def test_middleware_white_listing(app_settings, testing_token):
def test_handler(jwt_identity: JWTIdentity):
if jwt_identity is None:
return "No user token present"
return jwt_identity.id
routes = [Route("/whitelisted", method="GET", handler=test_handler)]
components = [
SettingsComponent({
**app_settings, "JWT_AUTH_WHITELIST": ["test_handler"]
}),
JWTComponent(),
JWTIdentityComponent(),
]
middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()]
app = App(routes=routes, components=components, middleware=middleware)
client = testing.TestClient(app)
response = client.get("/whitelisted",
headers={"Authorization": f"Bearer {testing_token}"})
unauthenticated = client.get("/whitelisted")
assert 200 == response.status_code
assert "1234567890" in response.data
assert 200 == unauthenticated.status_code
assert "No user token present" in unauthenticated.data
def test_middleware_token_validation_raises_error_on_token_exp(app_settings):
def test_handler(jwt_identity: JWTIdentity):
if jwt_identity is None:
return "No user token present"
return jwt_identity.id
jwt = JWT(key="keepthissafe", alg="HS256")
iat = dt.datetime.now() + dt.timedelta(seconds=-10)
exp = iat + dt.timedelta(seconds=5)
payload = {"sub": "1234567890", "name": "John Doe", "iat": iat, "exp": exp}
token = jwt.encode(payload)
routes = [Route("/auth-required", method="GET", handler=test_handler)]
components = [
SettingsComponent(app_settings),
JWTComponent(),
JWTIdentityComponent(),
]
middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()]
app = App(routes=routes, components=components, middleware=middleware)
client = testing.TestClient(app)
response = client.get("/auth-required",
headers={"Authorization": f"Bearer {token}"})
assert 401 == response.status_code
content = response.json()
assert "error_message" in content
assert content.get("status") == 401
def test_middleware_raises_401_error(app_settings):
def test_handler():
return "Handler called"
routes = [Route("/auth-required", method="GET", handler=test_handler)]
components = [
SettingsComponent(app_settings),
JWTComponent(),
JWTIdentityComponent(),
]
middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()]
app = App(routes=routes, components=components, middleware=middleware)
client = testing.TestClient(app)
response = client.get("/auth-required")
assert 401 == response.status_code
def test_JWT_claims_options_raises_error(app_settings, testing_token):
def test_handler(jwt_identity: JWTIdentity):
if jwt_identity is None:
return "No user token present"
return jwt_identity.id
jwt = JWT(key=app_settings.get("JWT_SECRET_KEY"), alg="HS256")
mod_token = jwt.encode({
**jwt.decode(testing_token),
**{
"iss": "https://molten.com"
}
})
routes = [Route("/claim_options", method="GET", handler=test_handler)]
components = [
SettingsComponent({
**app_settings,
"JWT_CLAIMS_OPTIONS": {
"iss": {
"essential": True,
"values": ["https://example.com", "https://example.org"],
}
},
}),
JWTComponent(),
JWTIdentityComponent(),
]
middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()]
app = App(routes=routes, components=components, middleware=middleware)
client = testing.TestClient(app)
missing_claim_response = client.get(
"/claim_options", headers={"Authorization": f"Bearer {testing_token}"})
wrong_claim_value_response = client.get(
"/claim_options", headers={"Authorization": f"Bearer {mod_token}"})
assert 401 == missing_claim_response.status_code
assert 401 == wrong_claim_value_response.status_code
def test_claims_required_raises_error(app_settings, testing_token):
@claims_required({"admin": True})
def test_handler():
return "Handler called"
routes = [Route("/claims", method="GET", handler=test_handler)]
components = [
SettingsComponent(app_settings),
JWTComponent(),
JWTIdentityComponent(),
]
middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()]
app = App(routes=routes, components=components, middleware=middleware)
client = testing.TestClient(app)
response = client.get("/claims",
headers={"Authorization": f"Bearer {testing_token}"})
assert 403 == response.status_code
def test_middleware_anonymous_user_support(app_settings):
@allow_anonymous
def test_handler():
return "Handler called"
routes = [Route("/auth-maybe", method="GET", handler=test_handler)]
components = [
SettingsComponent(app_settings),
JWTComponent(),
JWTIdentityComponent(),
]
middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()]
app = App(routes=routes, components=components, middleware=middleware)
client = testing.TestClient(app)
response = client.get("/auth-maybe")
assert 200 == response.status_code
assert "Handler called" in response.data
def test_middleware_token_validation_passes(app_settings, testing_token):
def test_handler(jwt_identity: JWTIdentity):
if jwt_identity is None:
return "No user token present"
return jwt_identity.id
routes = [Route("/auth-required", method="GET", handler=test_handler)]
components = [
SettingsComponent(app_settings),
JWTComponent(),
JWTIdentityComponent(),
]
middleware = [ResponseRendererMiddleware(), JWTAuthMiddleware()]
app = App(routes=routes, components=components, middleware=middleware)
client = testing.TestClient(app)
response = client.get("/auth-required",
headers={"Authorization": f"Bearer {testing_token}"})
assert 200 == response.status_code
assert "1234567890" in response.data