def test_missing_other_token_fields(client, bad_token):
# this test is for if any fields in the token
# that are NOT checked by PyJWT are missing
# ex: 'sub', 'user'
auth_header = {'Authorization': create_token(bad_token)}
response = client.post(test_url,
headers=auth_header,
json=valid_data,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
response = client.put(f'{test_url}/1',
headers=auth_header,
json={'color': 'purple'},
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
response = client.delete(f'{test_url}/1',
headers=auth_header,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert response.json['description'] == 'Invalid JWT Credentials'
def test_auth_file_invalid(make_client):
# create temp file
empty_file = Path('./empty.txt')
empty_file.touch()
assert empty_file.exists()
# set service to use temp file as auth public key
api = create_custom_auth_setup_api({'public_key': empty_file})
client = make_client(api)
# fail on attempt to use a valid token
response = client.post(
'/v1/potions/types',
headers={'Authorization': create_token(token, adjust_times=True)},
json={
'related_stat': 'Health',
'color': 'red'
},
as_response=True)
assert response.status_code == 401
assert response.json[
'description'] == 'Error Decoding Token: Unable to Read Key. Contact System Admin.'
# remove temp file
empty_file.unlink()
assert not empty_file.exists()
def test_valid_auth_token(client):
delete_all()
response = client.post(
test_url,
headers={'Authorization': create_token(token, adjust_times=True)},
json=valid_data,
as_response=True)
assert response.status_code == 201
delete_all()
def test_bearer_case_insensitive(client, bearer_case):
delete_all()
token_value = create_token(token,
adjust_times=True)[7:] # removes 'Bearer '
response = client.post(
test_url,
headers={'Authorization': f'{bearer_case} {token_value}'},
json=valid_data,
as_response=True)
assert response.status_code == 201
def test_valid_no_auth_routes(client, url):
delete_all()
# valid header
response = client.get(
url,
headers={'Authorization': create_token(token, adjust_times=True)},
as_response=True)
assert response.status_code == 200
# invalid header
response = client.get(url,
headers={'Authorization': 'notvalid'},
as_response=True)
assert response.status_code == 200
# no header
response = client.get(url, as_response=True)
assert response.status_code == 200
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
response = client.delete(f'{test_url}/1',
headers=bad_token,
as_response=True)
assert response.status_code == 401
assert response.json['title'] == '401 Unauthorized'
assert 'Error Decoding Token' in response.json['description']
@pytest.mark.parametrize('bad_token', [
create_token({
'sub': '1234567890',
'name': 'Jane Doe',
'admin': True
}),
create_token({
'sub': '1234567890',
'name': 'Jane Doe',
'admin': True,
'iat': 1516239022,
'nbf': 1588115206
}),
create_token({
'sub': '1234567890',
'name': 'Jane Doe',
'admin': True,
'iat': 1516239022,
'exp': 1588116029,
import copy
import pytest
from tests.helpers.temp_application import client
from tests.helpers.data_manager import prepopulate
from tests.helpers.data_manager import delete_all
from tests.helpers.auth_token import create_token, token
# token only required on non-GET requests
valid_token = {'Authorization': create_token(token)}
POTIONS = '/v1/potions'
POTION_TYPE = '/v1/potions/types'
POTENCY = '/v1/potions/potency'
INVENTORY = '/v1/inventory'
EMPTY = []
def test_delete_all_helper(client):
# starts empty
resp = client.get(POTION_TYPE, as_response=True)
assert resp.status_code == 200
if resp.json['results']:
delete_all()
resp = client.get(POTION_TYPE, as_response=True)
assert resp.status_code == 200
assert resp.json['results'] == EMPTY
# add some potions
client.post(POTION_TYPE,