diff options
author | Lars Wirzenius <liw@liw.fi> | 2018-10-27 10:12:48 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2018-10-27 10:12:48 +0300 |
commit | 66e669f30298164a692c5368d3e7f73134490cd1 (patch) | |
tree | 06bc0449c927f548de91bd7e691d1f7a9f4461c8 | |
parent | e9f8836dfc0bf5c945fd401600ab2daa781d2be3 (diff) | |
download | muck-poc-66e669f30298164a692c5368d3e7f73134490cd1.tar.gz |
Add: test token isn't expired
-rw-r--r-- | muck/token.py | 2 | ||||
-rw-r--r-- | muck/token_tests.py | 14 |
2 files changed, 15 insertions, 1 deletions
diff --git a/muck/token.py b/muck/token.py index dd85ec9..e818ccf 100644 --- a/muck/token.py +++ b/muck/token.py @@ -33,7 +33,7 @@ class TokenChecker: try: return jwt.decode( token, key=self._key, audience=None, options=options) - except jwt.DecodeError as e: + except (jwt.DecodeError, jwt.ExpiredSignatureError) as e: raise muck.Error(str(e)) def _get_token_text(self, value): diff --git a/muck/token_tests.py b/muck/token_tests.py index dadbda9..9530d83 100644 --- a/muck/token_tests.py +++ b/muck/token_tests.py @@ -44,6 +44,20 @@ class TokenCheckerTests(unittest.TestCase): with self.assertRaises(muck.Error): self.tc.parse_header('Bearer XXX') + def test_rejects_expired_token(self): + claims = { + 'sub': 'subject-1', + 'scopes': 'scope-1', + 'iss': 'issuer-1', + 'aud': 'audience-1', + 'exp': time.time() - 3600, + } + + token = muck.create_token(claims, muck.test_key_text) + header = 'Bearer {}'.format(token) + with self.assertRaises(muck.Error): + self.tc.parse_header(header) + def test_accepts_valid_token(self): claims = { 'sub': 'subject-1', |