def create_authorization_header(path, method, request_body=None, service_id=None): if service_id: client_id = service_id secret = get_unsigned_secrets(service_id)[0] else: client_id = current_app.config.get('ADMIN_CLIENT_USER_NAME') secret = current_app.config.get('ADMIN_CLIENT_SECRET') if request_body: token = create_jwt_token(request_method=method, request_path=path, secret=secret, client_id=client_id, request_body=request_body) else: token = create_jwt_token(request_method=method, request_path=path, secret=secret, client_id=client_id) return 'Authorization', 'Bearer {}'.format(token)
def __create_get_token(service_id): if service_id: return create_jwt_token(request_method="GET", request_path=url_for('service.get_service', service_id=service_id), secret=get_unsigned_secrets(service_id)[0], client_id=service_id) else: return create_jwt_token(request_method="GET", request_path=url_for('service.get_service'), secret=get_unsigned_secrets(service_id)[0], client_id=service_id)
def __create_get_token(service_id): if service_id: return create_jwt_token( request_method="GET", request_path=url_for("service.get_service", service_id=service_id), secret=get_unsigned_secrets(service_id)[0], client_id=service_id, ) else: return create_jwt_token( request_method="GET", request_path=url_for("service.get_service"), secret=get_unsigned_secrets(service_id)[0], client_id=service_id, )
def test_authentication_passes_when_service_has_multiple_keys_some_expired( notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: exprired_key = { 'service_id': sample_api_key.service_id, 'name': 'expired_key', 'expiry_date': datetime.now() } expired_api_key = ApiKey(**exprired_key) save_model_api_key(expired_api_key) another_key = { 'service_id': sample_api_key.service_id, 'name': 'another_key' } api_key = ApiKey(**another_key) save_model_api_key(api_key) token = create_jwt_token( request_method="GET", request_path=url_for('service.get_service'), secret=get_unsigned_secret(api_key.id), client_id=sample_api_key.service_id) response = client.get( url_for('service.get_service'), headers={'Authorization': 'Bearer {}'.format(token)}) assert response.status_code == 200
def test_authentication_returns_token_expired_when_service_uses_expired_key_and_has_multiple_keys( notify_api, notify_db, notify_db_session, sample_api_key ): with notify_api.test_request_context(): with notify_api.test_client() as client: expired_key = {"service_id": sample_api_key.service_id, "name": "expired_key"} expired_api_key = ApiKey(**expired_key) save_model_api_key(expired_api_key) another_key = {"service_id": sample_api_key.service_id, "name": "another_key"} api_key = ApiKey(**another_key) save_model_api_key(api_key) token = create_jwt_token( request_method="GET", request_path=url_for("service.get_service"), secret=get_unsigned_secret(expired_api_key.id), client_id=sample_api_key.service_id, ) # expire the key expire_the_key = { "id": expired_api_key.id, "service_id": sample_api_key.service_id, "name": "expired_key", "expiry_date": datetime.now() + timedelta(hours=-2), } save_model_api_key(expired_api_key, expire_the_key) response = client.get(url_for("service.get_service"), headers={"Authorization": "Bearer {}".format(token)}) assert response.status_code == 403 data = json.loads(response.get_data()) assert data["error"] == "Invalid token: signature"
def test_authentication_returns_token_expired_when_service_uses_expired_key_and_has_multiple_keys( notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: expired_key = { 'service_id': sample_api_key.service_id, 'name': 'expired_key' } expired_api_key = ApiKey(**expired_key) save_model_api_key(expired_api_key) another_key = { 'service_id': sample_api_key.service_id, 'name': 'another_key' } api_key = ApiKey(**another_key) save_model_api_key(api_key) token = create_jwt_token( request_method="GET", request_path=url_for('service.get_service'), secret=get_unsigned_secret(expired_api_key.id), client_id=sample_api_key.service_id) # expire the key expire_the_key = { 'id': expired_api_key.id, 'service_id': sample_api_key.service_id, 'name': 'expired_key', 'expiry_date': datetime.now() + timedelta(hours=-2) } save_model_api_key(expired_api_key, expire_the_key) response = client.get( url_for('service.get_service'), headers={'Authorization': 'Bearer {}'.format(token)}) assert response.status_code == 403 data = json.loads(response.get_data()) assert data['error'] == 'Invalid token: signature'
def test_should_allow_valid_token_with_post_body(notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: service = Service.query.get(sample_api_key.service_id) data = { 'name': 'new name', 'users': [service.users[0].id], 'limit': 1000, 'restricted': False, 'active': False } token = create_jwt_token( request_method="PUT", request_path=url_for('service.update_service', service_id=sample_api_key.service_id), secret=get_unsigned_secret(sample_api_key.id), client_id=sample_api_key.service_id, request_body=json.dumps(data)) headers = [('Content-Type', 'application/json'), ('Authorization', 'Bearer {}'.format(token))] response = client.put(url_for('service.update_service', service_id=service.id), data=json.dumps(data), headers=headers) assert response.status_code == 200
def __create_post_token(service_id, request_body): return create_jwt_token( request_method="POST", request_path=url_for("service.create_service"), secret=get_unsigned_secrets(service_id)[0], client_id=service_id, request_body=request_body, )
def test_should_allow_valid_token(notify_api): token = create_jwt_token(request_method="GET", request_path="/", secret="secret", client_id="client_id") response = notify_api.test_client().get( "/", headers={ 'Authorization': 'Bearer {}'.format(token) } ) assert response.status_code == 200
