Exemplo n.º 1
0
    def test_decode_failure(self):
        """
        Verifies the function logs decode failures, and raises an InvalidTokenError if the token cannot be decoded
        """

        # Create tokens using each invalid issuer and attempt to decode them against
        # the valid issuers list, which won't work
        with mock.patch(
                'edx_rest_framework_extensions.utils.logger') as patched_log:
            with self.assertRaises(jwt.InvalidTokenError):
                self.payload['iss'] = 'invalid-issuer'
                signing_key = 'invalid-secret-key'
                # Generate a token using the invalid issuer data
                token = generate_jwt_token(self.payload, signing_key)
                # Attempt to decode the token against the entries in the valid issuers list,
                # which will fail with an InvalidTokenError
                utils.jwt_decode_handler(token)

            # Verify that the proper entries were written to the log file
            msg = "Token decode failed for issuer 'test-issuer-1'"
            patched_log.info.assert_any_call(msg, exc_info=True)

            msg = "Token decode failed for issuer 'test-issuer-2'"
            patched_log.info.assert_any_call(msg, exc_info=True)

            msg = "All combinations of JWT issuers and secret keys failed to validate the token."
            patched_log.error.assert_any_call(msg)
    def has_permission(self, request, view):
        """
        Implement the business logic discussed above
        """
        # if is_oauth_scope_enforcement_enabled():
        if settings.FEATURES.get('ENABLE_OAUTH_SCOPE_ENFORCEMENT', False):
            token = request.auth
            decoded_token = jwt_decode_handler(token)
            # check to see if token is a DOP token
            # if so this represents a client which is implicitly trusted
            # (since it is an internal Open edX application)
            if decoded_token['edx_trusted_application']:
                return True

            if is_token_version_incompatible(decoded_token['version']):
                return False

            if hasattr(view, 'required_scopes'):
                if not getattr(view, 'required_scopes')[0] in decoded_token['scopes']:
                    return False

            has_permission = super(HasScopedToken, self).has_permission(request, view)

            if has_permission:
                setattr(request, 'oauth_scopes_filters', self._token_filters(decoded_token))

            return has_permission
        else:
            return True
Exemplo n.º 3
0
    def test_decode_valid_token_multiple_valid_issuers(self, jwt_issuer):
        """
        Validates that a valid token is properly decoded given a list of multiple valid issuers
        """

        # Verify that each valid issuer is properly matched against the valid issuers list
        # and used to decode the token that was generated using said valid issuer data
        self.payload['iss'] = jwt_issuer['ISSUER']
        token = generate_jwt_token(self.payload, jwt_issuer['SECRET_KEY'])
        self.assertEqual(utils.jwt_decode_handler(token), self.payload)
Exemplo n.º 4
0
 def test_decode_success(self):
     """
     Confirms that the format of the valid response from the token decoder matches the payload
     """
     self.assertDictEqual(utils.jwt_decode_handler(self.jwt), self.payload)
Exemplo n.º 5
0
 def setUp(self):
     super(IsTokenVersionIncompatibleTests, self).setUp()
     self.user = UserFactory()
     self.payload = generate_jwt_payload(self.user)
     self.jwt = generate_jwt_token(self.payload)
     self.decoded_token = utils.jwt_decode_handler(self.jwt)