示例#1
0
def test_process_request_allows_matching_issuer():
    jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJleGFtcGxlLmNvbSJ9.c2lmFOiVCSRyegrYJjx60BzBhacHt3BZ-avr4PtGqWk'
    middleware = JWTMiddleware(key='secret', issuer='example.com')
    request = Request(headers={'Authorization': 'Bearer {}'.format(jwt)})
    middleware.process_request(request)

    assert request.jwt == {'iss': 'example.com'}
示例#2
0
def test_process_request_allows_matching_audience():
    jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJleGFtcGxlLmNvbSJ9.INovSA2CyXeBwzR0Bqq-pFuxfQLVgnFpN4x1JP0Ve84'
    middleware = JWTMiddleware(key='secret', audience=['example.com'])
    request = Request(headers={'Authorization': 'Bearer {}'.format(jwt)})
    middleware.process_request(request)

    assert request.jwt == {'aud': 'example.com'}
示例#3
0
def test_process_request_disallows_missing_issuer(jwt):
    middleware = JWTMiddleware(key='secret', issuer='example.com')
    request = Request(headers={'Authorization': 'Bearer {}'.format(jwt)})

    with pytest.raises(MissingRequiredClaimError):
        middleware.process_request(request)

    assert request.jwt == None
示例#4
0
def test_process_response_unsets_cookie(middleware, jwt):
    response = Response()
    response.jwt_cookie = None
    response = middleware.process_response(Request(), response)

    morsel = response.cookies['jwt']
    assert morsel.value == ''
    assert morsel['expires'] == 'Thu, 01-Jan-1970 00:00:00 GMT'
示例#5
0
def test_process_request_disallows_incorrect_issuer():
    jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJleGFtcGxlLmNvbSJ9.c2lmFOiVCSRyegrYJjx60BzBhacHt3BZ-avr4PtGqWk'
    middleware = JWTMiddleware(key='secret', issuer='prod.example.com')
    request = Request(headers={'Authorization': 'Bearer {}'.format(jwt)})

    with pytest.raises(InvalidIssuerError):
        middleware.process_request(request)

    assert request.jwt == None
示例#6
0
def test_process_request_disallows_incorrect_audience():
    jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJleGFtcGxlLmNvbSJ9.INovSA2CyXeBwzR0Bqq-pFuxfQLVgnFpN4x1JP0Ve84'
    middleware = JWTMiddleware(key='secret', audience='prod.example.com')
    request = Request(headers={'Authorization': 'Bearer {}'.format(jwt)})

    with pytest.raises(InvalidAudienceError):
        middleware.process_request(request)

    assert request.jwt == None
示例#7
0
    def test_get(self):
        request = Request()
        response = self.resource.get(request)

        self.assertEqual(response.headers['Content-Type'],
                         'application/json; charset=utf8')

        self.assertEqual(response.content,
                         '{"url": "/resource/5", "next_url": "/resource/5"}')
示例#8
0
def test_process_request_calls_401_for_invalid_token():
    jwt = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJleGFtcGxlLmNvbSJ9.INovSA2CyXeBwzR0Bqq-pFuxfQLVgnFpN4x1JP0Ve84'
    middleware = JWTMiddleware(key='secret', audience='prod.example.com')
    middleware.custom_401 = lambda r: Response('custom 401')

    request = Request(headers={'Authorization': 'Bearer {}'.format(jwt)})
    response = middleware.process_request(request)

    assert response.content == 'custom 401'
    assert request.jwt == None
示例#9
0
def test_process_request_decodes_authorization_header(middleware, jwt):
    request = Request(headers={'Authorization': 'Bearer {}'.format(jwt)})
    middleware.process_request(request)

    assert request.jwt == {'name': 'Kyle'}
示例#10
0
def test_process_request_sets_empty_jwt_when_none_provided(middleware):
    request = Request()
    middleware.process_request(request)

    assert request.jwt is None
示例#11
0
def test_process_response_encodes_cookie(middleware, jwt):
    response = Response()
    response.jwt_cookie = {'name': 'Kyle'}
    response = middleware.process_response(Request(), response)

    assert response.cookies['jwt'].value == jwt
示例#12
0
def test_process_request_ignores_invalid_cookie(middleware, jwt):
    request = Request()
    request.cookies['jwt'] = 'a.b.c'
    middleware.process_request(request)

    assert request.jwt is None
示例#13
0
def test_process_request_decodes_cookie(middleware, jwt):
    request = Request()
    request.cookies['jwt'] = jwt
    middleware.process_request(request)

    assert request.jwt == {'name': 'Kyle'}
示例#14
0
    def test_decodes_request_cookie(self):
        request = Request()
        request.COOKIES = {'jwt': self.jwt}
        self.middleware.process_request(request)

        self.assertEqual(request.jwt, {'name': 'Kyle'})