def test_custom_json_encoder():
policy = JWTAuthenticationPolicy('secret')
principal_id = uuid.uuid4()
claim_value = uuid.uuid4()
with pytest.raises(TypeError):
token = policy.create_token('subject', uuid_value=claim_value)
policy = JWTAuthenticationPolicy('secret', json_encoder=MyCustomJsonEncoder)
request = Request.blank('/')
request.authorization = ('JWT', policy.create_token(principal_id, uuid_value=claim_value))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == str(principal_id)
assert request.jwt_claims.get('uuid_value') == str(claim_value)
def test_dynamic_expired_token():
policy = JWTAuthenticationPolicy("secret", expiration=-1)
request = Request.blank("/")
request.authorization = ("JWT", policy.create_token(15, expiration=5))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == 15
policy = JWTAuthenticationPolicy("secret")
request.authorization = ("JWT", policy.create_token(15, expiration=-1))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) is None
request.authorization = ("JWT", policy.create_token(15))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == 15
def test_dynamic_expired_token():
policy = JWTAuthenticationPolicy('secret', expiration=-1)
request = Request.blank('/')
request.authorization = ('JWT', policy.create_token(15, expiration=5))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == 15
policy = JWTAuthenticationPolicy('secret')
request.authorization = ('JWT', policy.create_token(15, expiration=-1))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) is None
request.authorization = ('JWT', policy.create_token(15))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == 15
def test_audience_invalid():
policy = JWTAuthenticationPolicy('secret', audience='example.org')
token = policy.create_token(15, name=u'Jöhn', admin=True, audience='example.com')
request = Request.blank('/')
request.authorization = ('JWT', token)
jwt_claims = policy.get_claims(request)
assert jwt_claims == {}
def test_audience_invalid():
policy = JWTAuthenticationPolicy("secret", audience="example.org")
token = policy.create_token(15, name=u"Jöhn", admin=True, audience="example.com")
request = Request.blank("/")
request.authorization = ("JWT", token)
jwt_claims = policy.get_claims(request)
assert jwt_claims == {}
def login(request):
"""Login and get JWT token."""
user_payload = {
'locale':
'en_GB',
'id':
'669a99c2-9bb3-443f-8891-e600a15e3c10',
'fullname':
'Rudá Filgueiras',
'first_name':
'Rudá',
'email':
'*****@*****.**',
'last_name':
'Filgueiras',
'groups': [
'g:briefy_qa', 'g:briefy_pm', 'g:briefy_bizdev', 'g:briefy_scout',
'g:briefy_finance', 'g:briefy_support', 'g:briefy'
]
}
policy = JWTAuthenticationPolicy(private_key=JWT_SECRET,
expiration=int(JWT_EXPIRATION))
token = policy.create_token(user_payload['id'], **user_payload)
cls = request.cls
cls.token = token
return user_payload
def test_multiple_to_one_audience_valid():
policy = JWTAuthenticationPolicy('secret', audience='example.org,example2.org')
token = policy.create_token(15, name=u'Jöhn', admin=True, audience='example.org')
request = Request.blank('/')
request.authorization = ('JWT', token)
jwt_claims = policy.get_claims(request)
assert jwt_claims['aud'] == ['example.org']
def test_token_callable_token():
def _():
return "secret"
policy = JWTAuthenticationPolicy(_)
token = policy.create_token(15)
assert isinstance(token, str)
def test_extra_claims():
policy = JWTAuthenticationPolicy('secret')
token = policy.create_token(15, name=u'Jöhn', admin=True)
request = Request.blank('/')
request.authorization = ('JWT', token)
jwt_claims = policy.get_claims(request)
assert jwt_claims['name'] == u'Jöhn'
assert jwt_claims['admin']
def test_extra_claims():
policy = JWTAuthenticationPolicy("secret")
token = policy.create_token(15, name=u"Jöhn", admin=True)
request = Request.blank("/")
request.authorization = ("JWT", token)
jwt_claims = policy.get_claims(request)
assert jwt_claims["name"] == u"Jöhn"
assert jwt_claims["admin"]
def test_extra_claims():
policy = JWTAuthenticationPolicy('secret')
token = policy.create_token(15, name=u'Jöhn', admin=True)
request = Request.blank('/')
request.authorization = ('JWT', token)
jwt_claims = policy.get_claims(request)
assert jwt_claims['name'] == u'Jöhn'
assert jwt_claims['admin']
def test_expired_token():
policy = JWTAuthenticationPolicy('secret', expiration=-1)
request = Request.blank('/')
request.authorization = ('JWT', policy.create_token(15))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) is None
policy.leeway = 5
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == 15
def login_as_customer():
"""Login and get JWT token."""
user_payload = {
'locale': 'en_GB',
'id': '83c0ea60-1d60-4d4b-2c63-0e5bfad1ef9d',
'fullname': 'Maike Bork',
'first_name': 'Maike',
'email': '*****@*****.**',
'last_name': 'Borke',
'groups': ['g:customers']
}
policy = JWTAuthenticationPolicy(private_key=JWT_SECRET,
expiration=int(JWT_EXPIRATION))
token = policy.create_token(user_payload['id'], **user_payload)
return (user_payload, token)
def login_as_professional():
"""Login and get JWT token."""
user_payload = {
'locale': 'en_GB',
'id': '23d94a43-3947-42fc-958c-09245ecca5f2',
'fullname': 'Sebastiao Salgado',
'first_name': 'Sebastiao',
'email': '*****@*****.**',
'last_name': 'Salgado',
'groups': ['g:professionals']
}
policy = JWTAuthenticationPolicy(private_key=JWT_SECRET,
expiration=int(JWT_EXPIRATION))
token = policy.create_token(user_payload['id'], **user_payload)
return (user_payload, token)
def test_other_header():
policy = JWTAuthenticationPolicy('secret', http_header='X-Token')
request = Request.blank('/')
request.headers['X-Token'] = policy.create_token(15)
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == 15
def test_algorithm_unsupported():
policy = JWTAuthenticationPolicy("secret", algorithm="SHA1")
with pytest.raises(NotImplementedError):
token = policy.create_token(15, name=u"Jöhn", admin=True)
def test_minimal_roundtrip():
policy = JWTAuthenticationPolicy("secret")
request = Request.blank("/")
request.authorization = ("JWT", policy.create_token(15))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == 15
def test_token_most_be_str():
policy = JWTAuthenticationPolicy("secret")
token = policy.create_token(15)
assert isinstance(token, str)
def test_other_header():
policy = JWTAuthenticationPolicy('secret', http_header='X-Token')
request = Request.blank('/')
request.headers['X-Token'] = policy.create_token(15)
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == 15
def test_wrong_auth_scheme():
policy = JWTAuthenticationPolicy('secret')
request = Request.blank('/')
request.authorization = ('Other', policy.create_token(15))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) is None
def test_minimal_roundtrip():
policy = JWTAuthenticationPolicy('secret')
request = Request.blank('/')
request.authorization = ('JWT', policy.create_token(15))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == 15
def test_wrong_auth_scheme():
policy = JWTAuthenticationPolicy("secret")
request = Request.blank("/")
request.authorization = ("Other", policy.create_token(15))
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) is None
def test_other_header():
policy = JWTAuthenticationPolicy("secret", http_header="X-Token")
request = Request.blank("/")
request.headers["X-Token"] = policy.create_token(15)
request.jwt_claims = policy.get_claims(request)
assert policy.unauthenticated_userid(request) == 15
def test_token_most_be_str():
policy = JWTAuthenticationPolicy('secret')
token = policy.create_token(15)
assert isinstance(token, str)