def test_should_not_allow_invalid_secret(notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: token = create_jwt_token( request_method="POST", request_path="/", secret="not-so-secret", client_id=sample_api_key.service_id ) response = client.get(url_for("service.get_service"), headers={"Authorization": "Bearer {}".format(token)}) assert response.status_code == 403 data = json.loads(response.get_data()) assert data["error"] == "Invalid token: signature"
def test_authentication_passes_admin_client_token(notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: token = create_jwt_token( request_method="GET", request_path=url_for("service.get_service"), secret=current_app.config.get("ADMIN_CLIENT_SECRET"), client_id=current_app.config.get("ADMIN_CLIENT_USER_NAME"), ) response = client.get(url_for("service.get_service"), headers={"Authorization": "Bearer {}".format(token)}) assert response.status_code == 200
def test_should_not_allow_invalid_secret(notify_api): token = create_jwt_token(request_method="POST", request_path="/", secret="not-so-secret", client_id="client_id") response = notify_api.test_client().get( "/", headers={ 'Authorization': "Bearer {}".format(token) } ) assert response.status_code == 403 data = json.loads(response.get_data()) assert data['error'] == 'Invalid token: signature'
def create_authorization_header(path, method, request_body=None, service_id=None): if service_id: client_id = service_id secret = get_unsigned_secrets(service_id)[0] else: client_id = current_app.config.get('ADMIN_CLIENT_USER_NAME') secret = current_app.config.get('ADMIN_CLIENT_SECRET') if request_body: token = create_jwt_token( request_method=method, request_path=path, secret=secret, client_id=client_id, request_body=request_body) else: token = create_jwt_token(request_method=method, request_path=path, secret=secret, client_id=client_id) return 'Authorization', 'Bearer {}'.format(token)
def test_should_not_allow_invalid_secret(notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: token = create_jwt_token(request_method="POST", request_path="/", secret="not-so-secret", client_id=sample_api_key.service_id) response = client.get( url_for('service.get_service'), headers={'Authorization': "Bearer {}".format(token)}) assert response.status_code == 403 data = json.loads(response.get_data()) assert data['error'] == 'Invalid token: signature'
def test_authentication_passes_admin_client_token(notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: token = create_jwt_token( request_method="GET", request_path=url_for('service.get_service'), secret=current_app.config.get('ADMIN_CLIENT_SECRET'), client_id=current_app.config.get('ADMIN_CLIENT_USER_NAME')) response = client.get( url_for('service.get_service'), headers={'Authorization': 'Bearer {}'.format(token)}) assert response.status_code == 200
def test_should_allow_valid_token_with_post_body(notify_api): json_body = json.dumps({ "key1": "value1", "key2": "value2", "key3": "value3" }) token = create_jwt_token( request_method="POST", request_path="/", secret="secret", client_id="client_id", request_body=json_body ) response = notify_api.test_client().post( "/", data=json_body, headers={ 'Authorization': 'Bearer {}'.format(token) } ) assert response.status_code == 200
def test_authentication_passes_when_service_has_multiple_keys_some_expired( notify_api, notify_db, notify_db_session, sample_api_key ): with notify_api.test_request_context(): with notify_api.test_client() as client: exprired_key = { "service_id": sample_api_key.service_id, "name": "expired_key", "expiry_date": datetime.now(), } expired_api_key = ApiKey(**exprired_key) save_model_api_key(expired_api_key) another_key = {"service_id": sample_api_key.service_id, "name": "another_key"} api_key = ApiKey(**another_key) save_model_api_key(api_key) token = create_jwt_token( request_method="GET", request_path=url_for("service.get_service"), secret=get_unsigned_secret(api_key.id), client_id=sample_api_key.service_id, ) response = client.get(url_for("service.get_service"), headers={"Authorization": "Bearer {}".format(token)}) assert response.status_code == 200
def test_should_not_allow_valid_token_with_invalid_post_body(notify_api): json_body = json.dumps({ "key1": "value1", "key2": "value2", "key3": "value3" }) token = create_jwt_token( request_method="POST", request_path="/", secret="secret", client_id="client_id", request_body=json_body ) response = notify_api.test_client().post( "/", data="spurious", headers={ 'Authorization': 'Bearer {}'.format(token) } ) assert response.status_code == 403 data = json.loads(response.get_data()) assert data['error'] == 'Invalid token: payload'
def test_should_allow_valid_token_with_post_body(notify_api, notify_db, notify_db_session, sample_api_key): with notify_api.test_request_context(): with notify_api.test_client() as client: service = Service.query.get(sample_api_key.service_id) data = { "name": "new name", "users": [service.users[0].id], "limit": 1000, "restricted": False, "active": False, } token = create_jwt_token( request_method="PUT", request_path=url_for("service.update_service", service_id=sample_api_key.service_id), secret=get_unsigned_secret(sample_api_key.id), client_id=sample_api_key.service_id, request_body=json.dumps(data), ) headers = [("Content-Type", "application/json"), ("Authorization", "Bearer {}".format(token))] response = client.put( url_for("service.update_service", service_id=service.id), data=json.dumps(data), headers=headers ) assert response.status_code == 200
def __create_post_token(service_id, request_body): return create_jwt_token(request_method="POST", request_path=url_for('service.create_service'), secret=get_unsigned_secrets(service_id)[0], client_id=service_id, request_body=request_body)