def test_malformed(self): """ Test that we raise ValidationError when the JWT is malformed. """ for bogus in ['abc', 'a.b', 'xyz.123.456']: with self.assertRaises(ValidationError): brkt_jwt.get_header(bogus) with self.assertRaises(ValidationError): brkt_jwt.get_payload(bogus)
def validate_jwt(jwt): """ Check the incoming JWT and verify that it has all of the fields that we require. :param jwt a JSON Web Token as a string :return the JWT string :raise ValidationError if validation fails """ if not jwt: return None # Validate header. header = brkt_jwt.get_header(jwt) expected_fields = ['typ', 'alg', 'kid'] missing_fields = [f for f in expected_fields if f not in header] if missing_fields: raise ValidationError( 'Missing fields in token header: %s. Use the %s command ' 'to generate a valid token.' % ( ','.join(missing_fields), brkt_jwt.SUBCOMMAND_NAME ) ) # Validate payload. payload = brkt_jwt.get_payload(jwt) if not payload.get('jti'): raise ValidationError( 'Token payload does not contain the jti field. Use the %s ' 'command to generate a valid token.' % brkt_jwt.SUBCOMMAND_NAME ) return jwt
def validate_jwt(jwt): """ Check the incoming JWT and verify that it has all of the fields that we require. :param jwt a JSON Web Token as a string :return the JWT string :raise ValidationError if validation fails """ if not jwt: return None # Validate header. header = brkt_jwt.get_header(jwt) expected_fields = ['typ', 'alg', 'kid'] missing_fields = [f for f in expected_fields if f not in header] if missing_fields: raise ValidationError( 'Missing fields in token header: %s. Use the %s command ' 'to generate a valid token.' % (','.join(missing_fields), brkt_jwt.SUBCOMMAND_NAME)) # Validate payload. payload = brkt_jwt.get_payload(jwt) if not payload.get('jti'): raise ValidationError( 'Token payload does not contain the jti field. Use the %s ' 'command to generate a valid token.' % brkt_jwt.SUBCOMMAND_NAME) return jwt
def test_make_jwt(self): # Generate the JWT. now = datetime.now(tz=iso8601.UTC).replace(microsecond=0) nbf = now + timedelta(days=1) exp = now + timedelta(days=7) customer = str(uuid.uuid4()) jwt = brkt_jwt.make_jwt(_crypto, nbf=nbf, exp=exp, customer=customer, claims={ 'one': 1, 'two': 2 }) brkt_cli.validate_jwt(jwt) after = datetime.now(tz=iso8601.UTC) # Check the header. header = brkt_jwt.get_header(jwt) self.assertEqual('JWT', header['typ']) self.assertEqual('ES384', header['alg']) self.assertTrue('kid' in header) # Check the payload payload = brkt_jwt.get_payload(jwt) self.assertTrue('jti' in payload) self.assertTrue(payload['iss'].startswith('brkt-cli')) self.assertEqual(customer, payload['customer']) self.assertEqual(1, payload['one']) self.assertEqual(2, payload['two']) iat = brkt_jwt._timestamp_to_datetime(payload['iat']) self.assertTrue(now <= iat <= after) nbf_result = brkt_jwt._timestamp_to_datetime(payload['nbf']) self.assertEqual(nbf, nbf_result) exp_result = brkt_jwt._timestamp_to_datetime(payload['exp']) self.assertEqual(exp, exp_result)
def test_make_jwt(self): # Generate the JWT. now = datetime.now(tz=iso8601.UTC).replace(microsecond=0) nbf = now + timedelta(days=1) exp = now + timedelta(days=7) customer = str(uuid.uuid4()) jwt = brkt_jwt.make_jwt( _crypto, nbf=nbf, exp=exp, customer=customer, claims={'one': 1, 'two': 2} ) brkt_cli.validate_jwt(jwt) after = datetime.now(tz=iso8601.UTC) # Check the header. header = brkt_jwt.get_header(jwt) self.assertEqual('JWT', header['typ']) self.assertEqual('ES384', header['alg']) self.assertTrue('kid' in header) # Check the payload payload = brkt_jwt.get_payload(jwt) self.assertTrue('jti' in payload) self.assertTrue(payload['iss'].startswith('brkt-cli')) self.assertEqual(customer, payload['customer']) self.assertEqual(1, payload['one']) self.assertEqual(2, payload['two']) iat = brkt_jwt._timestamp_to_datetime(payload['iat']) self.assertTrue(now <= iat <= after) nbf_result = brkt_jwt._timestamp_to_datetime(payload['nbf']) self.assertEqual(nbf, nbf_result) exp_result = brkt_jwt._timestamp_to_datetime(payload['exp']) self.assertEqual(exp, exp_result)