def test_decode_bearer():
secret = 'secret'
# missing stamp in bearer
payload = dict(identity='Alice', persona='persona', salt='salt')
bearer = jwt.encode(payload, secret, algorithm='HS256').decode()
with py_raises(ValueError) as error:
bearers.decode_bearer(secret=secret, bearer=bearer)
# missing salt in bearer
payload = dict(identity='Alice', persona='persona', stamp='stamp')
bearer = jwt.encode(payload, secret, algorithm='HS256').decode()
with py_raises(ValueError) as error:
bearers.decode_bearer(secret=secret, bearer=bearer)
def decode_identity(self, bearer):
if bearer != 'no-bearer':
try:
payload = bearers.decode_bearer(secret=self.bearer_secret,
bearer=bearer)
return (payload.identity, payload.persona)
except jwt.exceptions.DecodeError as error:
logger.debug(error)
return ('nobody', 'anonymous')
def renew_bearer(self, bearer):
payload = bearers.decode_bearer(secret=self.bearer_secret,
bearer=bearer,
validity=self.bearer_validity,
renewal=self.bearer_renewal)
if not payload.is_renewable:
raise ValueError("Bearer has expired")
return bearers.encode_bearer(secret=self.bearer_secret,
identity=payload.identity,
persona=payload.persona)
def test_encode_bearer():
secret = 'secret'
payload = dict(identity='1234',
persona='persona',
label='Alice (ACME)',
e_mail='*****@*****.**')
encoded = bearers.encode_bearer(secret, **payload)
assert len(encoded) > 7
decoded = bearers.decode_bearer(secret=secret, bearer=encoded)
assert decoded.identity == '1234'
assert decoded.persona == 'persona'
assert decoded.label == 'Alice (ACME)'
assert decoded.e_mail == '*****@*****.**'
assert len(decoded.salt) > 7
assert len(decoded.stamp) > 7
assert decoded.is_valid == True
assert decoded.is_renewable == True
def check_bearer(self, bearer):
payload = bearers.decode_bearer(secret=self.bearer_secret,
bearer=bearer,
validity=self.bearer_validity,
renewal=self.bearer_renewal)
return payload.__dict__
def test_authenticate_signature():
db = Users()
db.write(id='Alice', password='******', persona='support', e_mail='[email protected]')
salt = 'salt'
stamp = bearers.get_current_stamp()
# unknown user
with py_raises(ValueError) as error:
db.authenticate_signature('Bob',
signature='*signature',
salt=salt,
stamp=stamp)
# really need salted call
with py_raises(TypeError) as error:
db.authenticate_signature('Alice',
signature='*signature',
stamp=stamp)
# really need stamp
with py_raises(TypeError) as error:
db.authenticate_signature('Alice',
signature='*signature',
salt=salt)
# random credentials does not pass
with py_raises(ValueError) as error:
db.authenticate_signature('Alice',
signature='*signature',
salt=salt,
stamp=stamp)
# password hash does not work, there is a need for real signature
with py_raises(ValueError) as error:
db.authenticate_signature('Alice',
signature='5b49d1280e8517e54daeeb90034334ae',
salt=salt,
stamp=stamp)
# incorrect salt in signature computation
blob = bearers.compute_signature(hash='5b49d1280e8517e54daeeb90034334ae',
salt='1234',
stamp=stamp)
with py_raises(ValueError) as error:
db.authenticate_signature('Alice',
signature=blob,
salt=salt,
stamp=stamp)
# compute correct signature and check it
blob = bearers.compute_signature(hash='5b49d1280e8517e54daeeb90034334ae',
salt=salt,
stamp=stamp)
bearer = db.authenticate_signature('Alice',
signature=blob,
salt=salt,
stamp=stamp)
assert bearers.decode_bearer(secret=None, bearer=bearer).persona == 'support'