2018-05-21 19:07:14 +00:00
|
|
|
import jwt
|
2018-04-25 20:52:36 +00:00
|
|
|
import pytest
|
|
|
|
from aiohttp import web
|
2018-05-21 19:07:14 +00:00
|
|
|
|
2018-04-25 20:52:36 +00:00
|
|
|
from aiohttp_security import setup as _setup
|
2018-05-21 19:07:14 +00:00
|
|
|
from aiohttp_security import AbstractAuthorizationPolicy
|
2018-04-25 20:52:36 +00:00
|
|
|
from aiohttp_security.api import IDENTITY_KEY
|
2018-05-21 19:07:14 +00:00
|
|
|
from aiohttp_security.jwt_identity import JWTIdentityPolicy
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture
|
|
|
|
def make_token():
|
|
|
|
def factory(payload, secret):
|
|
|
|
return jwt.encode(
|
|
|
|
payload,
|
|
|
|
secret,
|
|
|
|
algorithm='HS256',
|
|
|
|
)
|
|
|
|
|
|
|
|
return factory
|
2018-04-25 20:52:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
class Autz(AbstractAuthorizationPolicy):
|
|
|
|
|
|
|
|
async def permits(self, identity, permission, context=None):
|
|
|
|
pass
|
|
|
|
|
|
|
|
async def authorized_userid(self, identity):
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
|
|
async def test_no_pyjwt_installed(mocker):
|
|
|
|
mocker.patch('aiohttp_security.jwt_identity.jwt', None)
|
|
|
|
with pytest.raises(RuntimeError):
|
|
|
|
JWTIdentityPolicy('secret')
|
|
|
|
|
|
|
|
|
2018-05-21 19:07:14 +00:00
|
|
|
async def test_identify(loop, make_token, test_client):
|
2018-04-25 20:52:36 +00:00
|
|
|
kwt_secret_key = 'Key'
|
|
|
|
|
2018-05-21 19:07:14 +00:00
|
|
|
token = make_token({'login': 'Andrew'}, kwt_secret_key)
|
2018-04-25 20:52:36 +00:00
|
|
|
|
2018-05-21 19:07:14 +00:00
|
|
|
async def check(request):
|
|
|
|
policy = request.app[IDENTITY_KEY]
|
|
|
|
identity = await policy.identify(request)
|
|
|
|
assert 'Andrew' == identity['login']
|
|
|
|
return web.Response()
|
2018-04-25 20:52:36 +00:00
|
|
|
|
2018-05-21 19:07:14 +00:00
|
|
|
app = web.Application(loop=loop)
|
|
|
|
_setup(app, JWTIdentityPolicy(kwt_secret_key), Autz())
|
|
|
|
app.router.add_route('GET', '/', check)
|
|
|
|
|
|
|
|
client = await test_client(app)
|
|
|
|
headers = {'Authorization': 'Bearer {}'.format(token.decode('utf-8'))}
|
|
|
|
resp = await client.get('/', headers=headers)
|
|
|
|
assert 200 == resp.status
|
|
|
|
|
|
|
|
|
|
|
|
async def test_identify_broken_scheme(loop, make_token, test_client):
|
|
|
|
kwt_secret_key = 'Key'
|
|
|
|
|
|
|
|
token = make_token({'login': 'Andrew'}, kwt_secret_key)
|
2018-04-25 20:52:36 +00:00
|
|
|
|
|
|
|
async def check(request):
|
|
|
|
policy = request.app[IDENTITY_KEY]
|
2018-05-21 19:07:14 +00:00
|
|
|
|
|
|
|
try:
|
|
|
|
await policy.identify(request)
|
|
|
|
except ValueError as exc:
|
|
|
|
raise web.HTTPBadRequest(reason=exc)
|
|
|
|
|
2018-04-25 20:52:36 +00:00
|
|
|
return web.Response()
|
|
|
|
|
|
|
|
app = web.Application(loop=loop)
|
|
|
|
_setup(app, JWTIdentityPolicy(kwt_secret_key), Autz())
|
|
|
|
app.router.add_route('GET', '/', check)
|
2018-05-21 19:07:14 +00:00
|
|
|
|
2018-04-25 20:52:36 +00:00
|
|
|
client = await test_client(app)
|
2018-05-21 19:07:14 +00:00
|
|
|
headers = {'Authorization': 'Token {}'.format(token.decode('utf-8'))}
|
2018-04-25 20:52:36 +00:00
|
|
|
resp = await client.get('/', headers=headers)
|
2018-05-21 19:07:14 +00:00
|
|
|
assert 400 == resp.status
|
|
|
|
assert 'Invalid authorization scheme' in resp.reason
|