def test_subject_returns_sub_claim(self, claims): jwttok = jwt_token(claims) grant_token = VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert grant_token.subject == 'test-subject'
def test_init_raises_for_invalid_signature_algorithm(self, claims): jwttok = jwt_token(claims, alg='HS512') with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert exc.value.description == 'Invalid grant token signature algorithm.'
def test_init_raises_for_invalid_signature(self, claims): jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, 'wrong-secret', 'test-audience') assert exc.value.description == 'Invalid grant token signature.'
def test_init_raises_for_none_key(self, claims): jwttok = jwt_token(claims) with pytest.raises(InvalidClientError) as exc: VerifiedJWTGrantToken(jwttok, None, 'test-audience') assert exc.value.description == 'Client is invalid.'
def test_init_raises_for_invalid_aud(self, claims): claims['aud'] = 'different-audience' jwttok = jwt_token(claims) with pytest.raises(InvalidJWTGrantTokenClaimError) as exc: VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert exc.value.description == "Invalid claim 'aud' (audience) in grant token."
def test_init_raises_for_too_long_token_lifetime(self, claims): claims['exp'] = epoch(delta=timedelta(minutes=15)) jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert exc.value.description == 'Grant token lifetime is too long.'
def test_init_raises_for_iat_claim_in_future(self, claims): claims['iat'] = epoch(delta=timedelta(minutes=13)) jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert exc.value.description == 'Grant token issue time (iat) is in the future.'
def test_init_raises_for_nbf_claim_in_future(self, claims): claims['nbf'] = epoch(delta=timedelta(minutes=2)) jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert exc.value.description == 'Grant token is not yet valid.'
def test_init_raises_when_expired_with_leeway(self, claims): claims['exp'] = epoch(delta=timedelta(minutes=-2)) jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert exc.value.description == 'Grant token is expired.'
def test_init_raises_for_missing_claims(self, claims, claim, description): del claims[claim] jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert exc.value.description == "Missing claim '{}' ({}) from grant token.".format( claim, description)
def test_subject_raises_for_empty_sub_claim(self, claims): claims['sub'] = '' jwttok = jwt_token(claims) grant_token = VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') with pytest.raises(InvalidGrantError) as exc: grant_token.subject assert exc.value.description == "Missing claim 'sub' (subject) from grant token."
def test_not_before_returns_nbf_claim(self, claims): now = datetime.utcnow().replace(microsecond=0) delta = timedelta(minutes=-2) claims["nbf"] = epoch(timestamp=now, delta=delta) jwttok = jwt_token(claims) grant_token = VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert grant_token.not_before == (now + delta)
def test_init_raises_for_invalid_timestamp_types(self, claims, claim, description): claims[claim] = 'wut' jwttok = jwt_token(claims) with pytest.raises(InvalidJWTGrantTokenClaimError) as exc: VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert exc.value.description == "Invalid claim '{}' ({}) in grant token.".format( claim, description)
def test_subject_raises_for_missing_sub_claim(self, claims): del claims["sub"] jwttok = jwt_token(claims) grant_token = VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") with pytest.raises(InvalidGrantError) as exc: grant_token.subject assert ( exc.value.description == "Missing claim 'sub' (subject) from grant token." )
def test_expiry_returns_exp_claim(self, claims): now = datetime.utcnow().replace(microsecond=0) delta = timedelta(minutes=2) claims['exp'] = epoch(timestamp=now, delta=delta) jwttok = jwt_token(claims) grant_token = VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert grant_token.expiry == (now + delta)
def test_init_returns_token_when_expired_but_in_leeway(self, claims): claims['exp'] = epoch(delta=timedelta(seconds=-8)) jwttok = jwt_token(claims) VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience')
def test_init_returns_token_when_valid(self, claims): jwttok = jwt_token(claims) actual = VerifiedJWTGrantToken(jwttok, 'top-secret', 'test-audience') assert isinstance(actual, VerifiedJWTGrantToken)