init for jwt identity (#147)
This commit is contained in:
parent
29166f4743
commit
27ffe6dc3c
|
@ -0,0 +1,34 @@
|
||||||
|
"""Identity policy for storing info in the jwt token.
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
from .abc import AbstractIdentityPolicy
|
||||||
|
try:
|
||||||
|
import jwt
|
||||||
|
except ImportError: # pragma: no cover
|
||||||
|
jwt = None
|
||||||
|
|
||||||
|
|
||||||
|
AUTH_HEADER_NAME = 'Authorization'
|
||||||
|
|
||||||
|
|
||||||
|
class JWTIdentityPolicy(AbstractIdentityPolicy):
|
||||||
|
def __init__(self, secret, algorithm=None):
|
||||||
|
if jwt is None:
|
||||||
|
raise RuntimeError("Please install pyjwt")
|
||||||
|
self.secret = secret
|
||||||
|
self.algorithm = 'HS256' if algorithm is None else algorithm
|
||||||
|
|
||||||
|
async def identify(self, request):
|
||||||
|
header_identity = request.headers.get(AUTH_HEADER_NAME)
|
||||||
|
identity = jwt.decode(header_identity,
|
||||||
|
self.secret,
|
||||||
|
algorithm=self.algorithm)
|
||||||
|
|
||||||
|
return identity['identity']
|
||||||
|
|
||||||
|
async def remember(self, *args, **kwargs): # pragma: no cover
|
||||||
|
pass
|
||||||
|
|
||||||
|
async def forget(self, request, response): # pragma: no cover
|
||||||
|
pass
|
|
@ -2,6 +2,7 @@
|
||||||
flake8==3.5.0
|
flake8==3.5.0
|
||||||
pytest==3.5.0
|
pytest==3.5.0
|
||||||
pytest-cov==2.5.1
|
pytest-cov==2.5.1
|
||||||
|
pytest-mock==1.6.3
|
||||||
coverage==4.5.1
|
coverage==4.5.1
|
||||||
sphinx==1.7.3
|
sphinx==1.7.3
|
||||||
pep257==0.7.0
|
pep257==0.7.0
|
||||||
|
@ -13,3 +14,4 @@ passlib==1.7.1
|
||||||
cryptography==2.2.2
|
cryptography==2.2.2
|
||||||
aiohttp==3.1.3
|
aiohttp==3.1.3
|
||||||
pytest-aiohttp==0.3.0
|
pytest-aiohttp==0.3.0
|
||||||
|
pyjwt
|
|
@ -0,0 +1,56 @@
|
||||||
|
import pytest
|
||||||
|
from aiohttp import web
|
||||||
|
from aiohttp_security import AbstractAuthorizationPolicy
|
||||||
|
from aiohttp_security import setup as _setup
|
||||||
|
from aiohttp_security.jwt_identity import JWTIdentityPolicy
|
||||||
|
from aiohttp_security.api import IDENTITY_KEY
|
||||||
|
import jwt
|
||||||
|
|
||||||
|
|
||||||
|
class Autz(AbstractAuthorizationPolicy):
|
||||||
|
|
||||||
|
async def permits(self, identity, permission, context=None):
|
||||||
|
pass
|
||||||
|
|
||||||
|
async def authorized_userid(self, identity):
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
async def test_no_pyjwt_installed(mocker):
|
||||||
|
mocker.patch('aiohttp_security.jwt_identity.jwt', None)
|
||||||
|
with pytest.raises(RuntimeError):
|
||||||
|
JWTIdentityPolicy('secret')
|
||||||
|
|
||||||
|
|
||||||
|
async def test_identify(loop, test_client):
|
||||||
|
kwt_secret_key = 'Key'
|
||||||
|
|
||||||
|
async def create(request):
|
||||||
|
response = web.Response()
|
||||||
|
data = await request.post()
|
||||||
|
|
||||||
|
encoded_identity = jwt.encode({'identity': data['login']},
|
||||||
|
kwt_secret_key,
|
||||||
|
algorithm='HS256')
|
||||||
|
|
||||||
|
response.text = encoded_identity.decode('utf-8')
|
||||||
|
return response
|
||||||
|
|
||||||
|
async def check(request):
|
||||||
|
policy = request.app[IDENTITY_KEY]
|
||||||
|
user_id = await policy.identify(request)
|
||||||
|
assert 'Andrew' == user_id
|
||||||
|
return web.Response()
|
||||||
|
|
||||||
|
app = web.Application(loop=loop)
|
||||||
|
_setup(app, JWTIdentityPolicy(kwt_secret_key), Autz())
|
||||||
|
app.router.add_route('GET', '/', check)
|
||||||
|
app.router.add_route('POST', '/', create)
|
||||||
|
client = await test_client(app)
|
||||||
|
resp = await client.post('/', data={'login': 'Andrew'})
|
||||||
|
jwt_token = await resp.content.read()
|
||||||
|
assert 200 == resp.status
|
||||||
|
await resp.release()
|
||||||
|
headers = {'Authorization': str(jwt_token.decode('utf-8'))}
|
||||||
|
resp = await client.get('/', headers=headers)
|
||||||
|
assert 200 == resp.status
|
Loading…
Reference in New Issue