def test_from_settings_with_RSA_public_private_key(self): self.assertEqual(self.policy.algorithm, 'RS256') self.assertEqual(self.policy.master_secret, None) # from Crypto.PublicKey import RSA with open('pyramid_jwtauth/tests/testkey', 'r') as rsa_priv_file: private_key = rsa_priv_file.read() self.assertEqual(self.policy.private_key, private_key) with open('pyramid_jwtauth/tests/testkey.pub', 'r') as rsa_pub_file: public_key = rsa_pub_file.read() self. assertEqual(self.policy.public_key, public_key) self.assertNotEqual(private_key, public_key) req = self._make_request("/auth") claims = make_claims(userid="*****@*****.**") jwt_authenticate_request(req, claims, private_key, 'RS256') token = pyramid_jwtauth.utils.parse_authz_header(req)["token"] userid = self.policy.authenticated_userid(req) self.assertEqual(userid, "*****@*****.**") import jwt payload = jwt.decode(token, key=public_key, verify=True) self.assertIn('sub', payload) self.assertEqual(payload['sub'], "*****@*****.**") r = self.app.request(req) self.assertEqual(r.body, b"*****@*****.**")
def test_from_settings_with_RSA_public_private_key(self): self.assertEqual(self.policy.algorithm, 'RS256') self.assertEqual(self.policy.master_secret, None) # from Crypto.PublicKey import RSA with open('pyramid_jwtauth/tests/testkey', 'r') as rsa_priv_file: private_key = rsa_priv_file.read() self.assertEqual(self.policy.private_key, private_key) with open('pyramid_jwtauth/tests/testkey.pub', 'r') as rsa_pub_file: public_key = rsa_pub_file.read() self.assertEqual(self.policy.public_key, public_key) self.assertNotEqual(private_key, public_key) req = self._make_request("/auth") claims = make_claims(userid="*****@*****.**") jwt_authenticate_request(req, claims, private_key, 'RS256') token = pyramid_jwtauth.utils.parse_authz_header(req)["token"] userid = self.policy.authenticated_userid(req) self.assertEqual(userid, "*****@*****.**") import jwt payload = jwt.decode(token, key=public_key, verify=True) self.assertIn('sub', payload) self.assertEqual(payload['sub'], "*****@*****.**") r = self.app.request(req) self.assertEqual(r.body, b"*****@*****.**")
def test_decode_passes_with_override_on_aud_claim(self): self.setup_helper({ "jwtauth.find_groups": "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups", "jwtauth.master_secret": MASTER_SECRET, "jwtauth.disable_verify_aud": True,}) # make a token with an audience claim claims = make_claims('user1', claims={'aud': 'me'}) req = self._make_request("/auth") jwt_authenticate_request(req, claims, MASTER_SECRET) token = pyramid_jwtauth.utils.parse_authz_header(req)["token"] userid = self.policy.authenticated_userid(req) self.assertEqual(userid, "user1")
def test_decode_fails_no_override_on_aud_claim(self): self.setup_helper({ "jwtauth.find_groups": "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups", "jwtauth.master_secret": MASTER_SECRET,}) # make a token with an audience claim claims = make_claims('user1', claims={'aud': 'me'}) req = self._make_request("/auth") jwt_authenticate_request(req, claims, MASTER_SECRET) token = pyramid_jwtauth.utils.parse_authz_header(req)["token"] from jwt.exceptions import InvalidAudienceError with self.assertRaises(InvalidAudienceError): userid = self.policy.authenticated_userid(req)
def _make_authenticated_request(self, userid, *args, **kwds): claims = None if 'claims' in kwds: claims = kwds['claims'] del kwds['claims'] req = self._make_request(*args, **kwds) # creds = self._get_credentials(req, userid=userid) claims = make_claims(userid=userid, claims=claims) # jwt_authenticate_request(req, **creds) # note jwt_authenticate_request() returns headers if wanted jwt_authenticate_request(req, claims, MASTER_SECRET) return req
def test_decode_passes_with_override_on_aud_claim(self): self.setup_helper({ "jwtauth.find_groups": "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups", "jwtauth.master_secret": MASTER_SECRET, "jwtauth.disable_verify_aud": True, }) # make a token with an audience claim claims = make_claims('user1', claims={'aud': 'me'}) req = self._make_request("/auth") jwt_authenticate_request(req, claims, MASTER_SECRET) token = pyramid_jwtauth.utils.parse_authz_header(req)["token"] userid = self.policy.authenticated_userid(req) self.assertEqual(userid, "user1")
def test_decode_fails_no_override_on_aud_claim(self): self.setup_helper({ "jwtauth.find_groups": "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups", "jwtauth.master_secret": MASTER_SECRET, }) # make a token with an audience claim claims = make_claims('user1', claims={'aud': 'me'}) req = self._make_request("/auth") jwt_authenticate_request(req, claims, MASTER_SECRET) token = pyramid_jwtauth.utils.parse_authz_header(req)["token"] from jwt.exceptions import InvalidAudienceError with self.assertRaises(InvalidAudienceError): userid = self.policy.authenticated_userid(req)