def test_get_token_issuer_should_handle_invalid_token_with_no_iss():
    token = create_jwt_token("key", "client_id")
    token = jwt.encode(payload={
        'iat': 1234
    },
                       key='1234',
                       headers={
                           'typ': 'JWT',
                           'alg': 'HS256'
                       }).decode()

    with pytest.raises(TokenIssuerError):
        get_token_issuer(token)
Exemplo n.º 2
0
def test_get_token_issuer_should_handle_invalid_token_with_no_iss():
    token = create_jwt_token("key", "client_id")
    token = jwt.encode(payload={'iat': 1234},
                       key='1234',
                       headers={
                           'typ': 'JWT',
                           'alg': 'HS256'
                       })

    with pytest.raises(TokenIssuerError) as e:
        get_token_issuer(token)

    assert "Invalid token: iss field not provided. See our requirements" in e.value.message
Exemplo n.º 3
0
def __get_token_issuer(auth_token):
    try:
        issuer = get_token_issuer(auth_token)
    except TokenIssuerError:
        raise AuthError("Invalid token: iss field not provided", 403)
    except TokenDecodeError:
        raise AuthError(GENERAL_TOKEN_ERROR_MESSAGE, 403)
    return issuer
Exemplo n.º 4
0
def __get_token_issuer(auth_token):
    try:
        client = get_token_issuer(auth_token)
    except TokenIssuerError:
        raise AuthError("Invalid token: iss field not provided", 403)
    except TokenDecodeError:
        raise AuthError("Invalid token: signature, api token is not valid", 403)
    return client
Exemplo n.º 5
0
def requires_auth():
    auth_token = get_auth_token(request)
    try:
        client = get_token_issuer(auth_token)
    except TokenDecodeError as e:
        raise AuthError(e.message, 403)
    except TokenIssuerError:
        raise AuthError("Invalid token: iss not provided", 403)

    if client == current_app.config.get('ADMIN_CLIENT_USER_NAME'):
        g.service_id = current_app.config.get('ADMIN_CLIENT_USER_NAME')
        return handle_admin_key(auth_token, current_app.config.get('ADMIN_CLIENT_SECRET'))

    try:
        service = dao_fetch_service_by_id(client)
    except DataError:
        raise AuthError("Invalid token: service id is not the right data type", 403)
    except NoResultFound:
        raise AuthError("Invalid token: service not found", 403)

    if not service.api_keys:
        raise AuthError("Invalid token: service has no API keys", 403)

    if not service.active:
        raise AuthError("Invalid token: service is archived", 403)

    for api_key in service.api_keys:
        try:
            get_decode_errors(auth_token, api_key.unsigned_secret)
        except TokenDecodeError:
            continue

        if api_key.expiry_date:
            raise AuthError("Invalid token: API key revoked", 403)

        g.service_id = api_key.service_id
        _request_ctx_stack.top.api_user = api_key
        return
    else:
        # service has API keys, but none matching the one the user provided
        raise AuthError("Invalid token: signature, api token is not valid", 403)
def test_should_return_issuer_from_token():
    token = create_jwt_token("key", "client_id")

    issuer = get_token_issuer(token)

    assert issuer == "client_id"
def test_should_handle_invalid_token_for_issuer_lookup():
    with pytest.raises(TokenDecodeError) as e:
        get_token_issuer("token")

    assert "Invalid token: signature. See our requirements" in e.value.message
def test_should_return_issuer_from_token():
    token = create_jwt_token("key", "client_id")

    issuer = get_token_issuer(token)

    assert issuer == "client_id"
def test_should_handle_invalid_token_for_issuer_lookup():
    with pytest.raises(TokenDecodeError) as e:
        get_token_issuer("token")

    assert e.value.message == "Invalid token"