def test_pass_scopes_in_constructor(self): token = ClientCapabilityToken('AC123', 'XXXXX', allow_client_outgoing={ 'application_sid': 'AP123', 'param1': 'val1' }) outgoing_uri = "scope:client:outgoing?appParams=param1%3Dval1&appSid=AP123" result = Jwt.from_jwt(token.to_jwt(), "XXXXX") self.assertEqual(outgoing_uri, result.payload["scope"])
def test_decodes_valid_jwt(self): expiry_time = self.now() + 1000 example_jwt = jwt_lib.encode( {'hello': 'world', 'iss': 'me', 'sub': 'being awesome', 'exp': expiry_time}, 'secret' ) decoded_jwt = Jwt.from_jwt(example_jwt, 'secret') self.assertEqual(decoded_jwt.issuer, 'me') self.assertEqual(decoded_jwt.subject, 'being awesome') self.assertEqual(decoded_jwt.valid_until, expiry_time) self.assertIn('hello', decoded_jwt.payload) self.assertEqual(decoded_jwt.payload['hello'], 'world')
def test_decode(self): token = ClientCapabilityToken("AC123", "XXXXX") token.allow_client_outgoing("AP123", foobar=3) token.allow_client_incoming("andy") token.allow_event_stream() outgoing_uri = "scope:client:outgoing?appParams=foobar%3D3&appSid=AP123&clientName=andy" incoming_uri = "scope:client:incoming?clientName=andy" event_uri = "scope:stream:subscribe?path=%2F2010-04-01%2FEvents" result = Jwt.from_jwt(token.to_jwt(), "XXXXX") scope = result.payload["scope"].split(" ") self.assertIn(outgoing_uri, scope) self.assertIn(incoming_uri, scope) self.assertIn(event_uri, scope)
def test_encode_decode(self): test_start = self.now() jwt = DummyJwt('secret_key', 'issuer', subject='hey', payload={'sick': 'sick'}) decoded_jwt = Jwt.from_jwt(jwt.to_jwt(), 'secret_key') self.assertGreaterEqual(decoded_jwt.valid_until, self.now() + 3600) self.assertGreaterEqual(decoded_jwt.nbf, test_start) self.assertEqual(decoded_jwt.issuer, 'issuer') self.assertEqual(decoded_jwt.secret_key, 'secret_key') self.assertEqual(decoded_jwt.algorithm, 'HS256') self.assertEqual(decoded_jwt.subject, 'hey') self.assertEqual(decoded_jwt.headers, {'typ': 'JWT', 'alg': 'HS256'}) self.assertDictContainsSubset({ 'iss': 'issuer', 'sub': 'hey', 'sick': 'sick', }, decoded_jwt.payload)
def test_jwt_signing(self): vp = ValidationPayload(method='GET', path='/Messages', query_string='PageSize=5&Limit=10', signed_headers=['authorization', 'host'], all_headers={ 'authorization': 'foobar', 'host': 'api.twilio.com' }, body='foobar') expected_hash = '4dc9b67bed579647914587b0e22a1c65c1641d8674797cd82de65e766cce5f80' private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend()) public_key = private_key.public_key().public_bytes( Encoding.PEM, PublicFormat.PKCS1) private_key = private_key.private_bytes(Encoding.PEM, PrivateFormat.PKCS8, NoEncryption()) jwt = ClientValidationJwt('AC123', 'SK123', 'CR123', private_key, vp) decoded = Jwt.from_jwt(jwt.to_jwt(), public_key) self.assertDictContainsSubset( { 'hrh': 'authorization;host', 'rqh': expected_hash, 'iss': 'SK123', 'sub': 'AC123', }, decoded.payload) self.assertGreaterEqual(decoded.payload['exp'], time.time(), 'JWT exp is before now') self.assertLessEqual(decoded.payload['exp'], time.time() + 501, 'JWT exp is after now + 5m') self.assertDictEqual( { 'alg': 'RS256', 'typ': 'JWT', 'cty': 'twilio-pkrv;v=1', 'kid': 'CR123' }, decoded.headers)
def test_jwt_signing(self): vp = ValidationPayload( method='GET', path='/Messages', query_string='PageSize=5&Limit=10', signed_headers=['authorization', 'host'], all_headers={'authorization': 'foobar', 'host': 'api.twilio.com'}, body='foobar' ) expected_hash = '4dc9b67bed579647914587b0e22a1c65c1641d8674797cd82de65e766cce5f80' private_key = rsa.generate_private_key( public_exponent=65537, key_size=2048, backend=default_backend() ) public_key = private_key.public_key().public_bytes(Encoding.PEM, PublicFormat.PKCS1) private_key = private_key.private_bytes(Encoding.PEM, PrivateFormat.PKCS8, NoEncryption()) jwt = ClientValidationJwt('AC123', 'SK123', 'CR123', private_key, vp) decoded = Jwt.from_jwt(jwt.to_jwt(), public_key) self.assertDictContainsSubset({ 'hrh': 'authorization;host', 'rqh': expected_hash, 'iss': 'SK123', 'sub': 'AC123', }, decoded.payload) self.assertGreaterEqual(decoded.payload['exp'], time.time(), 'JWT exp is before now') self.assertLessEqual(decoded.payload['exp'], time.time() + 501, 'JWT exp is after now + 5m') self.assertDictEqual({ 'alg': 'RS256', 'typ': 'JWT', 'cty': 'twilio-pkrv;v=1', 'kid': 'CR123' }, decoded.headers)
def test_decode_allows_skip_verification(self): jwt = DummyJwt('secret', 'issuer', payload={'get': 'rekt'}) decoded_jwt = Jwt.from_jwt(jwt.to_jwt(), key=None) self.assertEqual(decoded_jwt.issuer, 'issuer') self.assertEqual(decoded_jwt.payload['get'], 'rekt') self.assertIsNone(decoded_jwt.secret_key)