def test_from_settings_with_RSA_public_private_key(self):
        self.assertEqual(self.policy.algorithm, 'RS256')
        self.assertEqual(self.policy.master_secret, None)
        # from Crypto.PublicKey import RSA
        with open('pyramid_jwtauth/tests/testkey', 'r') as rsa_priv_file:
            private_key = rsa_priv_file.read()
            self.assertEqual(self.policy.private_key, private_key)
        with open('pyramid_jwtauth/tests/testkey.pub', 'r') as rsa_pub_file:
            public_key = rsa_pub_file.read()
            self. assertEqual(self.policy.public_key, public_key)

        self.assertNotEqual(private_key, public_key)
        req = self._make_request("/auth")
        claims = make_claims(userid="*****@*****.**")
        jwt_authenticate_request(req, claims, private_key, 'RS256')

        token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
        userid = self.policy.authenticated_userid(req)
        self.assertEqual(userid, "*****@*****.**")

        import jwt
        payload = jwt.decode(token, key=public_key, verify=True)
        self.assertIn('sub', payload)
        self.assertEqual(payload['sub'], "*****@*****.**")

        r = self.app.request(req)
        self.assertEqual(r.body, b"*****@*****.**")
Пример #2
0
    def test_from_settings_with_RSA_public_private_key(self):
        self.assertEqual(self.policy.algorithm, 'RS256')
        self.assertEqual(self.policy.master_secret, None)
        # from Crypto.PublicKey import RSA
        with open('pyramid_jwtauth/tests/testkey', 'r') as rsa_priv_file:
            private_key = rsa_priv_file.read()
            self.assertEqual(self.policy.private_key, private_key)
        with open('pyramid_jwtauth/tests/testkey.pub', 'r') as rsa_pub_file:
            public_key = rsa_pub_file.read()
            self.assertEqual(self.policy.public_key, public_key)

        self.assertNotEqual(private_key, public_key)
        req = self._make_request("/auth")
        claims = make_claims(userid="*****@*****.**")
        jwt_authenticate_request(req, claims, private_key, 'RS256')

        token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
        userid = self.policy.authenticated_userid(req)
        self.assertEqual(userid, "*****@*****.**")

        import jwt
        payload = jwt.decode(token, key=public_key, verify=True)
        self.assertIn('sub', payload)
        self.assertEqual(payload['sub'], "*****@*****.**")

        r = self.app.request(req)
        self.assertEqual(r.body, b"*****@*****.**")
 def test_decode_passes_with_override_on_aud_claim(self):
     self.setup_helper({
         "jwtauth.find_groups": "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups",
         "jwtauth.master_secret": MASTER_SECRET,
         "jwtauth.disable_verify_aud": True,})
     # make a token with an audience claim
     claims = make_claims('user1', claims={'aud': 'me'})
     req = self._make_request("/auth")
     jwt_authenticate_request(req, claims, MASTER_SECRET)
     token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
     userid = self.policy.authenticated_userid(req)
     self.assertEqual(userid, "user1")
 def test_decode_fails_no_override_on_aud_claim(self):
     self.setup_helper({
         "jwtauth.find_groups": "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups",
         "jwtauth.master_secret": MASTER_SECRET,})
     # make a token with an audience claim
     claims = make_claims('user1', claims={'aud': 'me'})
     req = self._make_request("/auth")
     jwt_authenticate_request(req, claims, MASTER_SECRET)
     token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
     from jwt.exceptions import InvalidAudienceError
     with self.assertRaises(InvalidAudienceError):
         userid = self.policy.authenticated_userid(req)
 def _make_authenticated_request(self, userid, *args, **kwds):
     claims = None
     if 'claims' in kwds:
         claims = kwds['claims']
         del kwds['claims']
     req = self._make_request(*args, **kwds)
     # creds = self._get_credentials(req, userid=userid)
     claims = make_claims(userid=userid, claims=claims)
     # jwt_authenticate_request(req, **creds)
     # note jwt_authenticate_request() returns headers if wanted
     jwt_authenticate_request(req, claims, MASTER_SECRET)
     return req
Пример #6
0
 def _make_authenticated_request(self, userid, *args, **kwds):
     claims = None
     if 'claims' in kwds:
         claims = kwds['claims']
         del kwds['claims']
     req = self._make_request(*args, **kwds)
     # creds = self._get_credentials(req, userid=userid)
     claims = make_claims(userid=userid, claims=claims)
     # jwt_authenticate_request(req, **creds)
     # note jwt_authenticate_request() returns headers if wanted
     jwt_authenticate_request(req, claims, MASTER_SECRET)
     return req
Пример #7
0
 def test_decode_passes_with_override_on_aud_claim(self):
     self.setup_helper({
         "jwtauth.find_groups":
         "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups",
         "jwtauth.master_secret": MASTER_SECRET,
         "jwtauth.disable_verify_aud": True,
     })
     # make a token with an audience claim
     claims = make_claims('user1', claims={'aud': 'me'})
     req = self._make_request("/auth")
     jwt_authenticate_request(req, claims, MASTER_SECRET)
     token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
     userid = self.policy.authenticated_userid(req)
     self.assertEqual(userid, "user1")
Пример #8
0
 def test_decode_fails_no_override_on_aud_claim(self):
     self.setup_helper({
         "jwtauth.find_groups":
         "pyramid_jwtauth.tests.test_jwtauth:stub_find_groups",
         "jwtauth.master_secret": MASTER_SECRET,
     })
     # make a token with an audience claim
     claims = make_claims('user1', claims={'aud': 'me'})
     req = self._make_request("/auth")
     jwt_authenticate_request(req, claims, MASTER_SECRET)
     token = pyramid_jwtauth.utils.parse_authz_header(req)["token"]
     from jwt.exceptions import InvalidAudienceError
     with self.assertRaises(InvalidAudienceError):
         userid = self.policy.authenticated_userid(req)