From bbed26de50cbb74d19a7f548fc150b00e49d510c Mon Sep 17 00:00:00 2001 From: amor71 Date: Tue, 19 Mar 2019 14:23:00 +0200 Subject: [PATCH 1/5] 1. fixing tests: add algorithms parameter to decode() 2. 'black' the tests --- tests/conftest.py | 37 ++---- tests/test_async_options.py | 6 +- tests/test_authentication.py | 42 ++---- tests/test_authentication_custom.py | 20 +-- tests/test_claims.py | 106 ++++++++------- tests/test_complete_authentication.py | 90 +++++-------- tests/test_configuration.py | 35 ++--- tests/test_convenience_methods.py | 14 +- tests/test_custom_claims.py | 35 ++--- tests/test_decorators.py | 42 ++---- tests/test_decorators_override_config.py | 4 +- tests/test_endpoints_async_methods.py | 30 ++--- tests/test_endpoints_auth.py | 8 +- tests/test_endpoints_auth_on_url_prefix.py | 8 +- tests/test_endpoints_basic.py | 12 +- tests/test_endpoints_cbv.py | 18 +-- tests/test_endpoints_cookies.py | 123 +++++++---------- tests/test_endpoints_custom.py | 9 +- tests/test_endpoints_dict_first.py | 9 +- tests/test_endpoints_extra.py | 5 +- tests/test_endpoints_init_on_bp_and_app.py | 42 ++---- tests/test_endpoints_init_on_bp_decorated.py | 3 +- tests/test_endpoints_init_on_bp_multiple.py | 42 ++---- ...test_endpoints_init_on_bp_retrieve_user.py | 6 +- tests/test_endpoints_jwt_cryptography.py | 36 ++--- tests/test_endpoints_multiple.py | 3 +- tests/test_endpoints_query_string.py | 97 ++++++-------- tests/test_endpoints_scoped.py | 124 +++++------------- tests/test_endpoints_scoped_simple.py | 5 +- tests/test_endpoints_sync_methods.py | 33 ++--- tests/test_exceptions.py | 4 +- tests/test_extend_payload.py | 26 ++-- tests/test_extra_verifications.py | 29 ++-- tests/test_initialize.py | 18 +-- tests/test_me_invalid.py | 9 +- tests/test_microservices.py | 7 +- tests/test_utils.py | 1 - tests/test_wrong_token.py | 11 +- 38 files changed, 381 insertions(+), 768 deletions(-) diff --git a/tests/conftest.py b/tests/conftest.py index 1925e15..4801baf 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -12,7 +12,6 @@ class User: - def __init__(self, id, username, password): self.user_id = id self.username = username @@ -40,15 +39,12 @@ def userid_table(users): @pytest.yield_fixture def authenticate(username_table): - async def authenticate(request, *args, **kwargs): username = request.json.get("username", None) password = request.json.get("password", None) if not username or not password: - raise exceptions.AuthenticationFailed( - "Missing username or password." - ) + raise exceptions.AuthenticationFailed("Missing username or password.") user = username_table.get(username, None) if user is None: @@ -64,7 +60,6 @@ async def authenticate(request, *args, **kwargs): @pytest.yield_fixture def retrieve_user(userid_table): - async def retrieve_user(request, payload, *args, **kwargs): if payload: user_id = payload.get("user_id", None) @@ -117,11 +112,8 @@ def app_with_refresh_token(username_table, authenticate): sanic_app, authenticate=authenticate, refresh_token_enabled=True, - store_refresh_token=lambda user_id, - refresh_token, - request: True, - retrieve_refresh_token=lambda user_id, - request: True, + store_refresh_token=lambda user_id, refresh_token, request: True, + retrieve_refresh_token=lambda user_id, request: True, ) yield (sanic_app, sanic_jwt) @@ -178,9 +170,7 @@ async def bp_protected_request(request): def app_with_bp(app_with_bp_setup_without_init): sanic_app, sanic_bp = app_with_bp_setup_without_init sanic_jwt_init = Initialize(sanic_app, authenticate=authenticate) - sanic_jwt_init_bp = Initialize( - sanic_bp, app=sanic_app, authenticate=authenticate - ) + sanic_jwt_init_bp = Initialize(sanic_bp, app=sanic_app, authenticate=authenticate) sanic_app.blueprint(sanic_bp) yield (sanic_app, sanic_jwt_init, sanic_bp, sanic_jwt_init_bp) @@ -210,9 +200,7 @@ async def protected_request(request): def app_with_leeway(username_table, authenticate): sanic_app = Sanic() - sanic_jwt = Initialize( - sanic_app, authenticate=authenticate, leeway=(60 * 5) - ) + sanic_jwt = Initialize(sanic_app, authenticate=authenticate, leeway=(60 * 5)) @sanic_app.route("/") async def helloworld(request): @@ -231,10 +219,7 @@ def app_with_nbf(username_table, authenticate): sanic_app = Sanic() sanic_jwt = Initialize( - sanic_app, - authenticate=authenticate, - claim_nbf=True, - claim_nbf_delta=(60 * 5), + sanic_app, authenticate=authenticate, claim_nbf=True, claim_nbf_delta=(60 * 5) ) @sanic_app.route("/") @@ -253,9 +238,7 @@ async def protected_request(request): def app_with_iat(username_table, authenticate): sanic_app = Sanic() - sanic_jwt = Initialize( - sanic_app, authenticate=authenticate, claim_iat=True - ) + sanic_jwt = Initialize(sanic_app, authenticate=authenticate, claim_iat=True) @sanic_app.route("/") async