def test_token_user_does_not_has_perm(many_feature): jwt = get_jwt(features=many_feature[0]) token = UntypedToken(jwt) token_user = PermissionedTokenUser(token) assert not token_user.has_perm('not_a_permission') assert not token_user.has_perm(many_feature[1][0].split('.')[0]) # doesn't match on just feature assert not token_user.has_perm(many_feature[1][0].split('.')[1]) # doesn't match on just permission
def test_token_user_cache_fallback_life(): iat = datetime_to_epoch(aware_utcnow()) jwt = get_jwt(exp=iat+15, iat=iat) token = UntypedToken(jwt) token.payload['iat'] = None token_user = PermissionedTokenUser(token) assert token_user._get_permission_cache_life() == 300
def test_passive_jwt_auth(username): with pytest.raises(exceptions.AuthenticationFailed): passive_credentials_auth('') user = passive_credentials_auth(get_jwt(username=username)) assert user.is_authenticated assert not user.is_staff assert not user.is_superuser assert user.username == '*****@*****.**' assert user.token.get('organization_id', None) is None
def test_organization_jwt_auth(username, organization_id): user = passive_credentials_auth(get_jwt(username=username, organization_id=organization_id)) assert user.token.get('organization_id', None) == organization_id
def test_token_user_has_perms(many_feature): jwt = get_jwt(features=many_feature[0]) token = UntypedToken(jwt) token_user = PermissionedTokenUser(token) assert token_user.has_perms(many_feature[1])
def test_token_user_get_many_permission(many_feature): jwt = get_jwt(features=many_feature[0]) token = UntypedToken(jwt) token_user = PermissionedTokenUser(token) assert token_user.get_all_permissions() == many_feature[1]
def test_token_user_get_no_permissions(): jwt = get_jwt() token = UntypedToken(jwt) token_user = PermissionedTokenUser(token) assert token_user.get_all_permissions() == []
def test_token_user_cache_calculated_life(): iat = datetime_to_epoch(aware_utcnow()) jwt = get_jwt(exp=iat+15, iat=iat) token = UntypedToken(jwt) token_user = PermissionedTokenUser(token) assert token_user._get_permission_cache_life() == 15
def test_token_user_cache_life(): jwt = get_jwt() token = UntypedToken(jwt) token_user = PermissionedTokenUser(token) assert token_user._get_permission_cache_life() == 300
def test_token_user_sub_exp_cache_key(): """If no jti or at_hash is included in get_jwt then use {sub}.{exp} as cache key""" jwt = get_jwt(jti=0, sub=uuid4().hex) token = UntypedToken(jwt) token_user = PermissionedTokenUser(token) assert token_user._get_permission_cache_key() == f'{token_user.token.get("sub")}.{token_user.token.get("exp")}'
def test_token_user_at_hash_cache_key(): """If no jti is included in get_jwt then use at_hash as cache key if exists""" jwt = get_jwt(jti=0, at_hash=uuid4().hex) token = UntypedToken(jwt) token_user = PermissionedTokenUser(token) assert token_user._get_permission_cache_key() == token_user.token.get('at_hash')
def test_token_user_jti_cache_key(): """By default, the jti is included in get_jwt and is used as cache key""" jwt = get_jwt() token = UntypedToken(jwt) token_user = PermissionedTokenUser(token) assert token_user._get_permission_cache_key() == token_user.token.get('jti')