1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
# Copyright (C) 2018 Lars Wirzenius
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import time
import unittest
import muck
class TokenCheckerTests(unittest.TestCase):
def setUp(self):
self.tc = muck.TokenChecker(muck.test_key_text.strip().encode('ascii'))
def create_token(self, time_delta, key_text):
claims = {
'sub': 'subject-1',
'scopes': 'scope-1',
'iss': 'issuer-1',
'aud': 'audience-1',
'exp': time.time() + time_delta,
}
return claims, muck.create_token(claims, key_text)
def test_rejects_no_authorization_header(self):
with self.assertRaises(muck.Error):
self.tc.parse_header(None)
def test_rejects_empty_authorization_header(self):
with self.assertRaises(muck.Error):
self.tc.parse_header('')
def test_rejects_nonbearer_header(self):
with self.assertRaises(muck.Error):
self.tc.parse_header('Foo')
def test_rejects_nonbearer_header_2(self):
with self.assertRaises(muck.Error):
self.tc.parse_header('Foo XXX')
def test_rejects_bad_bearer_header(self):
with self.assertRaises(muck.Error):
self.tc.parse_header('Bearer XXX')
def test_rejects_expired_token(self):
_, token = self.create_token(-3600, muck.test_key_text)
header = 'Bearer {}'.format(token)
with self.assertRaises(muck.Error):
self.tc.parse_header(header)
def test_rejects_signature_from_unknown_key(self):
_, token = self.create_token(3600, other_key_text)
header = 'Bearer {}'.format(token)
with self.assertRaises(muck.Error):
self.tc.parse_header(header)
def test_accepts_valid_token(self):
claims, token = self.create_token(3600, muck.test_key_text)
header = 'Bearer {}'.format(token)
parsed = self.tc.parse_header(header)
self.assertEqual(claims, parsed)
other_key_text = '''\
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA0y6hh3iWS8Ap5E+qB5MjnSoaa1WHhSuRJ57gsD7rdYNq6jnJ
mwfNG8n3OaepIYsEROvw5N19cjGW35czVS3PYrvibyg8mP0cAGzl4SI+WFLYfiBj
uh1eHiEkNITrpKBExa8lMS+Nu4q1u+MNoJQ7kdqq/mUUrhEj4FfZrBaxWB5Y3yEu
vgc7S04F0b2YDf0SwAL/1J27vNNxocGNcS3Sb0OmpPLLS6N9nyhvL4aBtTpiiuAS
KC1qFKHVXDwc89OAynV+Cvk1YtAiqK3i8DX/+cm9fZq07RlSY8uEYOLUbTd0YrQx
6up2sX/fywbn4cqjecvLJLnRStqnjf2onboi4l/CKBC/tcIFd6zso2xDDAbz7+4i
0+uhASv7YsnWMGPGsPjWaNsh/3K3Vvb3M6PBEIimFbKM/2KKDjYyfOfDmlAvDScm
CXTpTdbvowztAbmrICCCqR45/jm1+B242KYPjHTeQdxbMLs21+KIlNku63HbxEMt
4/wgjCd+po8AykVpDUShaJkMGe/yoIRaZI0k2sS106kEWO1yuSgx5wNutPiZzHAZ
8ZQ6fkv0Q09e7ANy3OrepVQC3FKsuc5zyfk/89wRk2bkiRUN5gV1dtz1Ss8HDou0
2Dmrq7XShOzAm5znSqdMJec5ao8L2Kr8zcM9r2QG2uU1OivVv3jeqzq08L8CAwEA
