def test_raises_if_aud_doesnt_match_api_key(self):
self.payload["aud"] = "bad audience"
with self.assertRaises(session_token.SessionTokenError) as cm:
session_token.decode_from_header(self.build_auth_header(),
api_key=self.api_key,
secret=self.secret)
self.assertEqual("Invalid audience", str(cm.exception))
def test_raises_jwt_error_if_session_token_is_expired(self):
self.payload["exp"] = timestamp((datetime.now() + timedelta(0, -10)))
with self.assertRaises(session_token.SessionTokenError) as cm:
session_token.decode_from_header(self.build_auth_header(),
api_key=self.api_key,
secret=self.secret)
self.assertEqual("Signature has expired", str(cm.exception))
def test_raises_if_issuer_hostname_is_invalid(self):
self.payload["iss"] = "bad_shop_hostname"
with self.assertRaises(session_token.InvalidIssuerError) as cm:
session_token.decode_from_header(self.build_auth_header(),
api_key=self.api_key,
secret=self.secret)
self.assertEqual("Invalid issuer", str(cm.exception))
def test_raises_if_iss_and_dest_dont_match(self):
self.payload["dest"] = "bad_shop.myshopify.com"
with self.assertRaises(session_token.MismatchedHostsError) as cm:
session_token.decode_from_header(self.build_auth_header(),
api_key=self.api_key,
secret=self.secret)
self.assertEqual("The issuer and destination do not match",
str(cm.exception))
def test_raises_if_token_authentication_header_is_not_bearer(self):
authorization_header = "Bad auth header"
with self.assertRaises(session_token.TokenAuthenticationError) as cm:
session_token.decode_from_header(authorization_header,
api_key=self.api_key,
secret=self.secret)
self.assertEqual(
"The HTTP_AUTHORIZATION_HEADER provided does not contain a Bearer token",
str(cm.exception))
def test_raises_jwt_error_if_invalid_alg(self):
bad_session_token = jwt.encode(self.payload, None, algorithm="none")
invalid_header = "Bearer {session_token}".format(
session_token=bad_session_token)
with self.assertRaises(session_token.SessionTokenError) as cm:
session_token.decode_from_header(invalid_header,
api_key=self.api_key,
secret=self.secret)
self.assertEqual("The specified alg value is not allowed",
str(cm.exception))
def test_raises_jwt_error_if_invalid_signature(self):
bad_session_token = jwt.encode(self.payload,
"bad_secret",
algorithm="HS256")
invalid_header = "Bearer {session_token}".format(
session_token=bad_session_token)
with self.assertRaises(session_token.SessionTokenError) as cm:
session_token.decode_from_header(invalid_header,
api_key=self.api_key,
secret=self.secret)
self.assertEqual("Signature verification failed", str(cm.exception))
def wrapper(*args, **kwargs):
try:
decoded_session_token = session_token.decode_from_header(
authorization_header=authorization_header(args[0]),
api_key=apps.get_app_config("shopify_app").SHOPIFY_API_KEY,
secret=apps.get_app_config("shopify_app").SHOPIFY_API_SECRET,
)
with shopify_session(decoded_session_token):
return func(*args, **kwargs)
except session_token.SessionTokenError:
return HttpResponse(status=401)
def test_returns_decoded_payload(self):
decoded_payload = session_token.decode_from_header(
self.build_auth_header(), api_key=self.api_key, secret=self.secret)
self.assertEqual(self.payload, decoded_payload)