-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathtest_auth.py
More file actions
112 lines (71 loc) · 3.03 KB
/
test_auth.py
File metadata and controls
112 lines (71 loc) · 3.03 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
import base64
import time
from pathlib import Path
import pytest
from fastapi_cloud_cli.utils.auth import (
AuthConfig,
Identity,
_is_jwt_expired,
write_auth_config,
)
from .utils import create_jwt_token
def test_is_jwt_expired_with_valid_token() -> None:
future_exp = int(time.time()) + 3600
token = create_jwt_token({"exp": future_exp, "sub": "test_user"})
assert not _is_jwt_expired(token)
def test_is_jwt_expired_with_expired_token() -> None:
past_exp = int(time.time()) - 3600
token = create_jwt_token({"exp": past_exp, "sub": "test_user"})
assert _is_jwt_expired(token)
def test_is_jwt_expired_with_no_exp_claim() -> None:
token = create_jwt_token({"sub": "test_user"})
# Tokens without exp claim should be considered valid
assert not _is_jwt_expired(token)
@pytest.mark.parametrize(
"token",
[
"not.a.valid.jwt.token",
"only.two",
"invalid",
"",
"...",
],
)
def test_is_jwt_expired_with_malformed_token(token: str) -> None:
assert _is_jwt_expired(token)
def test_is_jwt_expired_with_invalid_base64() -> None:
token = "header.!!!invalid_signature!!!.signature"
assert _is_jwt_expired(token)
def test_is_jwt_expired_with_invalid_json() -> None:
header_encoded = base64.urlsafe_b64encode(b'{"alg":"HS256"}').decode().rstrip("=")
payload_encoded = base64.urlsafe_b64encode(b"{invalid json}").decode().rstrip("=")
signature = base64.urlsafe_b64encode(b"signature").decode().rstrip("=")
token = f"{header_encoded}.{payload_encoded}.{signature}"
assert _is_jwt_expired(token)
def test_is_jwt_expired_edge_case_exact_expiration() -> None:
current_time = int(time.time())
token = create_jwt_token({"exp": current_time, "sub": "test_user"})
assert _is_jwt_expired(token)
def test_is_jwt_expired_edge_case_one_second_before() -> None:
current_time = int(time.time())
token = create_jwt_token({"exp": current_time + 1, "sub": "test_user"})
assert not _is_jwt_expired(token)
def test_is_expired_with_no_token(temp_auth_config: Path) -> None:
assert not temp_auth_config.exists()
assert Identity().is_expired()
def test_is_logged_in_with_no_token(temp_auth_config: Path) -> None:
assert not temp_auth_config.exists()
assert not Identity().is_logged_in()
def test_is_logged_in_with_valid_token(temp_auth_config: Path) -> None:
future_exp = int(time.time()) + 3600
token = create_jwt_token({"exp": future_exp, "sub": "test_user"})
write_auth_config(AuthConfig(access_token=token))
assert Identity().is_logged_in()
def test_is_logged_in_with_expired_token(temp_auth_config: Path) -> None:
past_exp = int(time.time()) - 3600
token = create_jwt_token({"exp": past_exp, "sub": "test_user"})
write_auth_config(AuthConfig(access_token=token))
assert not Identity().is_logged_in()
def test_is_logged_in_with_malformed_token(temp_auth_config: Path) -> None:
write_auth_config(AuthConfig(access_token="not.a.valid.token"))
assert not Identity().is_logged_in()