simple-auth/tests/python/test_requests.py

import base64
import jwt
import os
import requests

from datetime import datetime
from unittest import TestCase

URL = os.getenv("SIMPLE_AUTH_URL", "http://127.0.0.1:5555")
PUB_KEY_PATH = os.getenv("SIMPLE_AUTH_PUB_KEY", "")


class TestResponse(TestCase):
    def setUp(self):
        with open(PUB_KEY_PATH, "r") as f:
            self.pub_key = f.read()

    def test_get_target(self, pubkey=None):
        resp = requests.post(
            URL + "/get/", json={"email": "toto@toto.fr", "password": "tata"}
        )
        self.assertEqual(resp.status_code, 200, "bad status code returned")
        self.assertIsNotNone(resp.json(), "response data can't be empty")

        token = resp.json()["access_token"]
        jwt_decoded = jwt.decode(
            token,
            pubkey or self.pub_key,
            algorithms=["RS384"],
            options={
                "verify_signature": True,
                "verify_claims": True,
                "verify_iss": True,
            },
        )
        self.assertEqual("thegux.fr", jwt_decoded["iss"])
        self.assertEqual("toto@toto.fr", jwt_decoded["email"])

        jwt_exp = datetime.fromtimestamp(jwt_decoded["exp"])
        jwt_iat = datetime.fromtimestamp(jwt_decoded["iat"])
        date_exp = datetime.strptime(str(jwt_exp - jwt_iat), "%H:%M:%S")
        self.assertEqual(2, date_exp.hour)
        return token

    def test_validate_target_no_token(self):
        resp = requests.post(
            URL + "/validate/", json={"username": "toto@toto.fr", "password": "tata"}
        )
        self.assertEqual(resp.status_code, 200, "bad status code returned")
        self.assertIsNotNone(resp.json(), "response data can't be empty")
        self.assertEqual(resp.json()["valid"], False, "bad status returned")
        self.assertEqual(resp.json()["reason"], "no token provided in the request body")

    def test_validate_target_empty_token(self):
        resp = requests.post(URL + "/validate/", json={"tutu": "tutu", "token": ""})
        self.assertEqual(resp.status_code, 200, "bad status code returned")
        self.assertIsNotNone(resp.json(), "response data can't be empty")
        self.assertEqual(resp.json()["valid"], False, "bad status returned")
        self.assertEqual(
            resp.json()["reason"],
            "token validation failed details=JWT compact encoding error",
        )

    def test_validate_target(self):
        token = self.test_get_target()

        resp = requests.post(URL + "/validate/", json={"token": token})
        self.assertEqual(resp.status_code, 200, "bad status code returned")
        self.assertIsNotNone(resp.json(), "response data can't be empty")
        self.assertEqual(resp.json()["valid"], True, "bad status returned")

    # TODO: must be updated after implementing `/refresh/` url handler
    def test_refresh_target(self):
        resp = requests.post(
            URL + "/refresh/", json={"username": "toto", "password": "tata"}
        )
        self.assertEqual(resp.status_code, 404, "bad status code returned")
        self.assertIsNotNone(resp.json(), "response data can't be empty")
        self.assertEqual(
            resp.json()["error"],
            "url not found",
            "bad status returned",
        )

    def test_no_credentials(self):
        resp = requests.post(URL + "/get/")
        self.assertEqual(resp.status_code, 400, "bad status code returned")
        self.assertIsNotNone(resp.json(), "response data must not be empty")
        self.assertEqual(
            resp.json()["error"],
            "bad request",
            "invalid error message returned",
        )

    def test_bad_credentials(self):
        resp = requests.post(URL + "/get/", json={"email": "tutu", "password": "titi"})
        self.assertEqual(resp.status_code, 403, "bad status code returned")
        self.assertIsNotNone(resp.json(), "response data must not be empty")
        self.assertEqual(
            resp.json()["error"],
            "url forbidden",
            "invalid error message returned",
        )

    def test_bad_target(self):
        resp = requests.post(
            URL + "/token/", json={"username": "toto", "password": "tata"}
        )
        self.assertEqual(resp.status_code, 404, "bad status code returned")
        self.assertIsNotNone(resp.json(), "response data must not be empty")
        self.assertEqual(
            resp.json()["error"],
            "url not found",
            "invalid error message returned",
        )

    def test_get_pubkey(self):
        resp = requests.get(URL + "/pubkey/")
        self.assertEqual(resp.status_code, 200, "bad status code returned")
        self.assertIsNotNone(resp.json(), "response data must not be empty")
        self.assertIsNotNone(resp.json()["pubkey"], "invalid error message returned")

        b64_pubkey = base64.b64decode(resp.json()["pubkey"])
        self.assertIsNotNone(b64_pubkey, "public key b64 decoded can't be empty")
        b64_pubkey_decoded = b64_pubkey.decode()
        self.assertIn("-BEGIN PUBLIC KEY-", b64_pubkey_decoded)

        self.test_get_target(b64_pubkey_decoded)

    def test_get_pubkey_bad_method(self):
        resp = requests.post(URL + "/pubkey/", json={"tutu": "toto"})
        self.assertEqual(resp.status_code, 400, "bad status code returned")
        self.assertIsNotNone(resp.json(), "response data must not be empty")
        self.assertEqual(
            resp.json()["error"],
            "bad request",
            "invalid error message returned",
        )