示例#1
0
def expected_filter_by_role_result(token_id1, token_id4):
    return [
        Token(cid="username", r=["admin", "lead", "analyst"], cts=datetime(2020, 1, 1),
              ets=datetime(2020, 2, 1), rcid="username", tid=token_id1),
        Token(cid="username", r=["analyst"], cts=datetime(2019, 1, 1), ets=datetime(2019, 2, 1),
              rcid="username", tid=token_id4)
    ]
示例#2
0
    def create_token(self,
                     client_id,
                     roles=[],
                     requesting_client=None,
                     expiration=None):
        """Create a JWT token for use in Lowball applications.

        :param client_id: client id for the token
        :type client_id: str
        :param roles: list of roles to give the client
        :type roles: list(str)
        :param requesting_client: The user requesting the token
        :type requesting_client: str
        :param expiration: time of expiration for this token
        :type expiration: datetime
        :return: Token and token data
        :rtype: str, Token
        """

        if not client_id or not isinstance(client_id, str):
            raise BadRequestException("Invalid client id")

        if not roles:
            roles = []
        if not isinstance(roles, list) or not all(
                isinstance(r, str) for r in roles):
            raise BadRequestException("Roles must be a list of strings")

        if requesting_client is not None and not isinstance(
                requesting_client, str):
            raise BadRequestException("Invalid requesting client id")

        now = datetime.datetime.utcnow()

        if not requesting_client:
            requesting_client = client_id

        if expiration is None:
            expiration = now + datetime.timedelta(
                seconds=self.config.default_token_life)

        token_id = generate_token_id()
        token_data = Token(cid=client_id,
                           r=roles,
                           cts=now,
                           ets=expiration,
                           rcid=requesting_client,
                           tid=token_id)

        if token_data.expiration - now > datetime.timedelta(
                seconds=self.config.max_token_life):
            raise InvalidTokenLifeException

        token = jwt.encode(token_data.to_dict(),
                           self.config.token_secret,
                           algorithm="HS256")

        return token, token_data
示例#3
0
 def test_to_dict_method_returns_proper_data(self, username, roles, created,
                                             expiration, issued_by,
                                             token_id, token_dict):
     token = Token(cid=username,
                   r=roles,
                   cts=created,
                   ets=expiration,
                   rcid=issued_by,
                   tid=token_id)
     assert token.to_dict() == token_dict
示例#4
0
    def test_setting_roles_to_bad_value_raises_type_error(
            self, username, roles, created, expiration, issued_by, token_id,
            not_list):
        token = Token(cid=username,
                      r=roles,
                      cts=created,
                      ets=expiration,
                      rcid=issued_by,
                      tid=token_id)

        with pytest.raises(TypeError):
            token.roles = not_list
示例#5
0
    def test_setting_expiration_to_bad_string_raises_value_error(
            self, username, roles, created, expiration, issued_by, token_id,
            bad_date_string):
        token = Token(cid=username,
                      r=roles,
                      cts=created,
                      ets=expiration,
                      rcid=issued_by,
                      tid=token_id)

        with pytest.raises(ValueError):
            token.expiration = bad_date_string
示例#6
0
    def test_setting_expiration_to_not_datetime_raises_type_error(
            self, username, roles, created, expiration, issued_by, token_id,
            not_datetime):
        token = Token(cid=username,
                      r=roles,
                      cts=created,
                      ets=expiration,
                      rcid=issued_by,
                      tid=token_id)

        with pytest.raises(TypeError):
            token.expiration = not_datetime
示例#7
0
    def test_setting_roles_to_bad_value_after_init_raises_value_error(
            self, username, roles, created, expiration, issued_by, token_id,
            invalid_roles):
        token = Token(cid=username,
                      r=roles,
                      cts=created,
                      ets=expiration,
                      rcid=issued_by,
                      tid=token_id)

