def test_init_token_given(): # Test successful instantiation original_now = aware_utcnow() with patch('taiga.auth.tokens.aware_utcnow') as fake_aware_utcnow: fake_aware_utcnow.return_value = original_now good_token = MyToken() good_token['some_value'] = 'arst' encoded_good_token = str(good_token) now = aware_utcnow() # Create new token from encoded token with patch('taiga.auth.tokens.aware_utcnow') as fake_aware_utcnow: fake_aware_utcnow.return_value = now # Should raise no exception t = MyToken(encoded_good_token) # Should have expected properties assert t.current_time == now assert t.token == encoded_good_token assert len(t.payload) == 4 assert t['some_value'] == 'arst' assert t['exp'] == datetime_to_epoch(original_now + MyToken.lifetime) assert t[api_settings.TOKEN_TYPE_CLAIM] == MyToken.token_type assert 'jti' in t.payload
def test_set_exp(): now = make_utc(datetime(year=2000, month=1, day=1)) token = MyToken() token.current_time = now # By default, should add 'exp' claim to token using `self.current_time` # and the TOKEN_LIFETIME setting token.set_exp() assert token['exp'] == datetime_to_epoch(now + MyToken.lifetime) # Should allow overriding of beginning time, lifetime, and claim name token.set_exp(claim='refresh_exp', from_time=now, lifetime=timedelta(days=1)) assert 'refresh_exp' in token assert token['refresh_exp'] == datetime_to_epoch(now + timedelta(days=1))
def test_decode_rsa_success(): payload['exp'] = aware_utcnow() + timedelta(days=1) payload['foo'] = 'baz' token = jwt.encode(payload, PRIVATE_KEY, algorithm='RS256') # Payload copied payload["exp"] = datetime_to_epoch(payload["exp"]) assert rsa_token_backend.decode(token) == payload
def test_decode_aud_iss_success(): payload['exp'] = aware_utcnow() + timedelta(days=1) payload['foo'] = 'baz' payload['aud'] = AUDIENCE payload['iss'] = ISSUER token = jwt.encode(payload, PRIVATE_KEY, algorithm='RS256') # Payload copied payload["exp"] = datetime_to_epoch(payload["exp"]) assert aud_iss_token_backend.decode(token) == payload
def test_decode_rsa_with_invalid_sig_no_verify(): payload['exp'] = aware_utcnow() + timedelta(days=1) payload['foo'] = 'baz' token = jwt.encode(payload, PRIVATE_KEY, algorithm='RS256') token_payload = token.rsplit('.', 1)[0] token_sig = token.rsplit('.', 1)[-1] invalid_token = token_payload + '.' + token_sig.replace("a", "A") # Payload copied payload["exp"] = datetime_to_epoch(payload["exp"]) assert hmac_token_backend.decode(invalid_token, verify=False) == payload
def test_decode_hmac_with_invalid_sig_no_verify(): payload['exp'] = aware_utcnow() + timedelta(days=1) token_1 = jwt.encode(payload, SECRET, algorithm='HS256') payload['foo'] = 'baz' token_2 = jwt.encode(payload, SECRET, algorithm='HS256') # Payload copied payload["exp"] = datetime_to_epoch(payload["exp"]) token_2_payload = token_2.rsplit('.', 1)[0] token_1_sig = token_1.rsplit('.', 1)[-1] invalid_token = token_2_payload + '.' + token_1_sig assert hmac_token_backend.decode(invalid_token, verify=False) == payload
def test_init_no_token_given(): now = make_utc(datetime(year=2000, month=1, day=1)) with patch('taiga.auth.tokens.aware_utcnow') as fake_aware_utcnow: fake_aware_utcnow.return_value = now t = MyToken() assert t.current_time == now assert t.token is None assert len(t.payload) == 3 assert t.payload['exp'] == datetime_to_epoch(now + MyToken.lifetime) assert 'jti' in t.payload assert t.payload[api_settings.TOKEN_TYPE_CLAIM] == MyToken.token_type