def test_required_claims(self, claim):
     """
     Verify that tokens that do not carry 'exp' or 'iat' claims are rejected
     """
     # Deletes required claim from payload
     del self.payload[claim]
     token = generate_jwt_token(self.payload)
     with self.assertRaises(jwt.MissingRequiredClaimError):
         # Decode to see if MissingRequiredClaimError exception is raised or not
         jwt_decode_handler(token)
Пример #2
0
    def test_unsupported_jwt_version(self):
        """
        Verifies the function logs decode failures, and raises an
        InvalidTokenError if the token version is not supported.
        """
        with mock.patch('edx_rest_framework_extensions.auth.jwt.decoder.logger') as patched_log:
            with self.assertRaises(jwt.InvalidTokenError):
                token = generate_jwt_token(self.payload)
                jwt_decode_handler(token)

            msg = "Token decode failed due to unsupported JWT version number [%s]"
            patched_log.info.assert_any_call(msg, '1.1.0')
Пример #3
0
    def test_failure_invalid_token(self):
        """
        Verifies the function logs decode failures, and raises an InvalidTokenError if the token cannot be decoded
        """

        # Create tokens using each invalid issuer and attempt to decode them against
        # the valid issuers list, which won't work
        with mock.patch('edx_rest_framework_extensions.auth.jwt.decoder.logger') as patched_log:
            with self.assertRaises(jwt.InvalidTokenError):
                # Attempt to decode an invalid token, which will fail with an InvalidTokenError
                jwt_decode_handler("invalid.token")

            patched_log.exception.assert_any_call("Token verification failed.")
Пример #4
0
    def test_unsupported_jwt_version(self):
        """
        Verifies the function logs decode failures, and raises an
        InvalidTokenError if the token version is not supported.
        """
        with mock.patch('edx_rest_framework_extensions.auth.jwt.decoder.logger'
                        ) as patched_log:
            with self.assertRaises(jwt.InvalidTokenError):
                token = generate_jwt_token(self.payload)
                jwt_decode_handler(token)

            msg = "Token decode failed due to unsupported JWT version number [%s]"
            patched_log.info.assert_any_call(msg, '1.1.0')
Пример #5
0
    def test_failure_invalid_token(self):
        """
        Verifies the function logs decode failures, and raises an InvalidTokenError if the token cannot be decoded
        """

        # Create tokens using each invalid issuer and attempt to decode them against
        # the valid issuers list, which won't work
        with mock.patch('edx_rest_framework_extensions.auth.jwt.decoder.logger'
                        ) as patched_log:
            with self.assertRaises(jwt.InvalidTokenError):
                # Attempt to decode an invalid token, which will fail with an InvalidTokenError
                jwt_decode_handler("invalid.token")

            patched_log.exception.assert_any_call("Token verification failed.")
Пример #6
0
 def test_supported_jwt_version(self, jwt_version):
     """
     Verifies the JWT is decoded successfully with different supported versions in the token.
     """
     jwt_payload = generate_latest_version_payload(self.user, version=jwt_version)
     token = generate_jwt_token(jwt_payload)
     self.assertDictEqual(jwt_decode_handler(token), jwt_payload)
Пример #7
0
 def test_supported_jwt_version(self, jwt_version):
     """
     Verifies the JWT is decoded successfully with different supported versions in the token.
     """
     jwt_payload = generate_latest_version_payload(self.user,
                                                   version=jwt_version)
     token = generate_jwt_token(jwt_payload)
     self.assertDictEqual(jwt_decode_handler(token), jwt_payload)
Пример #8
0
    def test_failure_invalid_issuer(self):
        """
        Verifies the function logs decode failures, and raises an InvalidTokenError if the token cannot be decoded
        """

        # Create tokens using each invalid issuer and attempt to decode them against
        # the valid issuers list, which won't work
        with mock.patch('edx_rest_framework_extensions.auth.jwt.decoder.logger') as patched_log:
            with self.assertRaises(jwt.InvalidTokenError):
                self.payload['iss'] = 'invalid-issuer'
                signing_key = 'invalid-secret-key'
                # Generate a token using the invalid issuer data
                token = generate_jwt_token(self.payload, signing_key)
                # Attempt to decode the token against the entries in the valid issuers list,
                # which will fail with an InvalidTokenError
                jwt_decode_handler(token)

            patched_log.exception.assert_any_call("Token verification failed.")
Пример #9
0
    def test_valid_token_multiple_valid_issuers(self, jwt_issuer):
        """
        Validates that a valid token is properly decoded given a list of multiple valid issuers
        """

