def test_init_raises_for_invalid_signature(self, claims): jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, "wrong-secret", "test-audience") assert exc.value.description == "Invalid grant token signature."
def test_init_raises_for_none_key(self, claims): jwttok = jwt_token(claims) with pytest.raises(InvalidClientError) as exc: VerifiedJWTGrantToken(jwttok, None, "test-audience") assert exc.value.description == "Client is invalid."
def test_init_raises_for_invalid_signature_algorithm(self, claims): jwttok = jwt_token(claims, alg="HS512") with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert exc.value.description == "Invalid grant token signature algorithm."
def test_subject_returns_sub_claim(self, claims): jwttok = jwt_token(claims) grant_token = VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert grant_token.subject == "test-subject"
def test_init_raises_for_too_long_token_lifetime(self, claims): claims["exp"] = epoch(delta=timedelta(minutes=15)) jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert exc.value.description == "Grant token lifetime is too long."
def test_init_raises_for_nbf_claim_in_future(self, claims): claims["nbf"] = epoch(delta=timedelta(minutes=2)) jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert exc.value.description == "Grant token is not yet valid."
def test_init_raises_when_expired_with_leeway(self, claims): claims["exp"] = epoch(delta=timedelta(minutes=-2)) jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert exc.value.description == "Grant token is expired."
def test_init_raises_for_invalid_aud(self, claims): claims["aud"] = "different-audience" jwttok = jwt_token(claims) with pytest.raises(InvalidJWTGrantTokenClaimError) as exc: VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert exc.value.description == "Invalid claim 'aud' (audience) in grant token."
def test_init_raises_for_missing_claims(self, claims, claim, description): del claims[claim] jwttok = jwt_token(claims) with pytest.raises(InvalidGrantError) as exc: VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert (exc.value.description == f"Missing claim '{claim}' ({description}) from grant token.")
def test_init_raises_for_invalid_timestamp_types(self, claims, claim, description): claims[claim] = "wut" jwttok = jwt_token(claims) with pytest.raises(InvalidJWTGrantTokenClaimError) as exc: VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert (exc.value.description == f"Invalid claim '{claim}' ({description}) in grant token.")
def test_subject_raises_for_empty_sub_claim(self, claims): claims["sub"] = "" jwttok = jwt_token(claims) grant_token = VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") with pytest.raises(InvalidGrantError) as exc: _ = grant_token.subject assert (exc.value.description == "Missing claim 'sub' (subject) from grant token.")
def test_not_before_returns_nbf_claim(self, claims): now = datetime.utcnow().replace(microsecond=0) delta = timedelta(minutes=-2) claims["nbf"] = epoch(timestamp=now, delta=delta) jwttok = jwt_token(claims) grant_token = VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert grant_token.not_before == (now + delta)
def test_init_returns_token_when_valid(self, claims): jwttok = jwt_token(claims) actual = VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience") assert isinstance(actual, VerifiedJWTGrantToken)
def test_init_returns_token_when_expired_but_in_leeway(self, claims): claims["exp"] = epoch(delta=timedelta(seconds=-8)) jwttok = jwt_token(claims) VerifiedJWTGrantToken(jwttok, "top-secret", "test-audience")