def test_init_token_given():
# Test successful instantiation
original_now = aware_utcnow()
with patch('taiga.auth.tokens.aware_utcnow') as fake_aware_utcnow:
fake_aware_utcnow.return_value = original_now
good_token = MyToken()
good_token['some_value'] = 'arst'
encoded_good_token = str(good_token)
now = aware_utcnow()
# Create new token from encoded token
with patch('taiga.auth.tokens.aware_utcnow') as fake_aware_utcnow:
fake_aware_utcnow.return_value = now
# Should raise no exception
t = MyToken(encoded_good_token)
# Should have expected properties
assert t.current_time == now
assert t.token == encoded_good_token
assert len(t.payload) == 4
assert t['some_value'] == 'arst'
assert t['exp'] == datetime_to_epoch(original_now + MyToken.lifetime)
assert t[api_settings.TOKEN_TYPE_CLAIM] == MyToken.token_type
assert 'jti' in t.payload
def test_set_exp():
now = make_utc(datetime(year=2000, month=1, day=1))
token = MyToken()
token.current_time = now
# By default, should add 'exp' claim to token using `self.current_time`
# and the TOKEN_LIFETIME setting
token.set_exp()
assert token['exp'] == datetime_to_epoch(now + MyToken.lifetime)
# Should allow overriding of beginning time, lifetime, and claim name
token.set_exp(claim='refresh_exp',
from_time=now,
lifetime=timedelta(days=1))
assert 'refresh_exp' in token
assert token['refresh_exp'] == datetime_to_epoch(now + timedelta(days=1))
def test_decode_rsa_success():
payload['exp'] = aware_utcnow() + timedelta(days=1)
payload['foo'] = 'baz'
token = jwt.encode(payload, PRIVATE_KEY, algorithm='RS256')
# Payload copied
payload["exp"] = datetime_to_epoch(payload["exp"])
assert rsa_token_backend.decode(token) == payload
def test_decode_aud_iss_success():
payload['exp'] = aware_utcnow() + timedelta(days=1)
payload['foo'] = 'baz'
payload['aud'] = AUDIENCE
payload['iss'] = ISSUER
token = jwt.encode(payload, PRIVATE_KEY, algorithm='RS256')
# Payload copied
payload["exp"] = datetime_to_epoch(payload["exp"])
assert aud_iss_token_backend.decode(token) == payload
def test_decode_rsa_with_invalid_sig_no_verify():
payload['exp'] = aware_utcnow() + timedelta(days=1)
payload['foo'] = 'baz'
token = jwt.encode(payload, PRIVATE_KEY, algorithm='RS256')
token_payload = token.rsplit('.', 1)[0]
token_sig = token.rsplit('.', 1)[-1]
invalid_token = token_payload + '.' + token_sig.replace("a", "A")
# Payload copied
payload["exp"] = datetime_to_epoch(payload["exp"])
assert hmac_token_backend.decode(invalid_token, verify=False) == payload
def test_decode_hmac_with_invalid_sig_no_verify():
payload['exp'] = aware_utcnow() + timedelta(days=1)
token_1 = jwt.encode(payload, SECRET, algorithm='HS256')
payload['foo'] = 'baz'
token_2 = jwt.encode(payload, SECRET, algorithm='HS256')
# Payload copied
payload["exp"] = datetime_to_epoch(payload["exp"])
token_2_payload = token_2.rsplit('.', 1)[0]
token_1_sig = token_1.rsplit('.', 1)[-1]
invalid_token = token_2_payload + '.' + token_1_sig
assert hmac_token_backend.decode(invalid_token, verify=False) == payload
def test_init_no_token_given():
now = make_utc(datetime(year=2000, month=1, day=1))
with patch('taiga.auth.tokens.aware_utcnow') as fake_aware_utcnow:
fake_aware_utcnow.return_value = now
t = MyToken()
assert t.current_time == now
assert t.token is None
assert len(t.payload) == 3
assert t.payload['exp'] == datetime_to_epoch(now + MyToken.lifetime)
assert 'jti' in t.payload
assert t.payload[api_settings.TOKEN_TYPE_CLAIM] == MyToken.token_type