def test_jwt_encode() -> None:
payload = {'email': '*****@*****.**'}
token = jwt.encode(payload, 'jwt-secret', algorithm='HS256').decode(encoding='UTF-8')
secret = 'jwt-secret'
encoded_jwt = JWT.encode(payload=payload, secret=secret)
assert encoded_jwt == token
encoded_jwt = JWT.encode(payload=payload, secret=secret, algorithm='HS512')
assert encoded_jwt != token
token = jwt.encode(payload, 'jwt-secret', algorithm='HS512').decode(encoding='UTF-8')
assert encoded_jwt == token
def test_authenticate_fails_without_valid_date_payload(user, ss):
perimed_jwt = JWT.encode(
get_payload(user, {'seconds': -8}), settings['JWT']['SECRET'])
header = "Bearer " + perimed_jwt
engine = MapistarJWTAuthentication()
with pytest.raises(AuthenticationFailed):
engine.authenticate(header, settings, ss)
def testautheticate_pass_with_valid_jwt(user, ss):
valid_jwt = JWT.encode(
get_payload(user, {'seconds': 8}), settings['JWT']['SECRET'])
header = "Bearer " + valid_jwt
engine = MapistarJWTAuthentication()
authed = engine.authenticate(header, settings, ss)
assert authed.user == user
def login(credentials: LoginSchema, jwt: JWT) -> str:
"""
View d'authentification
Args:
credentials: credentials username/password
jwt: JWT componement pour l'encodage du payload
Toutes les erreurs "raise"
Returns:
token
"""
user = User.get(username=credentials["username"])
if not user or not user.check_password(credentials["password"]):
raise exceptions.Forbidden("Incorrect username or password.")
if not user.actif:
raise exceptions.Forbidden("Utilisateur inactif")
payload = {
"id": user.id,
"username": user.username,
"iat": pendulum.now(),
"exp": pendulum.now() + pendulum.Duration(seconds=1000),
}
token = jwt.encode(payload)
if token is None:
raise exceptions.ConfigurationError("échec de l'encodage jwt")
return token
def test_misconfigured_jwt_settings() -> None:
settings = Settings({
'JWT': {},
})
token = 'abc'
with pytest.raises(exceptions.ConfigurationError):
JWT(token=token, settings=settings)
def test_invalid_user(ss):
a = MagicMock()
a.id = 35135135135151
valid_jwt = JWT.encode(
get_payload(a, {'seconds': 8}), settings['JWT']['SECRET'])
header = "Bearer " + valid_jwt
engine = MapistarJWTAuthentication()
with pytest.raises(BadRequest):
engine.authenticate(header, settings, ss)
def test_user_is_not_active(user, ss):
valid_jwt = JWT.encode(
get_payload(user, {'seconds': 8}), settings['JWT']['SECRET'])
header = "Bearer " + valid_jwt
user.is_active = False
user.save()
engine = MapistarJWTAuthentication()
with pytest.raises(Forbidden):
engine.authenticate(header, settings, ss)
def client(user):
"""
Authenticated client
"""
SECRET = settings['JWT'].get('SECRET')
token = JWT.encode(get_payload(user, {'seconds': 60}), secret=SECRET)
c = TestClient(app_fix())
c.headers['Authorization'] = "Bearer " + token
return c
def login(user: str, pwd: str, settings: Settings) -> Response:
user_logged = authenticate(username=user, password=pwd)
if not user_logged:
raise Forbidden("Utilisateur inactif, mauvais login/mot de passe")
SECRET = settings['JWT'].get('SECRET')
payload = get_payload(user_logged, settings['JWT'].get('PAYLOAD_DURATION'))
token = JWT.encode(payload, secret=SECRET)
return Response({'token': token}, status=201)
def login(user: str, pwd: str, settings: Settings) -> dict:
# do some check with your database here to see if the user is authenticated
if user != USER['user'] or pwd != USER['pwd']:
raise Forbidden('invalid credentials')
SECRET = settings['JWT'].get('SECRET')
payload = {
'username': user,
'iat': datetime.datetime.utcnow(),
'exp': datetime.datetime.utcnow() +
datetime.timedelta(minutes=60) # ends in 60 minutes
}
token = JWT.encode(payload, secret=SECRET)
return {'token': token}
def test_payload_returned_is_empty(user, ss, monkeypatch):
def return_empty_dict(*args):
a = MagicMock()
a.payload = {}
return a
monkeypatch.setattr('users.authentication.get_jwt', return_empty_dict)
valid_jwt = JWT.encode(
get_payload(user, {'seconds': 8}), settings['JWT']['SECRET'])
header = "Bearer " + valid_jwt
engine = MapistarJWTAuthentication()
with pytest.raises(AuthenticationFailed):
engine.authenticate(header, settings, ss)
def login(data: UserData, jwt: JWT) -> dict:
# do some check with your database here to see if the user is authenticated
if data.email != USERS_DB['email'] or data.password != USERS_DB['password']:
raise exceptions.Forbidden('Incorrect username or password.')
payload = {
'id': USERS_DB['id'],
'username': USERS_DB['email'],
'iat': datetime.datetime.utcnow(),
'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=60) # ends in 60 minutes
}
token = jwt.encode(payload)
if token is None:
# encoding failed, handle error
raise exceptions.BadRequest()
return {'token': token}
def test_no_secret_passed_to_encode() -> None:
payload = {'some': 'payload'}
with pytest.raises(exceptions.ConfigurationError):
JWT.encode(payload=payload)
def test_unknown_algorithm_passed_to_encode() -> None:
payload = {'some': 'payload'}
with pytest.raises(exceptions.ConfigurationError):
JWT.encode(payload=payload, secret='jwt-secret', algorithm='unknown-algorithm')
)
from mapistar.components import UserComponent
from mapistar.patients import routes_patients
from mapistar.permissions import ActesPermissionsComponent, IsAuthenticated
from mapistar.theso import routes_theso
from mapistar.users import routes_users
from mapistar.utils import check_config
check_config(settings)
routes = [
routes_patients,
routes_observations,
routes_ordonnances,
routes_medicaments,
routes_theso,
routes_users,
]
components = [JWT(settings.JWT), ActesPermissionsComponent(), UserComponent()]
app = App(
routes=routes,
components=components,
event_hooks=[PonyDBSession(), IsAuthenticated()],
schema_url="/schemas/",
)
"""
curl -H "Content-Type: application/json" -X POST -d '{"nom":"xyz","prenom":"xyz", "ddn":"1234-12-12"}'
http://localhost:8080/create/
"""
def decode_token(auth: Auth, settings: Settings):
token = JWT(token=auth.token, settings=settings)
return token.payload
if data.email != USERS_DB['email'] or data.password != USERS_DB['password']:
raise exceptions.Forbidden('Incorrect username or password.')
payload = {
'id': USERS_DB['id'],
'username': USERS_DB['email'],
'iat': datetime.datetime.utcnow(),
'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=60) # ends in 60 minutes
}
token = jwt.encode(payload)
if token is None:
# encoding failed, handle error
raise exceptions.BadRequest()
return {'token': token}
routes = [
Route('/', method='GET', handler=welcome),
Route('/login', method='POST', handler=login),
]
components = [
JWT({
'JWT_SECRET': 'BZz4bHXYQD?g9YN2UksRn7*r3P(eo]P,Rt8NCWKs6VP34qmTL#8f&ruD^TtG',
}),
]
app = App(routes=routes, components=components)
if __name__ == '__main__':
app.serve('127.0.0.1', 8080, use_debugger=True, use_reloader=True)
