Пример #1
0
    def test_asymmetric_backend(self, account):
        """ Test jwt authentication backend with asymmetric alg"""
        # Update the config settings
        active_config.JWT_ALGORITHM = 'RS256'
        active_config.JWT_PRIVATE_KEY = os.path.join(
            base_dir, 'support/jwt_private_key.pem')
        active_config.JWT_PUBLIC_KEY = os.path.join(
            base_dir, 'support/jwt_public_key.pub')

        # Run the login callback usecase
        payload = {'account': Account.get(account.id)}
        response = Tasklet.perform(Account, jwt.LoginCallbackUseCase,
                                   LoginCallbackRequestObject, payload.copy())

        assert response is not None
        assert response.success is True
        access_token = response.value.get('access_token')

        assert access_token is not None

        # Use the token for authentication
        payload = {
            'auth_scheme': 'Bearer',
            'credentials': access_token,
        }
        response = Tasklet.perform(Account, jwt.AuthenticationUseCase,
                                   jwt.AuthenticationRequestObject,
                                   payload.copy())
        assert response is not None
        assert response.success is True
Пример #2
0
    def test_logout_callback(self, account):
        """ Test logout mechanism for the JWT Backend """
        # Run the login callback usecase
        payload = {'account': Account.get(account.id)}
        response = Tasklet.perform(Account, jwt.LoginCallbackUseCase,
                                   LoginCallbackRequestObject, payload.copy())

        assert response is not None
        assert response.success is True
        access_token = response.value.get('access_token')

        # Run the logout usecase
        response = Tasklet.perform(Account, jwt.LogoutCallbackUseCase,
                                   LogoutRequestObject, payload.copy())
        assert response is not None
        assert response.success is True

        # Authentication must fail
        # Use the token for authentication
        payload = {
            'auth_scheme': 'Bearer',
            'credentials': access_token,
        }
        response = Tasklet.perform(Account, jwt.AuthenticationUseCase,
                                   jwt.AuthenticationRequestObject,
                                   payload.copy())
        assert response is not None
        assert response.success is False
        assert response.value == {
            'code': 401,
            'message': {
                'token': 'Invalid Token'
            }
        }
Пример #3
0
 def account(self):
     """Setup account to use in test cases"""
     account = Account.create({
         'email': '*****@*****.**',
         'username': '******',
         'name': 'john doe',
         'password': pbkdf2_sha256.hash('duMmy@123'),
         'phone': '90080000800',
         'roles': ['ADMIN']
     })
     yield account
Пример #4
0
    def test_password_reset_usecase(self, account):
        """ Test resetting a password using an email link """
        payload = {
            'email': '*****@*****.**',
        }
        response = Tasklet.perform(Account, SendResetPasswordEmailUsecase,
                                   SendResetPasswordEmailRequestObject,
                                   payload.copy())
        assert response is not None
        assert response.success is True

        # Make sure that the verification token is set
        account = Account.get(account.id)
        assert account.verification_token is not None

        # Make sure that the reset email was sent
        assert email.outbox[-1].message() == (
            "[email protected]\n"
            "['*****@*****.**']\n"
            "Password Reset Request\n"
            f"Your reset secret token is {account.verification_token}")

        # Now reset the password with this token
        payload = {
            'token': account.verification_token,
            'data': {
                'new_password': '******',
                'confirm_password': '******',
            }
        }
        response = Tasklet.perform(Account, ResetPasswordUsecase,
                                   ResetPasswordRequestObject, payload.copy())
        assert response is not None
        assert response.success is True

        # Make sure that the password has been updated
        account = Account.get(account.id)
        assert len(account.password_history) == 1
Пример #5
0
    def test_backend(self, account):
        """ Test jwt authentication backend """

        # Run the login callback usecase
        payload = {'account': Account.get(account.id)}
        response = Tasklet.perform(Account, jwt.LoginCallbackUseCase,
                                   LoginCallbackRequestObject, payload.copy())

        assert response is not None
        assert response.success is True
        access_token = response.value.get('access_token')
        assert access_token is not None

        # Use the token for authentication
        payload = {
            'auth_scheme': 'Bearer',
            'credentials': 'xxxxxxxxxxxxxxxxx',
        }
        response = Tasklet.perform(Account, jwt.AuthenticationUseCase,
                                   jwt.AuthenticationRequestObject,
                                   payload.copy())
        assert response is not None
        assert response.success is False
        assert response.value == {
            'code': 401,
            'message': {
                'credentials': 'Invalid JWT Token. Not enough segments'
            }
        }

        # Try again with the correct token
        payload['credentials'] = access_token
        response = Tasklet.perform(Account, jwt.AuthenticationUseCase,
                                   jwt.AuthenticationRequestObject,
                                   payload.copy())
        assert response is not None
        assert response.success is True