def wrapper(*args, **kwargs):
guard = current_guard()
token = guard.read_token_from_header()
jwt_data = guard.extract_jwt_token(token)
add_jwt_data_to_app_context(jwt_data)
retval = method(*args, **kwargs)
remove_jwt_data_from_app_context()
return retval
def _verify_and_add_jwt():
"""
This helper method just checks and adds jwt data to the app context. Will
not add jwt data if it is already present. Only use in this module
"""
if not app_context_has_jwt_data():
guard = current_guard()
token = guard.read_token_from_header()
jwt_data = guard.extract_jwt_token(token)
add_jwt_data_to_app_context(jwt_data)
def test_app_context_has_jwt_data(self):
"""
This test verifies that the app_context_has_jwt_data method can
determine if jwt_data has been added to the app context yet
"""
assert not app_context_has_jwt_data()
add_jwt_data_to_app_context({'a': 1})
assert app_context_has_jwt_data()
remove_jwt_data_from_app_context()
assert not app_context_has_jwt_data()
def test_remove_jwt_data_from_app_context(self):
"""
This test verifies that jwt data can be removed from an app context.
It also verifies that attempting to remove the data if it does not
exist there does not cause an exception
"""
jwt_data = {'a': 1}
add_jwt_data_to_app_context(jwt_data)
assert flask._app_ctx_stack.top.jwt_data == jwt_data
remove_jwt_data_from_app_context()
assert not hasattr(flask._app_ctx_stack.top, 'jwt_data')
remove_jwt_data_from_app_context()
def test_current_rolenames(self, user_class, db, default_guard):
"""
This test verifies that the rolenames attached to the current user
can be extracted from the jwt token data that has been added to the
current flaks app's context
"""
jwt_data = {}
add_jwt_data_to_app_context(jwt_data)
assert current_rolenames() == set(
['non-empty-but-definitely-not-matching-subset'])
jwt_data = {'rls': 'admin,operator'}
add_jwt_data_to_app_context(jwt_data)
assert current_rolenames() == set(['admin', 'operator'])
def test_current_user_id(self, user_class, db, default_guard):
"""
This test verifies that the current user id can be successfully
determined based on jwt token data that has been added to the current
flask app's context.
"""
jwt_data = {}
add_jwt_data_to_app_context(jwt_data)
with pytest.raises(PraetorianError) as err_info:
current_user()
assert 'Could not fetch an id' in str(err_info.value)
jwt_data = {'id': 31}
add_jwt_data_to_app_context(jwt_data)
assert current_user_id() == 31
def test_current_custom_claims(self, user_class, db, default_guard):
"""
This test verifies that any custom claims attached to the current jwt
can be extracted from the jwt token data that has been added to the
current flask app's context
"""
jwt_data = dict(
id=13,
jti='whatever',
duder='brief',
el_duderino='not brief',
)
add_jwt_data_to_app_context(jwt_data)
assert current_custom_claims() == dict(
duder='brief',
el_duderino='not brief',
)
def _verify_and_add_jwt(optional=False):
"""
This helper method just checks and adds jwt data to the app context.
If optional is False and the header is missing the token, just returns.
Will not add jwt data if it is already present.
Only use in this module
"""
if not app_context_has_jwt_data():
guard = current_guard()
try:
token = guard.read_token_from_header()
except MissingToken as err:
if optional:
return
raise err
jwt_data = guard.extract_jwt_token(token)
add_jwt_data_to_app_context(jwt_data)
def test_current_user(self, user_class, db, default_guard):
"""
This test verifies that the current user can be successfully
determined based on jwt token data that has been added to the current
flask app's context.
"""
jwt_data = {}
add_jwt_data_to_app_context(jwt_data)
with pytest.raises(PraetorianError) as err_info:
current_user()
assert 'Could not fetch an id' in str(err_info.value)
jwt_data = {'id': 31}
add_jwt_data_to_app_context(jwt_data)
with pytest.raises(PraetorianError) as err_info:
current_user()
assert 'Could not identify the current user' in str(err_info.value)
the_dude = user_class(
id=13,
username='******',
)
db.session.add(the_dude)
db.session.commit()
jwt_data = {'id': 13}
add_jwt_data_to_app_context(jwt_data)
assert current_user() is the_dude
def wrapper(*args, **kwargs):
# TODO put the x-api-key and such in the constants and check if is also found as a query parameter!
token_store_token_id = request.headers.get('x-api-key', "")
print(token_store_token_id)
if token_store_token_id:
print("found da x-api-key")
token_store_token = current_token(token_store_token_id)
print("hydrating a JWT for this api_token")
#token = {"id":1, "token_name":"my_api", "roles":"admin"}
encoded_jwt = current_guard().encode_jwt_token(token_store_token,
is_api=True)
decoded_jwt = current_guard().extract_jwt_token(encoded_jwt)
# TODO have the model check for it's enabled, not expired and such using the underlying Token_store model
add_jwt_data_to_app_context(decoded_jwt)
try:
return method(*args, **kwargs)
finally:
remove_jwt_data_from_app_context()
else:
_verify_and_add_jwt(optional=True)
try:
return method(*args, **kwargs)
finally:
remove_jwt_data_from_app_context()
