def test_verify_token_invalid_header_kid(jwks):
headers = jwt_headers()
headers['kid'] = 'invalid'
token = generate_jwt(jwt_claims(), headers)
with pytest.raises(BenwaOnlineError):
core.verify_token(token)
def test_verify_token_invalid_claims(jwks, key, value):
claims = jwt_claims()
claims[key] = value
token = generate_jwt(claims, jwt_headers())
with pytest.raises(BenwaOnlineError):
core.verify_token(token)
def test_verify_token_expired(jwks, mocker):
now = (datetime(1971, 1, 1) - datetime(1970, 1, 1))
exp_at = now + timedelta(seconds=300)
claims = jwt_claims()
claims['iat'] = now.total_seconds()
claims['exp'] = exp_at.total_seconds()
token = generate_jwt(claims, jwt_headers())
with pytest.raises(jwt.ExpiredSignatureError):
core.verify_token(token)
def check_token(*args, **kwargs):
try:
verify_token(session['access_token'])
except jwt.ExpiredSignatureError:
msg = 'Token expired. Refreshing'
current_app.logger.debug(msg)
resp = refresh_token_request(benwa, session['refresh_token'])
try:
session['access_token'] = resp['access_token']
session['refresh_token'] = resp['refresh_token']
except KeyError:
msg = 'Received error {}'.format(resp['error'])
current_app.logger.debug(msg)
return api_method(*args, **kwargs)
def authorize_callback():
'''Handles the authorization response
Returns:
a redirection to the previous page, if the user logs in
otherwise directs them to a signup page
'''
headers = ['{}: {}'.format(k, v) for k, v in request.headers.items()]
msg = 'received request with\n{}'.format('\n'.join(headers))
current_app.logger.debug(msg)
resp = handle_authorize_response()
if not resp:
msg = 'Did not receive an authorization response'
current_app.logger.debug(msg)
return redirect(url_for('authbp.authorize_info'))
msg = 'Received authorization response'
current_app.logger.debug(msg)
try:
payload = verify_token(resp['access_token'])
except BenwaOnlineError as err:
msg = 'Error occured during token verification: {}'.format(err)
current_app.logger.debug(msg)
else:
session['access_token'] = resp['access_token']
session['refresh_token'] = resp['refresh_token']
msg = 'Checking if user has signed up before'
current_app.logger.debug(msg)
user = UserGateway().get_by_user_id(payload['sub'])
if not user:
msg = 'New user. Redirecting to signup.'
current_app.logger.debug(msg)
return redirect(url_for('authbp.signup'))
cache.set('user_{}'.format(user.user_id), user)
login_user(user)
msg = 'User {}: logged in'.format(user.user_id)
current_app.logger.info(msg)
return back.redirect()