def test_require_jwt_decorator(self):
mock = Mock(return_value="success")
mock.__name__ = 'test_mock'
mock_fn = jwt.require_jwt(mock)
bad_header = {
"Authorization": "Bearer this-is-not-a-token"
}
nobearer_header = {
"Authorization": "this-is-not-a-token"
}
token = jwt.create_token_for_user(self.default_user)
with self.app.test_request_context(headers=bad_header):
res = mock_fn()
self.assertEqual(401, res.status_code)
with self.app.test_request_context(headers=nobearer_header):
res = mock_fn()
self.assertEqual(401, res.status_code)
with self.app.test_request_context():
res = mock_fn()
self.assertEqual(401, res.status_code)
good_header = {
"Authorization": "Bearer %s" % token
}
with self.app.test_request_context(headers=good_header):
res = mock_fn()
self.assertEqual("success", res)
def setUp(self):
super(BaseTestCase, self).setUp()
self.app = create_app(config.Testing)
self.app_context = self.app.app_context()
self.client = self.app.test_client()
self.app_context.push()
self.db = db
self.db.drop_all()
self.db.create_all()
self.user = dict(
username="******",
password="******",
first_name="Test",
last_name="User",
_admin=True
)
self.document = dict(
title="This is a Test Title",
body="Body Body Body, likeasomebody"
)
self.tag = {"title": "TAGGY"}
self.default_user = User.create(self.user)
self.default_document = Document.create(self.document)
self.default_document.user = self.default_user
self.tag = Tag.create(self.tag)
self.tag.user = self.default_user
self.default_document.tags.append(self.tag)
self.db.session.commit()
self.redis_store = RedisStore(store=FakeStrictRedis, name='test')
token = jwt.create_token_for_user(self.default_user)
self.headers = [
('Content-Type', 'application/json'),
('Authorization', 'Bearer %s' % token)
]
def setUp(self):
super(BaseTestCase, self).setUp()
self.app = create_app(config.Testing)
self.app_context = self.app.app_context()
self.client = self.app.test_client()
self.app_context.push()
self.db = db
self.db.drop_all()
self.db.create_all()
self.user = dict(username="******",
password="******",
first_name="Test",
last_name="User",
_admin=True)
self.document = dict(title="This is a Test Title",
body="Body Body Body, likeasomebody")
self.tag = {"title": "TAGGY"}
self.default_user = User.create(self.user)
self.default_document = Document.create(self.document)
self.default_document.user = self.default_user
self.tag = Tag.create(self.tag)
self.tag.user = self.default_user
self.default_document.tags.append(self.tag)
self.db.session.commit()
self.redis_store = RedisStore(store=FakeStrictRedis, name='test')
token = jwt.create_token_for_user(self.default_user)
self.headers = [('Content-Type', 'application/json'),
('Authorization', 'Bearer %s' % token)]
def test_verify_token(self):
good_token = jwt.create_token_for_user(self.default_user)
succ, payload = jwt.verify_token(good_token)
self.assertTrue(succ)
self.assertEqual(payload.get('first_name'), 'Test')
succ, bad_payload = jwt.verify_token("lsdkjfdskjfs")
self.assertFalse(succ)
self.assertIn("tampered", bad_payload)
def test_verify_token(self):
good_token = jwt.create_token_for_user(self.default_user)
succ, payload = jwt.verify_token(good_token)
self.assertTrue(succ)
self.assertEqual(payload.get('first_name'), 'Test')
succ, bad_payload = jwt.verify_token("lsdkjfdskjfs")
self.assertFalse(succ)
self.assertIn("tampered", bad_payload)
def auth_login():
data = request.get_json()
username = data.get('username')
password = data.get('password')
user = User.query.filter_by(username=username).first()
xhr = MakeResponse(200)
if user and user.authenticate(password):
token = jwt.create_token_for_user(user)
res = dict(access_token=token)
xhr.set_body(res)
return xhr.response
else:
xhr.set_error(401, {"error": "Trouble authenticating"})
return xhr.response
def auth_login():
data = request.get_json()
username = data.get('username')
password = data.get('password')
user = User.query.filter_by(username=username).first()
xhr = MakeResponse(200)
if user and user.authenticate(password):
token = jwt.create_token_for_user(user)
res = dict(access_token=token)
xhr.set_body(res)
return xhr.response
else:
xhr.set_error(401, {"error": "Trouble authenticating"})
return xhr.response
def refresh_auth_token():
data = request.get_json()
agent = request.headers.get('User-Agent')
refresh_token = data.get('refresh_token')
user = api.helpers.get_user()
user_id = user.id
xhr = MakeResponse(200)
if jwt.verify_refresh_token(refresh_token, user_id, agent):
token = jwt.create_token_for_user(user)
xhr.set_body(dict(access_token=token))
return xhr.response
xhr.set_error(
401, "Could not refresh, please try logging out and logging back in.")
return xhr.response
def refresh_auth_token():
data = request.get_json()
agent = request.headers.get('User-Agent')
refresh_token = data.get('refresh_token')
user = api.helpers.get_user()
user_id = user.id
xhr = MakeResponse(200)
if jwt.verify_refresh_token(refresh_token, user_id, agent):
token = jwt.create_token_for_user(user)
xhr.set_body(dict(access_token=token))
return xhr.response
xhr.set_error(
401,
"Could not refresh, please try logging out and logging back in."
)
return xhr.response
def test_require_jwt_decorator(self):
mock = Mock(return_value="success")
mock.__name__ = 'test_mock'
mock_fn = jwt.require_jwt(mock)
bad_header = {"Authorization": "Bearer this-is-not-a-token"}
nobearer_header = {"Authorization": "this-is-not-a-token"}
token = jwt.create_token_for_user(self.default_user)
with self.app.test_request_context(headers=bad_header):
res = mock_fn()
self.assertEqual(401, res.status_code)
with self.app.test_request_context(headers=nobearer_header):
res = mock_fn()
self.assertEqual(401, res.status_code)
with self.app.test_request_context():
res = mock_fn()
self.assertEqual(401, res.status_code)
good_header = {"Authorization": "Bearer %s" % token}
with self.app.test_request_context(headers=good_header):
res = mock_fn()
self.assertEqual("success", res)
def test_create_token_for_user(self):
token = jwt.create_token_for_user(self.default_user)
self.assertGreater(len(token), 20)
def test_create_token_for_user(self):
token = jwt.create_token_for_user(self.default_user)
self.assertGreater(len(token), 20)
