def test_pack_header_for_user(self, app, user_class):
"""
This test verifies that the pack_header_for_user method can be used to
package a token into a header dict for a specified user
"""
guard = Praetorian(app, user_class)
the_dude = user_class(
username='******',
password=guard.encrypt_password('abides'),
roles='admin,operator',
)
moment = pendulum.parse('2017-05-21 18:39:55')
with freezegun.freeze_time(moment):
header_dict = guard.pack_header_for_user(the_dude)
token_header = header_dict.get(DEFAULT_JWT_HEADER_NAME)
assert token_header is not None
token = token_header.replace(DEFAULT_JWT_HEADER_TYPE, '')
token = token.strip()
token_data = jwt.decode(
token,
guard.encode_key,
algorithms=guard.allowed_algorithms,
)
assert token_data['iat'] == moment.int_timestamp
assert token_data['exp'] == (
moment +
pendulum.Duration(**DEFAULT_JWT_ACCESS_LIFESPAN)).int_timestamp
assert token_data['rf_exp'] == (moment + pendulum.Duration(
**DEFAULT_JWT_REFRESH_LIFESPAN)).int_timestamp
assert token_data['id'] == the_dude.id
assert token_data['rls'] == 'admin,operator'
moment = pendulum.parse('2017-05-21 18:39:55')
override_access_lifespan = pendulum.Duration(minutes=1)
override_refresh_lifespan = pendulum.Duration(hours=1)
with freezegun.freeze_time(moment):
header_dict = guard.pack_header_for_user(
the_dude,
override_access_lifespan=override_access_lifespan,
override_refresh_lifespan=override_refresh_lifespan,
)
token_header = header_dict.get(DEFAULT_JWT_HEADER_NAME)
assert token_header is not None
token = token_header.replace(DEFAULT_JWT_HEADER_TYPE, '')
token = token.strip()
token_data = jwt.decode(
token,
guard.encode_key,
algorithms=guard.allowed_algorithms,
)
assert token_data['exp'] == (
moment + override_access_lifespan).int_timestamp
assert token_data['rf_exp'] == (
moment + override_refresh_lifespan).int_timestamp
assert token_data['id'] == the_dude.id
def test_pack_header_for_user(self, app, user_class):
"""
This test::
* verifies that the pack_header_for_user method can be used to
package a token into a header dict for a specified user
* verifies that custom claims may be packaged as well
"""
guard = Praetorian(app, user_class)
the_dude = user_class(
username="******",
password=guard.hash_password("abides"),
roles="admin,operator",
)
moment = plummet.momentize('2017-05-21 18:39:55')
with plummet.frozen_time(moment):
header_dict = guard.pack_header_for_user(the_dude)
token_header = header_dict.get(DEFAULT_JWT_HEADER_NAME)
assert token_header is not None
token = token_header.replace(DEFAULT_JWT_HEADER_TYPE, "")
token = token.strip()
token_data = jwt.decode(
token,
guard.encode_key,
algorithms=guard.allowed_algorithms,
)
assert token_data["iat"] == moment.int_timestamp
assert (token_data["exp"] == (
moment + DEFAULT_JWT_ACCESS_LIFESPAN).int_timestamp)
assert (token_data[REFRESH_EXPIRATION_CLAIM] == (
moment + DEFAULT_JWT_REFRESH_LIFESPAN).int_timestamp)
assert token_data["id"] == the_dude.id
assert token_data["rls"] == "admin,operator"
moment = plummet.momentize('2017-05-21 18:39:55')
override_access_lifespan = pendulum.Duration(minutes=1)
override_refresh_lifespan = pendulum.Duration(hours=1)
with plummet.frozen_time(moment):
header_dict = guard.pack_header_for_user(
the_dude,
override_access_lifespan=override_access_lifespan,
override_refresh_lifespan=override_refresh_lifespan,
)
token_header = header_dict.get(DEFAULT_JWT_HEADER_NAME)
assert token_header is not None
token = token_header.replace(DEFAULT_JWT_HEADER_TYPE, "")
token = token.strip()
token_data = jwt.decode(
token,
guard.encode_key,
algorithms=guard.allowed_algorithms,
)
assert (token_data["exp"] == (
moment + override_access_lifespan).int_timestamp)
assert (token_data[REFRESH_EXPIRATION_CLAIM] == (
moment + override_refresh_lifespan).int_timestamp)
assert token_data["id"] == the_dude.id
moment = plummet.momentize('2018-08-14 09:08:39')
with plummet.frozen_time(moment):
header_dict = guard.pack_header_for_user(
the_dude,
duder="brief",
el_duderino="not brief",
)
token_header = header_dict.get(DEFAULT_JWT_HEADER_NAME)
assert token_header is not None
token = token_header.replace(DEFAULT_JWT_HEADER_TYPE, "")
token = token.strip()
token_data = jwt.decode(
token,
guard.encode_key,
algorithms=guard.allowed_algorithms,
)
assert token_data["iat"] == moment.int_timestamp
assert (token_data["exp"] == (
moment + DEFAULT_JWT_ACCESS_LIFESPAN).int_timestamp)
assert (token_data[REFRESH_EXPIRATION_CLAIM] == (
moment + DEFAULT_JWT_REFRESH_LIFESPAN).int_timestamp)
assert token_data["id"] == the_dude.id
assert token_data["rls"] == "admin,operator"
assert token_data["duder"] == "brief"
assert token_data["el_duderino"] == "not brief"
