def test_auth_verify_bearer_expired_token(self): settings = get_settings() keyset = get_keyset() kid = "2aedafba-8170-4064-b704-ce92b7c89cc6" key = keyset.get_key(kid) exp_time = round(time.time()) - 1000 for user_id_field in settings['USER_ID_FIELDS']: token = jwt.JWT(header={ "kid": kid, "alg": "ES256" }, claims={ 'exp': exp_time, user_id_field: '*****@*****.**' }) token.make_signed_token(key) bearer = 'Bearer {}'.format(token.serialize()) with self.assertRaises(AuthenticationFailed) as cm: decoded_claims, user_id = JWTAccessToken.token_data( bearer, True) e = cm.exception self.assertTrue( str(e).startswith('API authz problem: token expired'))
def test_user_not_in_cache(self, mock_cache, mock_request, mock_token_data): mock_request.is_authorized_for.return_value = True settings = get_settings() claims = {settings['USER_ID_FIELD']: self.superuser.username} mock_token_data.return_value = claims, self.superuser.username mock_cache.get.return_value = None user, scope = JWTAuthBackend.authenticate(mock_request) self.assertEqual(user.username, self.superuser.username)
def test_with_scope_correct_user(self, mocked_cache, mock_token_data): jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True settings = get_settings() claims = {settings['USER_ID_FIELD']: '*****@*****.**'} mock_token_data.return_value = claims, '*****@*****.**' user, scope = jwt_auth_backend.authenticate(mocked_request) self.assertEqual(user, self.normal_user)
def test_user_invalid_scope(self, mock_cache, mock_request, mock_token_data): mock_request.is_authorized_for.return_value = False settings = get_settings() claims = {settings['USER_ID_FIELD']: self.superuser.username} mock_token_data.return_value = claims, self.superuser.username mock_cache.get.return_value = None with self.assertRaises(AuthenticationFailed) as cm: JWTAuthBackend.authenticate(mock_request) e = cm.exception self.assertEqual(str(e), 'No token or required scope')
def test_user_does_not_exists(self, mock_cache, mock_request, mock_token_data): mock_request.is_authorized_for.return_value = True settings = get_settings() claims = {settings['USER_ID_FIELD']: 'idonotexist'} mock_token_data.return_value = claims, 'idonotexist' mock_cache.get.return_value = None with self.assertRaises(AuthenticationFailed) as cm: JWTAuthBackend.authenticate(mock_request) e = cm.exception self.assertEqual(str(e), 'User {} is not authorized'.format('idonotexist'))
def test_with_scope_wrong_user_cache_hit(self, mocked_user_model, mocked_cache, mock_token_data): jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True settings = get_settings() claims = {settings['USER_ID_FIELD']: '*****@*****.**'} mock_token_data.return_value = claims, '*****@*****.**' mocked_cache.get.return_value = backend.USER_DOES_NOT_EXIST with self.assertRaises(exceptions.AuthenticationFailed): jwt_auth_backend.authenticate(mocked_request) mocked_cache.get.assert_called_once_with('*****@*****.**') mocked_user_model.objects.get.assert_not_called()
def test_auth_verify_bearer_token(self): settings = get_settings() keyset = get_keyset() kid = "2aedafba-8170-4064-b704-ce92b7c89cc6" key = keyset.get_key(kid) token = jwt.JWT(header={ "kid": kid, "alg": "ES256" }, claims={settings['USER_ID_FIELD']: "*****@*****.**"}) token.make_signed_token(key) bearer = token.serialize() decoded_claims, user_id = JWTAccessToken.token_data( 'Bearer {}'.format(bearer), True) self.assertEqual(user_id, "*****@*****.**")
def test_with_scope_wrong_user_cache_miss(self, mocked_cache, mock_token_data): jwt_auth_backend = backend.JWTAuthBackend() mocked_request = mock.Mock() mocked_request.is_authorized_for.return_value = True settings = get_settings() for user_id_fields in settings['USER_ID_FIELDS']: claims = {user_id_fields: '*****@*****.**'} mock_token_data.return_value = claims, '*****@*****.**' mocked_cache.get.return_value = None with self.assertRaises(exceptions.AuthenticationFailed): jwt_auth_backend.authenticate(mocked_request) mocked_cache.get.assert_called_once_with('*****@*****.**') mocked_cache.set.assert_called_once_with( '*****@*****.**', backend.USER_DOES_NOT_EXIST, 5 * 60 ) mocked_cache.reset_mock()