def test_secure_cookie():
policy = JWTCookieAuthenticationPolicy("secret", https_only=True)
dummy_request = Request.blank("/")
_, cookie = policy.remember(dummy_request, str(uuid.uuid4())).pop()
assert "; secure;" in cookie
assert "; HttpOnly" in cookie
def test_cookie_name(principal):
dummy_request = Request.blank("/")
policy = JWTCookieAuthenticationPolicy("secret", cookie_name="auth")
token = policy.create_token(principal)
_, cookie = policy.remember(dummy_request, token).pop()
name, value = cookie.split("=", 1)
assert name == "auth"
def test_insecure_cookie(principal):
dummy_request = Request.blank("/")
policy = JWTCookieAuthenticationPolicy("secret", https_only=False)
token = policy.create_token(principal)
_, cookie = policy.remember(dummy_request, token).pop()
assert "; secure;" not in cookie
assert "; HttpOnly" in cookie
def test_cookie(dummy_request, principal):
policy = JWTCookieAuthenticationPolicy("secret")
cookie = policy.remember(dummy_request, principal).pop()
assert len(cookie) == 2
header, cookie = cookie
assert header == "Set-Cookie"
assert len(cookie) > 0
def test_cookie_max_age(principal):
dummy_request = Request.blank("/")
policy = JWTCookieAuthenticationPolicy("secret", cookie_name="auth", expiration=100)
_, cookie = policy.remember(dummy_request, principal).pop()
_, value = cookie.split("=", 1)
_, meta = value.split(";", 1)
assert "Max-Age=100" in meta
assert "expires" in meta
def test_insecure_cookie_policy():
policy = JWTCookieAuthenticationPolicy("secret", https_only=False)
request = Request.blank("/")
headers = policy.forget(request)
_, cookie = headers[0]
chunks = cookie.split("; ")
assert "secure" not in chunks
def test_cookie_policy_max_age():
expiry = timedelta(seconds=10)
policy = JWTCookieAuthenticationPolicy("secret", expiration=expiry)
request = Request.blank("/")
headers = policy.forget(request)
_, cookie = headers[0]
chunks = cookie.split("; ")
assert "Max-Age=10" not in chunks
def test_cookie(principal):
dummy_request = Request.blank("/")
policy = JWTCookieAuthenticationPolicy("secret")
token = policy.create_token(principal)
cookie = policy.remember(dummy_request, token).pop()
assert len(cookie) == 2
header, cookie = cookie
assert header == "Set-Cookie"
assert len(cookie) > 0
def test_cookie_decode(dummy_request, principal):
policy = JWTCookieAuthenticationPolicy("secret", https_only=False)
header, cookie = policy.remember(dummy_request, principal).pop()
name, value = cookie.split("=", 1)
value, _ = value.split(";", 1)
dummy_request.cookies = {name: value}
claims = policy.get_claims(dummy_request)
assert claims["sub"] == principal
def test_cookie_policy_custom_domain_list():
policy = JWTCookieAuthenticationPolicy("secret")
request = Request.blank("/")
domains = [request.domain, "other"]
headers = policy.remember(request, "user", domains=domains)
assert len(headers) == 2
_, cookie1 = headers[0]
_, cookie2 = headers[1]
assert f"Domain={request.domain}" in cookie1
assert f"Domain=other" in cookie2
def test_invalid_cookie_reissue(principal):
dummy_request = Request.blank("/")
policy = JWTCookieAuthenticationPolicy("secret", https_only=False, reissue_time=10)
token = "invalid value"
header, cookie = policy.remember(dummy_request, token).pop()
name, value = cookie.split("=", 1)
value, _ = value.split(";", 1)
dummy_request.cookies = {name: value}
claims = policy.get_claims(dummy_request)
assert not claims
def test_cookie_policy_remember():
policy = JWTCookieAuthenticationPolicy("secret")
request = Request.blank("/")
headers = policy.remember(request, "user")
header, cookie = headers[0]
assert header.lower() == "set-cookie"
chunks = cookie.split("; ")
assert chunks[0].startswith(f"{policy.cookie_name}=")
assert "HttpOnly" in chunks
assert "secure" in chunks
def test_cookie_policy_forget():
policy = JWTCookieAuthenticationPolicy("secret")
request = Request.blank("/")
headers = policy.forget(request)
header, cookie = headers[0]
assert header.lower() == "set-cookie"
chunks = cookie.split("; ")
cookie_values = [c for c in chunks if "=" in c]
assert cookie_values[0].startswith(f"{policy.cookie_name}=")
assert "Max-Age=0" in chunks
assert hasattr(request, "_jwt_cookie_reissue_revoked")
def test_expired_token(dummy_request, principal, freezer):
policy = JWTCookieAuthenticationPolicy("secret",
cookie_name="auth",
expiration=1)
_, cookie = policy.remember(dummy_request, principal).pop()
name, value = cookie.split("=", 1)
freezer.tick(delta=2)
value, _ = value.split(";", 1)
dummy_request.cookies = {name: value}
claims = policy.get_claims(dummy_request)
assert claims == {}
def test_cookie_policy_creation():
token_policy = JWTAuthenticationPolicy("secret")
request = Request.blank("/")
cookie_policy = JWTCookieAuthenticationPolicy.make_from(token_policy)
headers = cookie_policy.remember(request, "user")
assert isinstance(headers, list)
assert len(headers) == 1
def test_insecure_cookie(dummy_request, principal):
policy = JWTCookieAuthenticationPolicy("secret", https_only=False)
_, cookie = policy.remember(dummy_request, principal).pop()
assert "; secure;" not in cookie
assert "; HttpOnly" in cookie
def test_cookie_policy_creation_fail():
with pytest.raises(ValueError) as e:
JWTCookieAuthenticationPolicy.make_from(object())
assert "Invalid policy type" in str(e.value)
def test_interface():
verifyObject(IAuthenticationPolicy,
JWTCookieAuthenticationPolicy("secret"))
def test_cookie_name(dummy_request, principal):
policy = JWTCookieAuthenticationPolicy("secret", cookie_name="auth")
_, cookie = policy.remember(dummy_request, principal).pop()
name, value = cookie.split("=", 1)
assert name == "auth"
