def test_pack_header_for_user(self, app, user_class): """ This test verifies that the pack_header_for_user method can be used to package a token into a header dict for a specified user """ guard = Praetorian(app, user_class) the_dude = user_class( username='******', password=guard.encrypt_password('abides'), roles='admin,operator', ) moment = pendulum.parse('2017-05-21 18:39:55') with freezegun.freeze_time(moment): header_dict = guard.pack_header_for_user(the_dude) token_header = header_dict.get(DEFAULT_JWT_HEADER_NAME) assert token_header is not None token = token_header.replace(DEFAULT_JWT_HEADER_TYPE, '') token = token.strip() token_data = jwt.decode( token, guard.encode_key, algorithms=guard.allowed_algorithms, ) assert token_data['iat'] == moment.int_timestamp assert token_data['exp'] == ( moment + pendulum.Duration(**DEFAULT_JWT_ACCESS_LIFESPAN)).int_timestamp assert token_data['rf_exp'] == (moment + pendulum.Duration( **DEFAULT_JWT_REFRESH_LIFESPAN)).int_timestamp assert token_data['id'] == the_dude.id assert token_data['rls'] == 'admin,operator' moment = pendulum.parse('2017-05-21 18:39:55') override_access_lifespan = pendulum.Duration(minutes=1) override_refresh_lifespan = pendulum.Duration(hours=1) with freezegun.freeze_time(moment): header_dict = guard.pack_header_for_user( the_dude, override_access_lifespan=override_access_lifespan, override_refresh_lifespan=override_refresh_lifespan, ) token_header = header_dict.get(DEFAULT_JWT_HEADER_NAME) assert token_header is not None token = token_header.replace(DEFAULT_JWT_HEADER_TYPE, '') token = token.strip() token_data = jwt.decode( token, guard.encode_key, algorithms=guard.allowed_algorithms, ) assert token_data['exp'] == ( moment + override_access_lifespan).int_timestamp assert token_data['rf_exp'] == ( moment + override_refresh_lifespan).int_timestamp assert token_data['id'] == the_dude.id
def test_pack_header_for_user(self, app, user_class): """ This test:: * verifies that the pack_header_for_user method can be used to package a token into a header dict for a specified user * verifies that custom claims may be packaged as well """ guard = Praetorian(app, user_class) the_dude = user_class( username="******", password=guard.hash_password("abides"), roles="admin,operator", ) moment = plummet.momentize('2017-05-21 18:39:55') with plummet.frozen_time(moment): header_dict = guard.pack_header_for_user(the_dude) token_header = header_dict.get(DEFAULT_JWT_HEADER_NAME) assert token_header is not None token = token_header.replace(DEFAULT_JWT_HEADER_TYPE, "") token = token.strip() token_data = jwt.decode( token, guard.encode_key, algorithms=guard.allowed_algorithms, ) assert token_data["iat"] == moment.int_timestamp assert (token_data["exp"] == ( moment + DEFAULT_JWT_ACCESS_LIFESPAN).int_timestamp) assert (token_data[REFRESH_EXPIRATION_CLAIM] == ( moment + DEFAULT_JWT_REFRESH_LIFESPAN).int_timestamp) assert token_data["id"] == the_dude.id assert token_data["rls"] == "admin,operator" moment = plummet.momentize('2017-05-21 18:39:55') override_access_lifespan = pendulum.Duration(minutes=1) override_refresh_lifespan = pendulum.Duration(hours=1) with plummet.frozen_time(moment): header_dict = guard.pack_header_for_user( the_dude, override_access_lifespan=override_access_lifespan, override_refresh_lifespan=override_refresh_lifespan, ) token_header = header_dict.get(DEFAULT_JWT_HEADER_NAME) assert token_header is not None token = token_header.replace(DEFAULT_JWT_HEADER_TYPE, "") token = token.strip() token_data = jwt.decode( token, guard.encode_key, algorithms=guard.allowed_algorithms, ) assert (token_data["exp"] == ( moment + override_access_lifespan).int_timestamp) assert (token_data[REFRESH_EXPIRATION_CLAIM] == ( moment + override_refresh_lifespan).int_timestamp) assert token_data["id"] == the_dude.id moment = plummet.momentize('2018-08-14 09:08:39') with plummet.frozen_time(moment): header_dict = guard.pack_header_for_user( the_dude, duder="brief", el_duderino="not brief", ) token_header = header_dict.get(DEFAULT_JWT_HEADER_NAME) assert token_header is not None token = token_header.replace(DEFAULT_JWT_HEADER_TYPE, "") token = token.strip() token_data = jwt.decode( token, guard.encode_key, algorithms=guard.allowed_algorithms, ) assert token_data["iat"] == moment.int_timestamp assert (token_data["exp"] == ( moment + DEFAULT_JWT_ACCESS_LIFESPAN).int_timestamp) assert (token_data[REFRESH_EXPIRATION_CLAIM] == ( moment + DEFAULT_JWT_REFRESH_LIFESPAN).int_timestamp) assert token_data["id"] == the_dude.id assert token_data["rls"] == "admin,operator" assert token_data["duder"] == "brief" assert token_data["el_duderino"] == "not brief"