def test_decode_bearer(): secret = 'secret' # missing stamp in bearer payload = dict(identity='Alice', persona='persona', salt='salt') bearer = jwt.encode(payload, secret, algorithm='HS256').decode() with py_raises(ValueError) as error: bearers.decode_bearer(secret=secret, bearer=bearer) # missing salt in bearer payload = dict(identity='Alice', persona='persona', stamp='stamp') bearer = jwt.encode(payload, secret, algorithm='HS256').decode() with py_raises(ValueError) as error: bearers.decode_bearer(secret=secret, bearer=bearer)
def decode_identity(self, bearer): if bearer != 'no-bearer': try: payload = bearers.decode_bearer(secret=self.bearer_secret, bearer=bearer) return (payload.identity, payload.persona) except jwt.exceptions.DecodeError as error: logger.debug(error) return ('nobody', 'anonymous')
def renew_bearer(self, bearer): payload = bearers.decode_bearer(secret=self.bearer_secret, bearer=bearer, validity=self.bearer_validity, renewal=self.bearer_renewal) if not payload.is_renewable: raise ValueError("Bearer has expired") return bearers.encode_bearer(secret=self.bearer_secret, identity=payload.identity, persona=payload.persona)
def test_encode_bearer(): secret = 'secret' payload = dict(identity='1234', persona='persona', label='Alice (ACME)', e_mail='*****@*****.**') encoded = bearers.encode_bearer(secret, **payload) assert len(encoded) > 7 decoded = bearers.decode_bearer(secret=secret, bearer=encoded) assert decoded.identity == '1234' assert decoded.persona == 'persona' assert decoded.label == 'Alice (ACME)' assert decoded.e_mail == '*****@*****.**' assert len(decoded.salt) > 7 assert len(decoded.stamp) > 7 assert decoded.is_valid == True assert decoded.is_renewable == True
def check_bearer(self, bearer): payload = bearers.decode_bearer(secret=self.bearer_secret, bearer=bearer, validity=self.bearer_validity, renewal=self.bearer_renewal) return payload.__dict__
def test_authenticate_signature(): db = Users() db.write(id='Alice', password='******', persona='support', e_mail='[email protected]') salt = 'salt' stamp = bearers.get_current_stamp() # unknown user with py_raises(ValueError) as error: db.authenticate_signature('Bob', signature='*signature', salt=salt, stamp=stamp) # really need salted call with py_raises(TypeError) as error: db.authenticate_signature('Alice', signature='*signature', stamp=stamp) # really need stamp with py_raises(TypeError) as error: db.authenticate_signature('Alice', signature='*signature', salt=salt) # random credentials does not pass with py_raises(ValueError) as error: db.authenticate_signature('Alice', signature='*signature', salt=salt, stamp=stamp) # password hash does not work, there is a need for real signature with py_raises(ValueError) as error: db.authenticate_signature('Alice', signature='5b49d1280e8517e54daeeb90034334ae', salt=salt, stamp=stamp) # incorrect salt in signature computation blob = bearers.compute_signature(hash='5b49d1280e8517e54daeeb90034334ae', salt='1234', stamp=stamp) with py_raises(ValueError) as error: db.authenticate_signature('Alice', signature=blob, salt=salt, stamp=stamp) # compute correct signature and check it blob = bearers.compute_signature(hash='5b49d1280e8517e54daeeb90034334ae', salt=salt, stamp=stamp) bearer = db.authenticate_signature('Alice', signature=blob, salt=salt, stamp=stamp) assert bearers.decode_bearer(secret=None, bearer=bearer).persona == 'support'