def test_validate_aud(self):
id_token = jwt.encode({'alg': 'HS256'}, {'aud': 'foo'}, 'k')
claims_options = {
'aud': {
'essential': True,
'value': 'foo'
}
}
claims = jwt.decode(id_token, 'k', claims_options=claims_options)
claims.validate()
claims.options = {
'aud': {'values': ['bar']}
}
self.assertRaises(
errors.InvalidClaimError,
claims.validate
)
id_token = jwt.encode({'alg': 'HS256'}, {'aud': ['foo', 'bar']}, 'k')
claims = jwt.decode(id_token, 'k', claims_options=claims_options)
claims.validate()
# no validate
claims.options = {'aud': {'values': []}}
claims.validate()
def test_encode_sensitive_data(self):
# check=False won't raise error
jwt.encode({'alg': 'HS256'}, {'password': ''}, 'k', check=False)
self.assertRaises(errors.InsecureClaimError, jwt.encode,
{'alg': 'HS256'}, {'password': ''}, 'k')
self.assertRaises(errors.InsecureClaimError, jwt.encode,
{'alg': 'HS256'}, {'text': '4242424242424242'}, 'k')
def test_validate_exp(self):
id_token = jwt.encode({'alg': 'HS256'}, {'exp': 'invalid'}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertRaises(errors.InvalidClaimError, claims.validate)
id_token = jwt.encode({'alg': 'HS256'}, {'exp': 1234}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertRaises(errors.ExpiredTokenError, claims.validate)
def test_validate_nbf(self):
id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 'invalid'}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertRaises(errors.InvalidClaimError, claims.validate)
id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 1234}, 'k')
claims = jwt.decode(id_token, 'k')
claims.validate()
id_token = jwt.encode({'alg': 'HS256'}, {'nbf': 1234}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertRaises(errors.InvalidTokenError, claims.validate, 123)
def test_validate_iat(self):
id_token = jwt.encode({'alg': 'HS256'}, {'iat': 'invalid'}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertRaises(
errors.InvalidClaimError,
claims.validate
)
def tokenize(payload, subject=None, **kwargs):
"""Generates a token for the given payload.
Args:
payload (dict): Payload
subject (str): Subject of the encryption
Returns:
String: JWT token
"""
header = {'alg': 'RS256'}
data = {
'data':
payload,
'iat':
date_time.time(),
'exp':
date_time.time(manipulate=True, manipulation_type='ADD', **kwargs),
'aud':
'Yard-it.com.ng',
'iss':
'Yard-it-API',
'sub':
subject
}
private_key = getenv('JWT_PRIVATE_KEY')
token = jwt.encode(header=header, payload=data,
key=private_key).decode(CHARSETS[0])
return token
def make_payload(self, alg, timeout, user_id):
self.auth_url = AUTH_URL
if user_id:
sub = user_id
sub_type = 'user'
else:
sub = self.enterprise_id
sub_type = 'enterprise'
exp = int(time.time()) + timeout
claim = {
"iss": self.client_id,
"sub": sub,
"box_sub_type": sub_type,
"aud": self.auth_url,
"jti": self.random_string(64),
"exp": exp
}
assertion_header = {
'alg': alg,
'typ': u'JWT',
'kid': self.public_key_id
}
assertion = jwt.encode(assertion_header, claim,
self.key).decode('utf-8')
return ('grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer'
'&client_id={}'
'&client_secret={}'
'&assertion={}').format(self.client_id, self.client_secret,
assertion)
def test_validate_essential_claims(self):
id_token = jwt.encode({'alg': 'HS256'}, {'iss': 'foo'}, 'k')
claims_options = {'iss': {'essential': True, 'values': ['foo']}}
claims = jwt.decode(id_token, 'k', claims_options=claims_options)
claims.validate()
claims.options = {'sub': {'essential': True}}
self.assertRaises(errors.MissingClaimError, claims.validate)
def test_use_jws(self):
payload = {'name': 'hi'}
private_key = read_file_path('rsa_private.pem')
pub_key = read_file_path('rsa_public.pem')
data = jwt.encode({'alg': 'RS256'}, payload, private_key)
self.assertEqual(data.count(b'.'), 2)
claims = jwt.decode(data, pub_key)
self.assertEqual(claims['name'], 'hi')
def test_validate_jti(self):
id_token = jwt.encode({'alg': 'HS256'}, {'jti': 'bar'}, 'k')
claims_options = {
'jti': {
'validate': lambda c, o: o == 'foo'
}
}
claims = jwt.decode(id_token, 'k', claims_options=claims_options)
self.assertRaises(
errors.InvalidClaimError,
claims.validate
)
def test_invalid_values(self):
id_token = jwt.encode({'alg': 'HS256'}, {'iss': 'foo'}, 'k')
claims_options = {'iss': {'values': ['bar']}}
claims = jwt.decode(id_token, 'k', claims_options=claims_options)
self.assertRaises(
errors.InvalidClaimError,
claims.validate,
)
claims.options = {'iss': {'value': 'bar'}}
self.assertRaises(
errors.InvalidClaimError,
claims.validate,
)
def encode(self, payload):
data = {
'iss': self.config['iss'],
'aud': self.config['aud'],
'jwi': 'eclogue',
# 'exp': int(time.time()) + 10000,
'exp': int(time.time()) + int(self.config.get('exp'))
}
if payload:
data.update(payload)
key = self.config['key']
return jwt.encode(self.header, data, key)
def post(self, name):
if name:
users.append({'id': len(users) + 1, 'name': name}) #Nuevo usuario
payload = {
#'id': id,
'name': name,
}
encoded_token = jwt.encode(header, payload, key)
return print(encoded_token), print(jwt.decode(encoded_token, key))
else:
abort(404)
def test_encode_datetime(self):
now = datetime.datetime.utcnow()
id_token = jwt.encode({'alg': 'HS256'}, {'exp': now}, 'k')
claims = jwt.decode(id_token, 'k')
self.assertIsInstance(claims.exp, int)