def helloworld(request): @@ -331,7 +314,6 @@ async def protected_request(request): @pytest.yield_fixture def app_with_extra_verification(authenticate): - def user2(payload): return payload.get("user_id") == 2 @@ -339,9 +321,7 @@ def user2(payload): sanic_app = Sanic() sanic_jwt = Initialize( - sanic_app, - authenticate=authenticate, - extra_verifications=extra_verifications, + sanic_app, authenticate=authenticate, extra_verifications=extra_verifications ) @sanic_app.route("/protected") @@ -354,7 +334,6 @@ async def protected_request(request): @pytest.yield_fixture def app_with_custom_claims(authenticate): - class User2Claim(Claim): key = "username" diff --git a/tests/test_async_options.py b/tests/test_async_options.py index 2d6646f..8ff388c 100644 --- a/tests/test_async_options.py +++ b/tests/test_async_options.py @@ -16,7 +16,6 @@ class TestMethodView(HTTPMethodView): - async def options(self, *args, **kwargs): return text("ok") @@ -33,7 +32,6 @@ async def get(self, request): class CustomAuth(Authentication): - async def authenticate(self, request, *args, **kwargs): return {"username": "Rich", "password": "not secure"} @@ -74,7 +72,9 @@ def test_async_options(app): access_token = response.json.get(sanicjwt.config.access_token_name(), None) - payload = jwt.decode(access_token, sanicjwt.config.secret()) + payload = jwt.decode( + access_token, sanicjwt.config.secret(), algorithms=sanicjwt.config.algorithm() + ) assert "extra_info" in payload assert payload.get("extra_info") == "awesome!" diff --git a/tests/test_authentication.py b/tests/test_authentication.py index 57295d5..790f4dd 100644 --- a/tests/test_authentication.py +++ b/tests/test_authentication.py @@ -6,13 +6,11 @@ class WrongAuthentication(Authentication): - async def build_payload(self, user, *args, **kwargs): return {"not_user_id": 1} class AnotherWrongAuthentication(Authentication): - async def build_payload(self, user, *args, **kwargs): return list(range(5)) @@ -23,7 +21,6 @@ class AuthenticationWithNoMethod(Authentication): class AuthenticationInClassBody(Authentication): - async def authenticate(self, request, *args, **kwargs): return {"user_id": 1} @@ -68,11 +65,7 @@ def test_payload_without_correct_key(): app = Sanic() - Initialize( - app, - authenticate=authenticate, - authentication_class=WrongAuthentication, - ) + Initialize(app, authenticate=authenticate, authentication_class=WrongAuthentication) _, response = app.test_client.post( "/auth", json={"username": "user1", "password": "abcxyz"} @@ -87,9 +80,7 @@ def test_payload_not_a_dict(): app = Sanic() Initialize( - app, - authenticate=authenticate, - authentication_class=AnotherWrongAuthentication, + app, authenticate=authenticate, authentication_class=AnotherWrongAuthentication ) _, response = app.test_client.post( @@ -106,16 +97,13 @@ def test_wrong_header(app): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) assert response.status == 200 assert access_token is not None _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Foobar {}".format(access_token)}, + "/protected", headers={"Authorization": "Foobar {}".format(access_token)} ) assert response.status == 401 @@ -132,9 +120,7 @@ def test_tricky_debug_option_true(app): @sanic_app.route("/another_protected") @sanic_jwt.protected(debug=lambda: True) def another_protected(request): - return json( - {"protected": True, "is_debug": request.app.auth.config.debug()} - ) + return json({"protected": True, "is_debug": request.app.auth.config.debug()}) # @sanic_app.exception(Exception) # def in_case_of_exception(request, exception): @@ -146,16 +132,13 @@ def another_protected(request): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) assert response.status == 200 assert access_token is not None _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -182,9 +165,7 @@ def test_tricky_debug_option_false(app): @sanic_app.route("/another_protected") @sanic_jwt.protected(debug=lambda: False) def another_protected(request): - return json( - {"protected": True, "is_debug": request.app.auth.config.debug()} - ) + return json({"protected": True, "is_debug": request.app.auth.config.debug()}) # @sanic_app.exception(Exception) # def in_case_of_exception(request, exception): @@ -196,16 +177,13 @@ def another_protected(request): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) assert response.status == 200 assert access_token is not None _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 diff --git a/tests/test_authentication_custom.py b/tests/test_authentication_custom.py index 2268561..e874df1 100644 --- a/tests/test_authentication_custom.py +++ b/tests/test_authentication_custom.py @@ -6,9 +6,7 @@ @pytest.yield_fixture def app1(): - class