async def test_missing_token(self):
"""Without token the connection is refused."""
application = JWTMiddleware(AsyncWebsocketConsumer())
comminucator = WebsocketCommunicator(application, "/")
with self.assertRaises(ValueError):
connected, _ = await comminucator.connect()
self.assertFalse(connected)
await comminucator.disconnect()
async def test_valid_token(self):
"""With a valid token the connection is accepted."""
token = AccessToken()
token.set_exp(lifetime=timedelta(minutes=20))
application = JWTMiddleware(AsyncWebsocketConsumer())
comminucator = WebsocketCommunicator(application, f"/?jwt={token}")
connected, _ = await comminucator.connect()
self.assertTrue(connected)
await comminucator.disconnect()
async def test_invalid_token(self):
"""With an invalid token the connection is refused."""
token = AccessToken()
token.set_exp(
from_time=timezone.now() - timedelta(minutes=30),
lifetime=timedelta(minutes=1),
)
application = JWTMiddleware(AsyncWebsocketConsumer())
comminucator = WebsocketCommunicator(application, f"/?jwt={token}")
connected, _ = await comminucator.connect()
self.assertFalse(connected)
await comminucator.disconnect()
async def test_invalid_token(self):
"""With an invalid token the connection is refused."""
token = AccessToken()
token.set_exp(
from_time=timezone.now() - timedelta(minutes=30),
lifetime=timedelta(minutes=1),
)
application = JWTMiddleware(AsyncWebsocketConsumer())
communicator = WebsocketCommunicator(application, f"/?jwt={token}")
connected, _ = await communicator.connect()
self.assertTrue(connected)
response = await communicator.receive_output()
self.assertEqual(response["type"], "websocket.close")
self.assertEqual(response["code"], 4003)
await communicator.disconnect()
async def test_invalid_scope_type(self):
"""Only websocket scope type is accepted."""
middleware = JWTMiddleware(AsyncWebsocketConsumer())
with self.assertRaises(ValueError):
await middleware({"type": "wrong-type"}, None, None)
async def test_origin_validator():
"""
Tests that OriginValidator correctly allows/denies connections.
"""
# Make our test application
application = OriginValidator(AsyncWebsocketConsumer(),
["allowed-domain.com"])
# Test a normal connection
communicator = WebsocketCommunicator(application,
"/",
headers=[
(b"origin",
b"http://allowed-domain.com")
])
connected, _ = await communicator.connect()
assert connected
await communicator.disconnect()
# Test a bad connection
communicator = WebsocketCommunicator(application,
"/",
headers=[(b"origin",
b"http://bad-domain.com")])
connected, _ = await communicator.connect()
assert not connected
await communicator.disconnect()
# Make our test application, bad pattern
application = OriginValidator(AsyncWebsocketConsumer(),
["*.allowed-domain.com"])
# Test a bad connection
communicator = WebsocketCommunicator(application,
"/",
headers=[
(b"origin",
b"http://allowed-domain.com")
])
connected, _ = await communicator.connect()
assert not connected
await communicator.disconnect()
# Make our test application, good pattern
application = OriginValidator(AsyncWebsocketConsumer(),
[".allowed-domain.com"])
# Test a normal connection
communicator = WebsocketCommunicator(application,
"/",
headers=[
(b"origin",
b"http://www.allowed-domain.com")
])
connected, _ = await communicator.connect()
assert connected
await communicator.disconnect()
# Make our test application, with scheme://domain[:port] for http
application = OriginValidator(AsyncWebsocketConsumer(),
["http://allowed-domain.com"])
# Test a normal connection
communicator = WebsocketCommunicator(application,
"/",
headers=[
(b"origin",
b"http://allowed-domain.com")
])
connected, _ = await communicator.connect()
assert connected
await communicator.disconnect()
# Test a bad connection
communicator = WebsocketCommunicator(application,
"/",
headers=[
(b"origin",
b"https://bad-domain.com:443")
])
connected, _ = await communicator.connect()
assert not connected
await communicator.disconnect()
# Make our test application, with all hosts allowed
application = OriginValidator(AsyncWebsocketConsumer(), ["*"])
# Test a connection without any headers
communicator = WebsocketCommunicator(application, "/", headers=[])
connected, _ = await communicator.connect()
assert connected
await communicator.disconnect()
# Make our test application, with no hosts allowed
application = OriginValidator(AsyncWebsocketConsumer(), [])
# Test a connection without any headers
communicator = WebsocketCommunicator(application, "/", headers=[])
connected, _ = await communicator.connect()
assert not connected
await communicator.disconnect()
# Test bug with subdomain and empty origin header
application = OriginValidator(AsyncWebsocketConsumer(),
[".allowed-domain.com"])
communicator = WebsocketCommunicator(application,
"/",
headers=[(b"origin", b"")])
connected, _ = await communicator.connect()
assert not connected
await communicator.disconnect()
# Test bug with subdomain and invalid origin header
application = OriginValidator(AsyncWebsocketConsumer(),
[".allowed-domain.com"])
communicator = WebsocketCommunicator(application,
"/",
headers=[(b"origin",
b"something-invalid")])
connected, _ = await communicator.connect()
assert not connected
await communicator.disconnect()