        # Verify that each valid issuer is properly matched against the valid issuers list
        # and used to decode the token that was generated using said valid issuer data
        self.payload['iss'] = jwt_issuer['ISSUER']
        token = generate_jwt_token(self.payload, jwt_issuer['SECRET_KEY'])
        self.assertEqual(jwt_decode_handler(token), self.payload)
    def test_get_decoded_jwt_from_existing_cookie(self):
        user = UserFactory()
        payload = generate_latest_version_payload(user)
        jwt = generate_jwt_token(payload)
        expected_decoded_jwt = jwt_decode_handler(jwt)

        mock_request_with_cookie = mock.Mock(COOKIES={'edx-jwt-cookie': jwt})

        decoded_jwt = cookies.get_decoded_jwt(mock_request_with_cookie)
        self.assertEqual(expected_decoded_jwt, decoded_jwt)
Пример #11
0
    def test_get_decoded_jwt_from_existing_cookie(self):
        user = UserFactory()
        payload = generate_latest_version_payload(user)
        jwt = generate_jwt_token(payload)
        expected_decoded_jwt = jwt_decode_handler(jwt)

        mock_request_with_cookie = mock.Mock(COOKIES={'edx-jwt-cookie': jwt})

        decoded_jwt = cookies.get_decoded_jwt(mock_request_with_cookie)
        self.assertEquals(expected_decoded_jwt, decoded_jwt)
Пример #12
0
    def test_valid_token_multiple_valid_issuers(self, jwt_issuer):
        """
        Validates that a valid token is properly decoded given a list of multiple valid issuers
        """

        # Verify that each valid issuer is properly matched against the valid issuers list
        # and used to decode the token that was generated using said valid issuer data
        self.payload['iss'] = jwt_issuer['ISSUER']
        token = generate_jwt_token(self.payload, jwt_issuer['SECRET_KEY'])
        self.assertEqual(jwt_decode_handler(token), self.payload)
Пример #13
0
    def test_failure_invalid_issuer(self):
        """
        Verifies the function logs decode failures, and raises an InvalidTokenError if the token cannot be decoded
        """

        # Create tokens using each invalid issuer and attempt to decode them against
        # the valid issuers list, which won't work
        with mock.patch('edx_rest_framework_extensions.auth.jwt.decoder.logger'
                        ) as patched_log:
            with self.assertRaises(jwt.InvalidTokenError):
                self.payload['iss'] = 'invalid-issuer'
                signing_key = 'invalid-secret-key'
                # Generate a token using the invalid issuer data
                token = generate_jwt_token(self.payload, signing_key)
                # Attempt to decode the token against the entries in the valid issuers list,
                # which will fail with an InvalidTokenError
                jwt_decode_handler(token)

            patched_log.exception.assert_any_call("Token verification failed.")
def get_decoded_jwt_from_auth(request):
    """
    Grab jwt from request.auth in request if possible.

    Returns a decoded jwt dict if it can be found.
    Returns None if the jwt is not found.
    """
    if not is_jwt_authenticated(request):
        return None

    return jwt_decode_handler(request.auth)
Пример #15
0
    def test_upgrade(self):
        """
        Verifies the JWT is upgraded when an old (starting) version is provided.
        """
        jwt_payload = generate_unversioned_payload(self.user)
        token = generate_jwt_token(jwt_payload)

        upgraded_payload = generate_latest_version_payload(self.user, version='1.0.0')

        # Keep time-related values constant for full-proof comparison.
        upgraded_payload['iat'], upgraded_payload['exp'] = jwt_payload['iat'], jwt_payload['exp']
        self.assertDictEqual(jwt_decode_handler(token), upgraded_payload)
Пример #16
0
def get_decoded_jwt(request):
    """
    Grab jwt from jwt cookie in request if possible.

    Returns a decoded jwt dict if it can be found.
    Returns None if the jwt is not found.
    """
    jwt_cookie = request.COOKIES.get(jwt_cookie_name(), None)

    if not jwt_cookie:
        return None
    return jwt_decode_handler(jwt_cookie)
Пример #17
0
def get_decoded_jwt_from_request(request):
    """
    Grab jwt from request if possible.

    Returns a decoded jwt dict if it finds it.
    Returns a None if it does not.
    """
    jwt_cookie = request.COOKIES.get(jwt_cookie_name(), None) or getattr(
        request, 'auth', None)

    if not jwt_cookie:
        return None
    return jwt_decode_handler(jwt_cookie)
    def test_failure_invalid_issuer(self):
        """
        Verifies the function logs decode failures with invalid issuer,
        and raises an InvalidTokenError if the token cannot be decoded
        """

        # Create tokens using each invalid issuer and attempt to decode them against
        # the valid issuers list, which won't work
        with mock.patch('edx_rest_framework_extensions.auth.jwt.decoder.logger'
                        ) as patched_log:
            with self.assertRaises(jwt.InvalidTokenError):
                self.payload['iss'] = 'invalid-issuer'
                # signing key of None will use the default valid signing key
                valid_signing_key = None
                # Generate a token using the invalid issuer data
                token = generate_jwt_token(self.payload, valid_signing_key)
                # Attempt to decode the token against the entries in the valid issuers list,
                # which will fail with an InvalidTokenError
                jwt_decode_handler(token)

            msg = "Token decode failed due to mismatched issuer [%s]"
            patched_log.info.assert_any_call(msg, 'invalid-issuer')
Пример #19
0
    def test_upgrade(self):
        """
        Verifies the JWT is upgraded when an old (starting) version is provided.
        """
        jwt_payload = generate_unversioned_payload(self.user)
        token = generate_jwt_token(jwt_payload)

        upgraded_payload = generate_latest_version_payload(self.user,
                                                           version='1.0.0')

