darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2026-02-01 15:46:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

Add test case for uncaught jwt exception

Browse Source
This commit is contained in:
David McDonald
2020-01-24 17:25:49 +00:00
parent c71de8d62a
commit ba21d04080
1 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
tests/app/authentication/test_authentication.py
View File

@@ -126,6 +126,29 @@ def test_admin_auth_should_not_allow_request_with_no_iat(client, sample_api_key)
assert exc.value.short_message == 'Invalid token: signature, api token is not valid' assert exc.value.short_message == 'Invalid token: signature, api token is not valid'
def test_auth_should_not_allow_request_with_extra_claims(client, sample_api_key):
iss = str(sample_api_key.service_id)
key = get_unsigned_secrets(sample_api_key.service_id)[0]
headers = {
"typ": 'JWT',
"alg": 'HS256'
}
claims = {
'iss': iss,
'iat': int(time.time()),
'aud': 'notifications.service.gov.uk' # extra claim that we don't support
}
token = jwt.encode(payload=claims, key=key, headers=headers).decode()
request.headers = {'Authorization': 'Bearer {}'.format(token)}
with pytest.raises(AuthError) as exc:
requires_auth()
assert exc.value.short_message == 'Invalid token: signature, api token is not valid'
def test_should_not_allow_invalid_secret(client, sample_api_key): def test_should_not_allow_invalid_secret(client, sample_api_key):
token = create_jwt_token( token = create_jwt_token(
secret="not-so-secret", secret="not-so-secret",