import jwt import os import requests from datetime import datetime from unittest import TestCase URL = os.getenv("SIMPLE_AUTH_URL", "http://127.0.0.1:5555") PUB_KEY_PATH = os.getenv("SIMPLE_AUTH_PUB_KEY", "") class TestResponse(TestCase): def setUp(self): with open(PUB_KEY_PATH, "r") as f: self.pub_key = f.read() def test_get_target(self): resp = requests.post( URL + "/get/", json={"username": "toto", "password": "tata"} ) self.assertEqual(resp.status_code, 200, "bad status code returned") self.assertIsNotNone(resp.json(), "response data can't be empty") token = resp.json()["token"] jwt_decoded = jwt.decode( token, self.pub_key, algorithms=["RS384"], options={ "verify_signature": True, "verify_claims": True, "verify_iss": True, }, ) self.assertEqual("thegux.fr", jwt_decoded["iss"]) jwt_exp = datetime.fromtimestamp(jwt_decoded["exp"]) jwt_iat = datetime.fromtimestamp(jwt_decoded["iat"]) date_exp = datetime.strptime(str(jwt_exp - jwt_iat), "%H:%M:%S") self.assertEqual(2, date_exp.hour) return token def test_validate_target_no_token(self): resp = requests.post( URL + "/validate/", json={"username": "toto", "password": "tata"} ) self.assertEqual(resp.status_code, 200, "bad status code returned") self.assertIsNotNone(resp.json(), "response data can't be empty") self.assertEqual(resp.json()["valid"], "false", "bad status returned") self.assertEqual(resp.json()["reason"], "no token provided in the request body") def test_validate_target_empty_token(self): resp = requests.post(URL + "/validate/", json={"tutu": "tutu", "token": ""}) self.assertEqual(resp.status_code, 200, "bad status code returned") self.assertIsNotNone(resp.json(), "response data can't be empty") self.assertEqual(resp.json()["valid"], "false", "bad status returned") self.assertEqual( resp.json()["reason"], "token validation failed details=JWT compact encoding error", ) def test_validate_target(self): token = self.test_get_target() resp = requests.post(URL + "/validate/", json={"token": token}) self.assertEqual(resp.status_code, 200, "bad status code returned") self.assertIsNotNone(resp.json(), "response data can't be empty") self.assertEqual(resp.json()["valid"], "true", "bad status returned") # TODO: must be updated after implementing `/refresh/` url handler def test_refresh_target(self): resp = requests.post( URL + "/refresh/", json={"username": "toto", "password": "tata"} ) self.assertEqual(resp.status_code, 404, "bad status code returned") self.assertIsNotNone(resp.json(), "response data can't be empty") self.assertEqual( resp.json()["error"], "the url requested does not exist", "bad status returned", ) def test_no_credentials(self): resp = requests.post(URL + "/get/") self.assertEqual(resp.status_code, 400, "bad status code returned") self.assertIsNotNone(resp.json(), "response data must not be empty") self.assertEqual( resp.json()["error"], "the incoming request is not valid", "invalid error message returned", ) def test_bad_credentials(self): resp = requests.post( URL + "/get/", json={"username": "tutu", "password": "titi"} ) self.assertEqual(resp.status_code, 403, "bad status code returned") self.assertIsNotNone(resp.json(), "response data must not be empty") self.assertEqual( resp.json()["error"], "invalid credentials", "invalid error message returned", ) def test_bad_target(self): resp = requests.post( URL + "/token/", json={"username": "toto", "password": "tata"} ) self.assertEqual(resp.status_code, 404, "bad status code returned") self.assertIsNotNone(resp.json(), "response data must not be empty") self.assertEqual( resp.json()["error"], "the url requested does not exist", "invalid error message returned", )