AQKCAgEAh/kNTiGpe+qlzngwvSHTG32hdxyh3m/XzU/x0ekhSA+uxlMg6O4T9WGM
ChZWwt80h3/3IhUukVk2kI5VIfIWBrd8qx+YLNVDs05qkROwWsQ02rjWHV6NXA7w
tdQjuWLsBPCpnMrGkktUij4+Zvcqh9XopVXGA/HLTMajw7b0xwz7IefGpdoYJnt9
KbfOcKtS6EjGGkrZN1JZZtIt1QKw7Kz9XlVp6jDBULoDJPGREHQgQNTXPAFJvTEa
JIIcDi5PTYxq9HvTEOV8e2lCpnHOeDGaDYaQGd1k/BZtDMjgB9Zd3LOzNFN0ywLP
wHSY1vvXWDOMgAAYrv6sRbNeXvgbPsQHlqughXS0cqOjwcjTy0HAyV6t87vp4vTw
ilmdIJhelF4qbnI2pBIfBd4VJTyfvRlG7qM06+66wWhWiNGE9dVJrxhAnc3ivini
fmjpGSgjH+uP4PKZ1cw1b/VTzz1gA/1gqrRyG59bGf4jC6Tu1xB5u2WMAHjzuMu5
/98EEy06gnAHidozNkH/sTLO4j5YMnP9JSYIr33qp0HarW2MGjCrWod14twGwPAl
zXtJw9uuK76H5ZzyzrpOzUmil8cN+blGiVWVmEUn9LeFoBUTKDB1BhttxudJ3X1V
PeybAvguGluVf/AXlq3vnmUX1hLunrZhzOaK2rUmjBxeOsse5KkCggEBANZC/cav
S0UhF/f2gV0SpXqeaMjzJc75oA3QsN8EmaN7w5YbnJl2YFwzeNYRTpPfN1ZZ8Ujp
1vzUQNbtUqm7pCTI2E3YXn3SxleJYaTzlw7eXc4qjNEps4y2aD6uHVTTi3ky486H
2BvngcA5BcibM6sJSZ8HE9/KoP4+ET5RoGQSCXw/75Ln1ybrgUAVIa/3LjdCGU2j
k3JBEECxyUikXJpZAXz+uVGEj4Yww4vt6ORU91KKb0xaP5qJT4n6kXtXyhx1IV8b
Rh/FktbNaRuV18MmmWEk6Sgh86kXkQTqjsFMfD/M7TzOXxLGYvwzqwDOFhCQtM/m
XbbM1s5gZzX5kVMCggEBAPxSEQm+MT8UBr45GHnxVfuIKRhdfOYlZjuyZR981B6k
aGjPT+Ck0aAtByCO5rg8TkqVI2YN9nCBPq/bCCJw0uPCcYd4ZuMECZV3Zf+fX4JK
THO5juTAsW9F/w8AUVLN2/SDP00BlKmVKC08oDEAQ8ciANMZmv1/OpWw8UgLo20m
mpf2P8kVzQvDQga8FCwyEU78Htoja8GE7OEnrc7sP3pBClF8F5qHmdUEYrP4O9r7
B0qwPkaOddMPO76nNd+ET667U+VeqC2GuoboaZ1Emi9/6FEtkjQxXRn1HpeobjwN
0SqkVbKeA2a7gVCExKi4f+HF4fzS8hRDE1ioBbqMmWUCggEAIYK0wkBkW1mDsCqD
rRTfgMAJz3QH88ki+UYsg5TqmqEew/lpkq7q/0Clo4Vtbr84nm7OyAKat0xTH8pa
ZWWNlJs9CV/P14oBr2szNGNMuuyYa0hIYeZNyLI2t6bvu3ail8AX1RN1/1dD+dZx
SyDLAfMf6plmyFeeumTmuYJ2vW/8v8wYIjfUdKfcvTMQ476bIdVas8Pjqbj3W8by
nkPmn9VP4EbOoStEb05tJxN8m0mWrPgt1BlBXWAgaoof+tSOLck8AO35F7sE7keO
KtxStJjy4DivprE4tLeU3Nn6nczime/pItt8DymsDZnfIu8YkFqxjNqQyahb6Ec3
nT99NQKCAQEAyV912aDBDOaeuxI2RpwlUynIInn6RHN0tBAcRJULdakg6wUJavAf
nQZSudlSqZb3pO6B4eEi3YdI0HCufU4uATgeA1BETMncHD2+WdSIFSPXAEUHlelz
sqradM58GOnSscJNstegHfe8qN3Ju1HKxhKNNe0plUcFKpKc/jLLq0E0ADO3lHSh
wNGE0HsqXltXFQKCXPYH+dpscwWH4a0KvDdMVNwEun+edjOZ0qg6nPnbR/CAwy7P
OjLeK7qndEvUjE9VFaoF7s+n7iNupuUpaN9cOe100dLTyvOmBsOVtrgQR0gAXR1e
+Y6MFgbgLQeSiE21nmF8ck9WEVuHtuqfQQKCAQAjZiMIXgXNpQ/Ylat/nRw11YR5
qPaVGkwQkaSICAo0Yw7nNCbxc6aZY9qIkk/teEFvSW8fv7rIWJqR3/md94hVpWtr
+NCZDhI9Ug/V68QFxr8GQr6jnOLWbGdc/yvVjUaDhk7VUUjEbjdILXcI4yEmYGq+
KKtwTfZkAWJ0NatuMMR0VvIJLLLyQ/yDjHrXAhL0DSOi4Fr0KFmsZcA2xvDIrTQV
7gOwvp8ifgfirVrJliYVtY6eWR5zAm5BBzlc0KJ+a3zUxyx+KrMtO1ZYMUMSkwNo
RFsENfhOq2PeGLDEgAibhaPGvNCU+mvLy+VAAGPnCz7munB6B1whcAAmgkj7
-----END RSA PRIVATE KEY-----'''
|