def test_from_settings_with_RSA_public_private_key(self):
self.assertEqual(self.policy.algorithm, 'RS256')
self.assertEqual(self.policy.master_secret, None)
# from Crypto.PublicKey import RSA
with open('pyramid_jwtauth/tests/testkey', 'r') as rsa_priv_file:
private_key = rsa_priv_file.read()
self.assertEqual(self.policy.private_key, private_key)
with open('pyramid_jwtauth/tests/testkey.pub', 'r') as rsa_pub_file:
public_key = rsa_pub_file.read()
self. assertEqual(self.policy.public_key, public_key)
self.assertNotEqual(private_key, public_key)
req = self._make_request("/auth")
claims = make_claims(userid="*****@*****.**")
jwt_authenticate_request(req, claims, private_key, 'RS256')
token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
userid = self.policy.authenticated_userid(req)
self.assertEqual(userid, "*****@*****.**")
import jwt
payload = jwt.decode(token, key=public_key, verify=True)
self.assertIn('sub', payload)
self.assertEqual(payload['sub'], "*****@*****.**")
r = self.app.request(req)
self.assertEqual(r.body, b"*****@*****.**")
def test_from_settings_with_RSA_public_private_key(self):
self.assertEqual(self.policy.algorithm, 'RS256')
self.assertEqual(self.policy.master_secret, None)
# from Crypto.PublicKey import RSA
with open('pyramid_jwtauth/tests/testkey', 'r') as rsa_priv_file:
private_key = rsa_priv_file.read()
self.assertEqual(self.policy.private_key, private_key)
with open('pyramid_jwtauth/tests/testkey.pub', 'r') as rsa_pub_file:
public_key = rsa_pub_file.read()
self.assertEqual(self.policy.public_key, public_key)
self.assertNotEqual(private_key, public_key)
req = self._make_request("/auth")
claims = make_claims(userid="*****@*****.**")
jwt_authenticate_request(req, claims, private_key, 'RS256')
token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
userid = self.policy.authenticated_userid(req)
self.assertEqual(userid, "*****@*****.**")
import jwt
payload = jwt.decode(token, key=public_key, verify=True)
self.assertIn('sub', payload)
self.assertEqual(payload['sub'], "*****@*****.**")
r = self.app.request(req)
self.assertEqual(r.body, b"*****@*****.**")
def test_decode_passes_with_override_on_aud_claim(self):
self.setup_helper({
"jwtauth.find_groups": "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups",
"jwtauth.master_secret": MASTER_SECRET,
"jwtauth.disable_verify_aud": True,})
# make a token with an audience claim
claims = make_claims('user1', claims={'aud': 'me'})
req = self._make_request("/auth")
jwt_authenticate_request(req, claims, MASTER_SECRET)
token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
userid = self.policy.authenticated_userid(req)
self.assertEqual(userid, "user1")
def test_decode_fails_no_override_on_aud_claim(self):
self.setup_helper({
"jwtauth.find_groups": "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups",
"jwtauth.master_secret": MASTER_SECRET,})
# make a token with an audience claim
claims = make_claims('user1', claims={'aud': 'me'})
req = self._make_request("/auth")
jwt_authenticate_request(req, claims, MASTER_SECRET)
token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
from jwt.exceptions import InvalidAudienceError
with self.assertRaises(InvalidAudienceError):
userid = self.policy.authenticated_userid(req)
def _make_authenticated_request(self, userid, *args, **kwds):
claims = None
if 'claims' in kwds:
claims = kwds['claims']
del kwds['claims']
req = self._make_request(*args, **kwds)
# creds = self._get_credentials(req, userid=userid)
claims = make_claims(userid=userid, claims=claims)
# jwt_authenticate_request(req, **creds)
# note jwt_authenticate_request() returns headers if wanted
jwt_authenticate_request(req, claims, MASTER_SECRET)
return req
def _make_authenticated_request(self, userid, *args, **kwds):
claims = None
if 'claims' in kwds:
claims = kwds['claims']
del kwds['claims']
req = self._make_request(*args, **kwds)
# creds = self._get_credentials(req, userid=userid)
claims = make_claims(userid=userid, claims=claims)
# jwt_authenticate_request(req, **creds)
# note jwt_authenticate_request() returns headers if wanted
jwt_authenticate_request(req, claims, MASTER_SECRET)
return req
def test_decode_passes_with_override_on_aud_claim(self):
self.setup_helper({
"jwtauth.find_groups":
"pyramid_jwtauth.tests.test_jwtauth:stub_find_groups",
"jwtauth.master_secret": MASTER_SECRET,
"jwtauth.disable_verify_aud": True,
})
# make a token with an audience claim
claims = make_claims('user1', claims={'aud': 'me'})
req = self._make_request("/auth")
jwt_authenticate_request(req, claims, MASTER_SECRET)
token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
userid = self.policy.authenticated_userid(req)
self.assertEqual(userid, "user1")
def test_decode_fails_no_override_on_aud_claim(self):
self.setup_helper({
"jwtauth.find_groups":
"pyramid_jwtauth.tests.test_jwtauth:stub_find_groups",
"jwtauth.master_secret": MASTER_SECRET,
})
# make a token with an audience claim
claims = make_claims('user1', claims={'aud': 'me'})
req = self._make_request("/auth")
jwt_authenticate_request(req, claims, MASTER_SECRET)
token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
from jwt.exceptions import InvalidAudienceError
with self.assertRaises(InvalidAudienceError):
userid = self.policy.authenticated_userid(req)
