-
Notifications
You must be signed in to change notification settings - Fork 68
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
29166f4
commit 27ffe6d
Showing
3 changed files
with
92 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
"""Identity policy for storing info in the jwt token. | ||
""" | ||
|
||
from .abc import AbstractIdentityPolicy | ||
try: | ||
import jwt | ||
except ImportError: # pragma: no cover | ||
jwt = None | ||
|
||
|
||
AUTH_HEADER_NAME = 'Authorization' | ||
|
||
|
||
class JWTIdentityPolicy(AbstractIdentityPolicy): | ||
def __init__(self, secret, algorithm=None): | ||
if jwt is None: | ||
raise RuntimeError("Please install pyjwt") | ||
self.secret = secret | ||
self.algorithm = 'HS256' if algorithm is None else algorithm | ||
|
||
async def identify(self, request): | ||
header_identity = request.headers.get(AUTH_HEADER_NAME) | ||
identity = jwt.decode(header_identity, | ||
self.secret, | ||
algorithm=self.algorithm) | ||
|
||
return identity['identity'] | ||
|
||
async def remember(self, *args, **kwargs): # pragma: no cover | ||
pass | ||
|
||
async def forget(self, request, response): # pragma: no cover | ||
pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
import pytest | ||
from aiohttp import web | ||
from aiohttp_security import AbstractAuthorizationPolicy | ||
from aiohttp_security import setup as _setup | ||
from aiohttp_security.jwt_identity import JWTIdentityPolicy | ||
from aiohttp_security.api import IDENTITY_KEY | ||
import jwt | ||
|
||
|
||
class Autz(AbstractAuthorizationPolicy): | ||
|
||
async def permits(self, identity, permission, context=None): | ||
pass | ||
|
||
async def authorized_userid(self, identity): | ||
pass | ||
|
||
|
||
async def test_no_pyjwt_installed(mocker): | ||
mocker.patch('aiohttp_security.jwt_identity.jwt', None) | ||
with pytest.raises(RuntimeError): | ||
JWTIdentityPolicy('secret') | ||
|
||
|
||
async def test_identify(loop, test_client): | ||
kwt_secret_key = 'Key' | ||
|
||
async def create(request): | ||
response = web.Response() | ||
data = await request.post() | ||
|
||
encoded_identity = jwt.encode({'identity': data['login']}, | ||
kwt_secret_key, | ||
algorithm='HS256') | ||
|
||
response.text = encoded_identity.decode('utf-8') | ||
return response | ||
|
||
async def check(request): | ||
policy = request.app[IDENTITY_KEY] | ||
user_id = await policy.identify(request) | ||
assert 'Andrew' == user_id | ||
return web.Response() | ||
|
||
app = web.Application(loop=loop) | ||
_setup(app, JWTIdentityPolicy(kwt_secret_key), Autz()) | ||
app.router.add_route('GET', '/', check) | ||
app.router.add_route('POST', '/', create) | ||
client = await test_client(app) | ||
resp = await client.post('/', data={'login': 'Andrew'}) | ||
jwt_token = await resp.content.read() | ||
assert 200 == resp.status | ||
await resp.release() | ||
headers = {'Authorization': str(jwt_token.decode('utf-8'))} | ||
resp = await client.get('/', headers=headers) | ||
assert 200 == resp.status |