def generate_access_tokens(request: WSGIRequest, user: User):
# generate bearer token
bearer_token = BearerToken(OAuth2Validator())
request.scopes = ["read", "write"]
request.state = None
request.extra_credentials = None
request.grant_type = 'client_credentials'
request.client = Application.objects.get(
client_id=settings.SOCIAL_AUTH_CLIENT_ID,
client_secret=settings.SOCIAL_AUTH_CLIENT_SECRET)
token = bearer_token.create_token(request)
# generate JWT
issuer = settings.JWT_ISSUER
payload_enricher = getattr(settings, 'JWT_PAYLOAD_ENRICHER', None)
extra_data = {'username': user.username} if user else {}
jwt_request = HttpRequest()
jwt_request.POST = extra_data
if payload_enricher:
fn = import_string(payload_enricher)
extra_data.update(fn(jwt_request))
payload = generate_payload(issuer, token['expires_in'], **extra_data)
token['access_token_jwt'] = encode_jwt(payload)
return token
def test_post_valid_jwt_header(self):
now = datetime.utcnow()
payload = {
'iss': 'issuer',
'exp': now + timedelta(seconds=100),
'iat': now,
'sub': 'subject',
'usr': '******',
'org': 'some_org',
}
jwt_value = utils.encode_jwt(payload)
response = self.client.post(
'/jwt/', {'example': 'example'},
HTTP_AUTHORIZATION='JWT {}'.format(jwt_value),
content_type='application/json')
self.assertEqual(response.status_code, 200)
sessionkeys_expected = {}
try:
items = payload.iteritems()
except AttributeError: # python 3.6
items = payload.items()
for k, v in items:
if k not in ('exp', 'iat'):
sessionkeys_expected['jwt_{}'.format(k)] = v
self.assertEqual(json.loads(response.content), sessionkeys_expected)
def test_post_valid_jwt_with_auth(self):
now = datetime.utcnow()
payload = {
'iss': 'issuer',
'exp': now + timedelta(seconds=100),
'iat': now,
'username': '******',
}
jwt_value = utils.encode_jwt(payload)
with override_settings(JWT_AUTH_DISABLED=False):
response = self.client.post(
'/jwt_auth/', {'example': 'example'},
HTTP_AUTHORIZATION='JWT {}'.format(jwt_value),
content_type='application/json')
self.assertEqual(response.status_code, 200)
self.assertEqual(json.loads(response.content),
{'username': '******'})
with override_settings(JWT_AUTH_DISABLED=True):
response = self.client.post(
'/jwt_auth/', {'example': 'example'},
HTTP_AUTHORIZATION='JWT {}'.format(jwt_value),
content_type='application/json')
self.assertEqual(response.status_code, 403)
def test_decode_jwt_expired(self):
payload = self._get_payload()
now = datetime.utcnow()
payload['exp'] = now - timedelta(seconds=1)
payload['iat'] = now
jwt_value = utils.encode_jwt(payload)
self.assertRaises(jwt.ExpiredSignatureError, utils.decode_jwt,
jwt_value)
def _create_headers(user: CoreUser, organization_uuid: string) -> dict:
extra_data = {
"organization_uuid": organization_uuid,
"core_user_uuid": user.core_user_uuid,
"username": user.username,
}
payload = generate_payload(settings.JWT_ISSUER, expires_in=600, **extra_data)
token = encode_jwt(payload)
return {"Authorization": "JWT " + token, "Content-Type": "application/json"}
def test_encode_jwt(self):
payload_in = self._get_payload()
encoded = utils.encode_jwt(payload_in)
self.assertIn(type(encoded).__name__, ('unicode', 'str'))
headers, payload, verify_signature = encoded.split(".")
self.assertDictEqual(json.loads(base64.b64decode(headers)), {
"typ": "JWT",
"alg": "RS256"
})
payload += '=' * (-len(payload) % 4) # add padding
self.assertEqual(json.loads(base64.b64decode(payload).decode("utf-8")),
payload_in)
def test_encode_jwt_hs256(self):
payload_in = self._get_payload()
encoded = utils.encode_jwt(payload_in)
self.assertIn(type(encoded).__name__, ('unicode', 'str'))
headers, payload, verify_signature = encoded.split('.')
self.assertDictEqual(json.loads(base64.b64decode(headers)), {
'typ': 'JWT',
'alg': 'HS256'
})
payload += '=' * (-len(payload) % 4)
self.assertEqual(json.loads(base64.b64decode(payload).decode('utf-8')),
payload_in)
def test_post_valid_jwt_with_auth_and_scope_is_valid(self):
now = datetime.utcnow()
payload = {
'iss': 'issuer',
'exp': now + timedelta(seconds=100),
'iat': now,
'username': '******',
'scope': 'write', # Correct scope
}
jwt_value = utils.encode_jwt(payload)
response = self.client.post(
'/jwt_auth_scope/', {'example': 'example'},
HTTP_AUTHORIZATION='JWT {}'.format(jwt_value),
content_type='application/json')
self.assertEqual(response.status_code, 200)
def test_decode_jwt(self):
payload = self._get_payload()
jwt_value = utils.encode_jwt(payload)
payload_out = utils.decode_jwt(jwt_value)
self.assertDictEqual(payload, payload_out)
def test_decode_jwt_public_key_not_found(self):
payload = self._get_payload()
jwt_value = utils.encode_jwt(payload)
self.assertRaises(ImproperlyConfigured, utils.decode_jwt, jwt_value)