def setUp(self): super(TestAsapDecorator, self).setUp() self._private_key_pem = self.get_new_private_key_in_pem_format() self._public_key_pem = utils.get_public_key_pem_for_private_key_pem( self._private_key_pem) self.retriever = get_static_retriever_class( {'client-app/key01': self._public_key_pem}) self.test_settings = {'ASAP_KEY_RETRIEVER_CLASS': self.retriever}
def setUp(self): self._private_key_pem = self.get_new_private_key_in_pem_format() self._public_key_pem = utils.get_public_key_pem_for_private_key_pem( self._private_key_pem) self.app = get_app() self.client = self.app.test_client() retriever = get_static_retriever_class( {'client-app/key01': self._public_key_pem}) self.app.config['ASAP_KEY_RETRIEVER_CLASS'] = retriever
def test_request_with_invalid_issuer_is_rejected(self): # Try with a different audience with a valid signature self.app.config['ASAP_KEY_RETRIEVER_CLASS'] = ( get_static_retriever_class({ 'another-client/key01': self._public_key_pem }) ) token = create_token( 'another-client', 'server-app', 'another-client/key01', self._private_key_pem ) self.assertEqual(self.send_request(token).status_code, 403)
def test_request_decorated_issuer_is_allowed(self): retriever = get_static_retriever_class( {'whitelist/key01': self._public_key_pem}) token = create_token(issuer='whitelist', audience='server-app', key_id='whitelist/key01', private_key=self._private_key_pem) with override_settings(ASAP_KEY_RETRIEVER_CLASS=retriever): response = self.client.get(reverse('decorated'), HTTP_AUTHORIZATION=b'Bearer ' + token) self.assertContains(response, 'Only the right issuer is allowed.')
def setUp(self): self._private_key_pem = self.get_new_private_key_in_pem_format() self._public_key_pem = utils.get_public_key_pem_for_private_key_pem( self._private_key_pem) retriever = get_static_retriever_class( {'client-app/key01': self._public_key_pem}) self.config = { 'ASAP_VALID_AUDIENCE': 'server-app', 'ASAP_VALID_ISSUERS': ('client-app', ), 'ASAP_KEY_RETRIEVER_CLASS': retriever }
def test_request_with_invalid_issuer_is_rejected(self): # Try with a different audience with a valid signature self.app.config['ASAP_KEY_RETRIEVER_CLASS'] = ( get_static_retriever_class( {'another-client/key01': self._public_key_pem})) token = create_token('another-client', 'server-app', 'another-client/key01', self._private_key_pem) response = self.client.get( '/', headers={'Authorization': b'Bearer ' + token}) self.assertEqual(response.status_code, 401)
def test_request_with_invalid_issuer_is_rejected(self): retriever = get_static_retriever_class( {'something-invalid/key01': self._public_key_pem}) token = create_token(issuer='something-invalid', audience='server-app', key_id='something-invalid/key01', private_key=self._private_key_pem) with override_settings(ASAP_KEY_RETRIEVER_CLASS=retriever): response = self.client.get(reverse('expected'), HTTP_AUTHORIZATION=b'Bearer ' + token) self.assertContains(response, 'Unauthorized: Invalid token issuer', status_code=401)
def test_request_non_whitelisted_decorated_issuer_is_rejected(self): retriever = get_static_retriever_class( {'unexpected/key01': self._public_key_pem}) token = create_token(issuer='unexpected', audience='server-app', key_id='unexpected/key01', private_key=self._private_key_pem) with override_settings(ASAP_KEY_RETRIEVER_CLASS=retriever): response = self.client.get(reverse('unexpected'), HTTP_AUTHORIZATION=b'Bearer ' + token) self.assertContains(response, 'Forbidden: Invalid token issuer', status_code=403)
def check_response(self, view_name, response_content='', status_code=200, issuer='client-app', audience='server-app', key_id='client-app/key01', subject=None, private_key=None, token=None, authorization=None, retriever_key=None): if authorization is None: if token is None: if private_key is None: private_key = self._private_key_pem token = create_token(issuer=issuer, audience=audience, key_id=key_id, private_key=private_key, subject=subject) authorization = b'Bearer ' + token test_settings = self.test_settings.copy() if retriever_key is not None: retriever = get_static_retriever_class( {retriever_key: self._public_key_pem}) test_settings['ASAP_KEY_RETRIEVER_CLASS'] = retriever with override_settings(**test_settings): response = self.client.get(reverse(view_name), HTTP_AUTHORIZATION=authorization) self.assertContains(response, response_content, status_code=status_code)