        with pytest.raises(ValueError):
            token.roles = invalid_roles
示例#8
0
def expired_token(token_id):
    return Token(cid="username",
                 r=[],
                 cts=datetime.datetime(2019, 11, 1),
                 ets=datetime.datetime(2019, 12, 1),
                 rcid="another_user",
                 tid=token_id)
示例#9
0
def token(token_id, all_roles):
    return Token(cid="username",
                 r=all_roles,
                 cts=datetime.datetime(2020, 1, 1),
                 ets=datetime.datetime(2020, 2, 1),
                 rcid="username",
                 tid=token_id)
示例#10
0
def mock_list_tokens(monkeypatch, token_id1, token_id2, token_id3, token_id5, token_id4):
    mock_return = Mock()
    mock_return.return_value = [
        Token(cid="username", r=["admin", "lead", "analyst"], cts=datetime(2020, 1, 1),
              ets=datetime(2020, 2, 1), rcid="username", tid=token_id1),
        Token(cid="other_user", r=["admin"], cts=datetime(2020, 1, 1), ets=datetime(2020, 2, 1),
              rcid="username", tid=token_id2),
        Token(cid="username", r=["admin", "lead"], cts=datetime(2019, 1, 1),
              ets=datetime(2019, 2, 1), rcid="username", tid=token_id5),
        Token(cid="other_user", r=[], cts=datetime(2020, 1, 1), ets=datetime(2020, 2, 1),
              rcid="username", tid=token_id3),
        Token(cid="username", r=["analyst"], cts=datetime(2019, 1, 1), ets=datetime(2019, 2, 1),
              rcid="username", tid=token_id4)
    ]

    monkeypatch.setattr(DefaultAuthDB, "list_tokens", mock_return)
示例#11
0
def decoded_data(token_id):
    return Token(cid="username1",
                 r=['admin', 'lead', 'analyst'],
                 cts='2020-01-01 00:00:00',
                 ets='2020-01-01 00:30:00',
                 rcid="username1",
                 tid=token_id)
示例#12
0
def create_token3(token_id, fake_now, all_roles):
    return Token(cid="username1",
                 r=all_roles,
                 cts=fake_now,
                 ets=datetime.datetime(2020, 1, 1, 0, 30),
                 rcid="username2",
                 tid=token_id)
示例#13
0
 def mocked_decode_token(self, token):
     return Token(cid="username",
                  r=[],
                  cts=datetime.datetime(2019, 11, 1),
                  ets=datetime.datetime(2019, 12, 1),
                  rcid="another_user",
                  tid=token_id)
示例#14
0
 def mocked_lookup_token(token):
     return Token(cid="different_user",
                  r=[],
                  cts=datetime.datetime(2019, 11, 1),
                  ets=datetime.datetime(2020, 12, 1),
                  rcid="another_user",
                  tid=token_id)
示例#15
0
    def _load_token(self, token_id):
        """Load token data from the file system into a token object.

        If there is a token file for the given token ID, but the data cannot be loaded
        into a Token object, then the file will automatically be deleted by this
        method, as this could cause issues with other operations.

        :param token_id: the identifier of the token to be loaded
        :return: token object
        :rtype: Token
        """
        if not valid_token_id(token_id):
            raise ValueError(f"invalid token_id: {token_id}")

        token_file = self.token_path.joinpath(token_id)

        if not token_file.exists():
            return None

        with open(token_file, "r") as f:
            data = self._YAML.load(f)

        try:
            return Token(**data)
        except (TypeError, ValueError):
            self._delete_token(token_id)
示例#16
0
 def test_init_raises_type_error_when_improper_data_passed_in(
         self, user, roles, created, expiration, issued_by, token_id):
     with pytest.raises(TypeError):
         Token(cid=user,
               r=roles,
               cts=created,
               ets=expiration,
               rcid=issued_by,
               tid=token_id)
示例#17
0
 def test_not_all_roles_strings_raises_value_error(self, username, created,
                                                   expiration, issued_by,
                                                   token_id, invalid_roles):
     with pytest.raises(ValueError):
         Token(cid=username,
               r=invalid_roles,
               cts=created,
               ets=expiration,
               rcid=issued_by,
               tid=token_id)
示例#18
0
    def decode_token(self, token):
        """Decode a Lowball token.

        :param token: JWT Lowball token string
        :type token: str
        :return: token data object
        :rtype: Token
        """
        try:
            payload = jwt.decode(token,
                                 self.config.token_secret,
                                 algorithms=["HS256"])
        except Exception as err:
            raise InvalidTokenException(str(err))
        return Token(**payload)