(token_data)
예제 #4
0
    def process_request(self, request):
        if 'HTTP_AUTHORIZATION' not in request.META:
            return

        method, claim = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
        if method.upper() != AUTH_METHOD:
            return

        username = token.get_claimed_username(claim)
        if not username:
            return

        User = get_user_model()
        try:
            user = User.objects.get(username=username)
        except User.DoesNotExist:
            return

        claim_data = None
        for public in user.public_keys.all():
            claim_data = token.verify(claim,
                                      public.key,
                                      validate_nonce=self.validate_nonce)
            if claim_data:
                break
        if not claim_data:
            return

        logging.info('Successfully authenticated %s using JWT', user.username)
        request._dont_enforce_csrf_checks = True
        request.user = user
예제 #5
0
    def process_base(self, request):
        """
        Base function for processing middleware (process_request) and DRF authentication
        (authenticate)
        """

        if 'HTTP_AUTHORIZATION' not in request.META:
            return None

        method, claim = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
        if method.upper() != AUTH_METHOD:
            return None

        username = token.get_claimed_username(claim)
        if not username:
            return None

        User = get_user_model()
        try:
            user = User.objects.get(username=username)
        except User.DoesNotExist:
            return None

        claim_data = None
        for public in user.public_keys.all():
            claim_data = token.verify(claim,
                                      public.key,
                                      validate_nonce=self.validate_nonce)
            if claim_data:
                break
        if not claim_data:
            return None

        logger.debug('Successfully authenticated %s using JWT', user.username)
        return user
예제 #6
0
    def process_request(self, request):
        if 'HTTP_AUTHORIZATION' not in request.META:
            return

        method, claim = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
        if method.upper() != AUTH_METHOD:
            return

        username = token.get_claimed_username(claim)
        if not username:
            return

        try:
            user = User.objects.get(username=username)
        except User.DoesNotExist:
            return

        claim_data = None
        for public in user.public_keys.all():
            claim_data = token.verify(claim, public.key, validate_nonce=self.validate_nonce)
            if claim_data:
                break
        if not claim_data:
            return

        logging.info('Successfully authenticated %s using JWT', user.username)
        request._dont_enforce_csrf_checks = True
        request.user = user
    def test_bad_iat(self):
        private, public = generate_key_pair()

        t = token.sign('guido', private, iat=time.time())
        token_data = token.verify(t, public)
        self.assertTrue(token_data)

        # IAT tolerance exists to account for clock drift between disparate systems.
        tolerance = token.TIMESTAMP_TOLERANCE + 1

        t = token.sign('guido', private, iat=time.time() - tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)

        t = token.sign('guido', private, iat=time.time() + tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)
예제 #8
0
 def test_generate_from_encrypted_key_file(self):
     header = create_auth_header('foo',
                                 key_file=KEY2_PRIVATE,
                                 key_password=KEY2_PASSWORD)
     self.assertTrue(header.startswith('JWT '))
     token = header.split(' ', 1)[1]
     with open(KEY2_PUBLIC, 'r') as public:
         self.assertTrue(verify(token, public.read()))
예제 #9
0
    def test_bad_iat(self):
        private, public = generate_key_pair()

        t = token.sign('guido', private, iat=time.time())
        token_data = token.verify(t, public)
        self.assertTrue(token_data)

        # IAT tolerance exists to account for clock drift between disparate systems.
        tolerance = token.TIMESTAMP_TOLERANCE + 1

        t = token.sign('guido', private, iat=time.time() - tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)

        t = token.sign('guido', private, iat=time.time() + tolerance)
        token_data = token.verify(t, public)
        self.assertFalse(token_data)
    def test_bad_keys(self):
        private1, public1 = generate_key_pair()
        private2, public2 = generate_key_pair()

        t = token.sign('guido', private1)
        token_data = token.verify(t, public1)
        self.assertTrue(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public2)
        self.assertTrue(token_data)

        t = token.sign('guido', private1)
        token_data = token.verify(t, public2)
        self.assertFalse(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public1)
        self.assertFalse(token_data)
예제 #11
0
    def test_bad_keys(self):
        private1, public1 = generate_key_pair()
        private2, public2 = generate_key_pair()

        t = token.sign('guido', private1)
        token_data = token.verify(t, public1)
        self.assertTrue(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public2)
        self.assertTrue(token_data)

        t = token.sign('guido', private1)
        token_data = token.verify(t, public2)
        self.assertFalse(token_data)

        t = token.sign('guido', private2)
        token_data = token.verify(t, public1)
        self.assertFalse(token_data)
예제 #12
0
    def test_bad_nonce(self):
        private, public = generate_key_pair()

        t = token.sign('guido',
                       private,
                       generate_nonce=lambda username, iat: 1)
        token_data = token.verify(
            t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertTrue(token_data)

        t = token.sign('guido',
                       private,
                       generate_nonce=lambda username, iat: 1)
        token_data = token.verify(
            t, public, validate_nonce=lambda username, iat, nonce: nonce == 2)
        self.assertFalse(token_data)

        t = token.sign('guido',
                       private,
                       generate_nonce=lambda username, iat: 2)
        token_data = token.verify(
            t, public, validate_nonce=lambda username, iat, nonce: nonce == 1)
        self.assertFalse(token_data)
예제 #13
0
    def process_request(self, request):
        """
        Process a Django request and authenticate users.

        If a JWT authentication header is detected and it is determined to be valid, the user is set as
        ``request.user`` and CSRF protection is disabled (``request._dont_enforce_csrf_checks = True``) on
        the request.

        :param request: Django Request instance
        """
        if 'HTTP_AUTHORIZATION' not in request.META:
            return

        try:
            method, claim = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
        except ValueError:
            return

        if method.upper() != AUTH_METHOD:
            return

        username = token.get_claimed_username(claim)
        if not username:
            return

        User = get_user_model()
        try:
            user = User.objects.get(username=username)
        except User.DoesNotExist:
            return

        claim_data = None
        for public in user.public_keys.all():
            claim_data = token.verify(claim,
                                      public.key,
                                      validate_nonce=self.validate_nonce)
            if claim_data:
                break
        if not claim_data:
            return

        logger.debug('Successfully authenticated %s using JWT', user.username)
        request._dont_enforce_csrf_checks = True
        request.user = user
 def test_roundtrip(self):
     private, public = generate_key_pair()
     t = token.sign('guido', private)
     token_data = token.verify(t, public)
     self.assertTrue(token_data)
     self.assertEqual(token_data.get('username'), 'guido')
 def test_generate_from_encrypted_key_file(self):
     header = create_auth_header('foo', key_file=KEY2_PRIVATE, key_password=KEY2_PASSWORD)
     self.assertTrue(header.startswith('JWT '))
     token = header.split(' ', 1)[1]
     with open(KEY2_PUBLIC, 'r') as public:
         self.assertTrue(verify(token, public.read()))
예제 #16
0
 def test_roundtrip(self):
     private, public = generate_key_pair()
     t = token.sign('guido', private)
     token_data = token.verify(t, public)
     self.assertTrue(token_data)
     self.assertEqual(token_data.get('username'), 'guido')