        # Keep time-related values constant for full-proof comparison.
        upgraded_payload['iat'], upgraded_payload['exp'] = jwt_payload[
            'iat'], jwt_payload['exp']
        self.assertDictEqual(jwt_decode_handler(token), upgraded_payload)
Пример #20
0
    def test_get_decoded_jwt_from_auth(self, is_jwt_authentication):
        """ Verify get_decoded_jwt_from_auth returns the appropriate value. """

        # Mock out the `is_jwt_authenticated` method
        authentication.is_jwt_authenticated = lambda request: is_jwt_authentication

        jwt_token = self._get_test_jwt_token()
        mock_request_with_cookie = mock.Mock(COOKIES={}, auth=jwt_token)

        expected_decoded_jwt = jwt_decode_handler(
            jwt_token) if is_jwt_authentication else None

        decoded_jwt = authentication.get_decoded_jwt_from_auth(
            mock_request_with_cookie)
        self.assertEqual(expected_decoded_jwt, decoded_jwt)
Пример #21
0
 def _assert_recreate_jwt_from_cookies(self, response, can_recreate):
     """
     If can_recreate is True, verifies that a JWT can be properly recreated
     from the 2 separate JWT-related cookies using the
     JwtAuthCookieMiddleware middleware and returns the recreated JWT.
     If can_recreate is False, verifies that a JWT cannot be recreated.
     """
     self._copy_cookies_to_request(response, self.request)
     JwtAuthCookieMiddleware().process_view(self.request, None, None, None)
     assert (cookies_api.jwt_cookies.jwt_cookie_name()
             in self.request.COOKIES) == can_recreate
     if can_recreate:
         jwt_string = self.request.COOKIES[
             cookies_api.jwt_cookies.jwt_cookie_name()]
         jwt = jwt_decode_handler(jwt_string)
         assert jwt['scopes'] == ['user_id', 'email', 'profile']
Пример #22
0
 def _assert_recreate_jwt_from_cookies(self, response, can_recreate):
     """
     If can_recreate is True, verifies that a JWT can be properly recreated
     from the 2 separate JWT-related cookies using the
     JwtAuthCookieMiddleware middleware and returns the recreated JWT.
     If can_recreate is False, verifies that a JWT cannot be recreated.
     """
     self._copy_cookies_to_request(response, self.request)
     JwtAuthCookieMiddleware().process_request(self.request)
     self.assertEqual(
         cookies_api.jwt_cookies.jwt_cookie_name() in self.request.COOKIES,
         can_recreate,
     )
     if can_recreate:
         jwt_string = self.request.COOKIES[cookies_api.jwt_cookies.jwt_cookie_name()]
         jwt = jwt_decode_handler(jwt_string)
         self.assertEqual(jwt['scopes'], ['email', 'profile'])
Пример #23
0
    def test_get_decoded_jwt_from_auth(self, is_jwt_authentication):
        """ Verify get_decoded_jwt_from_auth returns the appropriate value. """

        # Mock out the `is_jwt_authenticated` method
        authentication.is_jwt_authenticated = lambda request: is_jwt_authentication

        user = factories.UserFactory()
        payload = generate_latest_version_payload(user)
        jwt = generate_jwt_token(payload)
        mock_request_with_cookie = mock.Mock(COOKIES={}, auth=jwt)

        expected_decoded_jwt = jwt_decode_handler(
            jwt) if is_jwt_authentication else None

        decoded_jwt = authentication.get_decoded_jwt_from_auth(
            mock_request_with_cookie)
        self.assertEqual(expected_decoded_jwt, decoded_jwt)
Пример #24
0
 def test_success(self):
     """
     Confirms that the format of the valid response from the token decoder matches the payload
     """
     self.assertDictEqual(jwt_decode_handler(self.jwt), self.payload)
Пример #25
0
 def test_success(self):
     """
     Confirms that the format of the valid response from the token decoder matches the payload
     """
     self.assertDictEqual(jwt_decode_handler(self.jwt), self.payload)
Пример #26
0
 def test_supported_jwt_version_not_specified(self):
     """
     Verifies the JWT is decoded successfully when the JWT_SUPPORTED_VERSION setting is not specified.
     """
     token = generate_jwt_token(self.payload)
     self.assertDictEqual(jwt_decode_handler(token), self.payload)
Пример #27
0
 def test_supported_jwt_version_not_specified(self):
     """
     Verifies the JWT is decoded successfully when the JWT_SUPPORTED_VERSION setting is not specified.
     """
     token = generate_jwt_token(self.payload)
     self.assertDictEqual(jwt_decode_handler(token), self.payload)