def test_secure_cookie(): policy = JWTCookieAuthenticationPolicy("secret", https_only=True) dummy_request = Request.blank("/") _, cookie = policy.remember(dummy_request, str(uuid.uuid4())).pop() assert "; secure;" in cookie assert "; HttpOnly" in cookie
def test_cookie_name(principal): dummy_request = Request.blank("/") policy = JWTCookieAuthenticationPolicy("secret", cookie_name="auth") token = policy.create_token(principal) _, cookie = policy.remember(dummy_request, token).pop() name, value = cookie.split("=", 1) assert name == "auth"
def test_insecure_cookie(principal): dummy_request = Request.blank("/") policy = JWTCookieAuthenticationPolicy("secret", https_only=False) token = policy.create_token(principal) _, cookie = policy.remember(dummy_request, token).pop() assert "; secure;" not in cookie assert "; HttpOnly" in cookie
def test_cookie(dummy_request, principal): policy = JWTCookieAuthenticationPolicy("secret") cookie = policy.remember(dummy_request, principal).pop() assert len(cookie) == 2 header, cookie = cookie assert header == "Set-Cookie" assert len(cookie) > 0
def test_cookie_max_age(principal): dummy_request = Request.blank("/") policy = JWTCookieAuthenticationPolicy("secret", cookie_name="auth", expiration=100) _, cookie = policy.remember(dummy_request, principal).pop() _, value = cookie.split("=", 1) _, meta = value.split(";", 1) assert "Max-Age=100" in meta assert "expires" in meta
def test_insecure_cookie_policy(): policy = JWTCookieAuthenticationPolicy("secret", https_only=False) request = Request.blank("/") headers = policy.forget(request) _, cookie = headers[0] chunks = cookie.split("; ") assert "secure" not in chunks
def test_cookie_policy_max_age(): expiry = timedelta(seconds=10) policy = JWTCookieAuthenticationPolicy("secret", expiration=expiry) request = Request.blank("/") headers = policy.forget(request) _, cookie = headers[0] chunks = cookie.split("; ") assert "Max-Age=10" not in chunks
def test_cookie(principal): dummy_request = Request.blank("/") policy = JWTCookieAuthenticationPolicy("secret") token = policy.create_token(principal) cookie = policy.remember(dummy_request, token).pop() assert len(cookie) == 2 header, cookie = cookie assert header == "Set-Cookie" assert len(cookie) > 0
def test_cookie_decode(dummy_request, principal): policy = JWTCookieAuthenticationPolicy("secret", https_only=False) header, cookie = policy.remember(dummy_request, principal).pop() name, value = cookie.split("=", 1) value, _ = value.split(";", 1) dummy_request.cookies = {name: value} claims = policy.get_claims(dummy_request) assert claims["sub"] == principal
def test_cookie_policy_custom_domain_list(): policy = JWTCookieAuthenticationPolicy("secret") request = Request.blank("/") domains = [request.domain, "other"] headers = policy.remember(request, "user", domains=domains) assert len(headers) == 2 _, cookie1 = headers[0] _, cookie2 = headers[1] assert f"Domain={request.domain}" in cookie1 assert f"Domain=other" in cookie2
def test_invalid_cookie_reissue(principal): dummy_request = Request.blank("/") policy = JWTCookieAuthenticationPolicy("secret", https_only=False, reissue_time=10) token = "invalid value" header, cookie = policy.remember(dummy_request, token).pop() name, value = cookie.split("=", 1) value, _ = value.split(";", 1) dummy_request.cookies = {name: value} claims = policy.get_claims(dummy_request) assert not claims
def test_cookie_policy_remember(): policy = JWTCookieAuthenticationPolicy("secret") request = Request.blank("/") headers = policy.remember(request, "user") header, cookie = headers[0] assert header.lower() == "set-cookie" chunks = cookie.split("; ") assert chunks[0].startswith(f"{policy.cookie_name}=") assert "HttpOnly" in chunks assert "secure" in chunks
def test_cookie_policy_forget(): policy = JWTCookieAuthenticationPolicy("secret") request = Request.blank("/") headers = policy.forget(request) header, cookie = headers[0] assert header.lower() == "set-cookie" chunks = cookie.split("; ") cookie_values = [c for c in chunks if "=" in c] assert cookie_values[0].startswith(f"{policy.cookie_name}=") assert "Max-Age=0" in chunks assert hasattr(request, "_jwt_cookie_reissue_revoked")
def test_expired_token(dummy_request, principal, freezer): policy = JWTCookieAuthenticationPolicy("secret", cookie_name="auth", expiration=1) _, cookie = policy.remember(dummy_request, principal).pop() name, value = cookie.split("=", 1) freezer.tick(delta=2) value, _ = value.split(";", 1) dummy_request.cookies = {name: value} claims = policy.get_claims(dummy_request) assert claims == {}
def test_cookie_policy_creation(): token_policy = JWTAuthenticationPolicy("secret") request = Request.blank("/") cookie_policy = JWTCookieAuthenticationPolicy.make_from(token_policy) headers = cookie_policy.remember(request, "user") assert isinstance(headers, list) assert len(headers) == 1
def test_insecure_cookie(dummy_request, principal): policy = JWTCookieAuthenticationPolicy("secret", https_only=False) _, cookie = policy.remember(dummy_request, principal).pop() assert "; secure;" not in cookie assert "; HttpOnly" in cookie
def test_cookie_policy_creation_fail(): with pytest.raises(ValueError) as e: JWTCookieAuthenticationPolicy.make_from(object()) assert "Invalid policy type" in str(e.value)
def test_interface(): verifyObject(IAuthenticationPolicy, JWTCookieAuthenticationPolicy("secret"))
def test_cookie_name(dummy_request, principal): policy = JWTCookieAuthenticationPolicy("secret", cookie_name="auth") _, cookie = policy.remember(dummy_request, principal).pop() name, value = cookie.split("=", 1) assert name == "auth"