MyAuthentication(Authentication): - async def store_refresh_token(self, *args, **kwargs): return @@ -25,18 +23,14 @@ def extract_payload(self, request, verify=True, *args, **kwargs): return app = Sanic() - Initialize( - app, authentication_class=MyAuthentication, refresh_token_enabled=True - ) + Initialize(app, authentication_class=MyAuthentication, refresh_token_enabled=True) yield app @pytest.yield_fixture def app2(): - class MyAuthentication(Authentication): - async def store_refresh_token(self, *args, **kwargs): return @@ -53,9 +47,7 @@ def extract_payload(self, request, verify=True, *args, **kwargs): return {} app = Sanic() - Initialize( - app, authentication_class=MyAuthentication, refresh_token_enabled=True - ) + Initialize(app, authentication_class=MyAuthentication, refresh_token_enabled=True) yield app @@ -100,9 +92,7 @@ def test_verify_no_auth_header(app1): def test_refresh_no_valid_object(app1): - _, response = app1.test_client.post( - "/auth/refresh", json={"not": "important"} - ) + _, response = app1.test_client.post("/auth/refresh", json={"not": "important"}) assert response.status == 401 assert response.json.get("exception") == "Unauthorized" @@ -110,9 +100,7 @@ def test_refresh_no_valid_object(app1): def test_refresh_no_valid_dict(app2): - _, response = app2.test_client.post( - "/auth/refresh", json={"not": "important"} - ) + _, response = app2.test_client.post("/auth/refresh", json={"not": "important"}) assert response.status == 401 assert response.json.get("exception") == "Unauthorized" diff --git a/tests/test_claims.py b/tests/test_claims.py index 89e2667..19a1b20 100644 --- a/tests/test_claims.py +++ b/tests/test_claims.py @@ -10,10 +10,10 @@ def test_unexpired(app): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, sanic_jwt.config.secret(), algorithms=sanic_jwt.config.algorithm() ) - payload = jwt.decode(access_token, sanic_jwt.config.secret()) exp = payload.get("exp", None) assert "exp" in payload @@ -24,8 +24,7 @@ def test_unexpired(app): assert datetime.utcnow() < exp _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -37,10 +36,10 @@ def test_expired(app): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, sanic_jwt.config.secret(), algorithms=sanic_jwt.config.algorithm() ) - payload = jwt.decode(access_token, sanic_jwt.config.secret()) exp = payload.get("exp", None) assert "exp" in payload @@ -52,8 +51,7 @@ def test_expired(app): assert datetime.utcnow() > exp _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 401 @@ -63,8 +61,7 @@ def test_expired(app): # regression test see # https://github.com/ahopkins/sanic-jwt/issues/59#issuecomment-380034269 _, response = sanic_app.test_client.get( - "/protected/0/", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/0/", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 401 @@ -78,10 +75,13 @@ def test_exp_configuration(app_with_extended_exp): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, + sanic_jwt.config.secret(), + algorithms=sanic_jwt.config.algorithm(), + verify=False, ) - payload = jwt.decode(access_token, sanic_jwt.config.secret(), verify=False) exp = payload.get("exp", None) exp = datetime.utcfromtimestamp(exp) @@ -90,8 +90,7 @@ def test_exp_configuration(app_with_extended_exp): assert datetime.utcnow() < exp _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -102,17 +101,19 @@ def test_leeway_configuration(app_with_leeway): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, + sanic_jwt.config.secret(), + algorithms=sanic_jwt.config.algorithm(), + verify=False, ) - payload = jwt.decode(access_token, sanic_jwt.config.secret(), verify=False) exp = payload.get("exp", None) exp = datetime.utcfromtimestamp(exp) with freeze_time(datetime.utcnow() + timedelta(seconds=(60 * 35 + 1))): _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 401 assert response.json.get("exception") == "Unauthorized" @@ -120,8 +121,7 @@ def test_leeway_configuration(app_with_leeway): with freeze_time(datetime.utcnow() + timedelta(seconds=(60 * 35 - 1))): _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -132,10 +132,13 @@ def test_nbf(app_with_nbf): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, + sanic_jwt.config.secret(), + algorithms=sanic_jwt.config.algorithm(), + verify=False, ) - payload = jwt.decode(access_token, sanic_jwt.config.secret(), verify=False) exp = payload.get("exp", None) exp = datetime.utcfromtimestamp(exp) @@ -143,8 +146,7 @@ def test_nbf(app_with_nbf): assert isinstance(payload.get("nbf"), int) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 401 @@ -153,20 +155,16 @@ def test_nbf(app_with_nbf): with freeze_time(datetime.utcnow() + timedelta(seconds=(60 * 5 - 10))): _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "The token is not yet valid (nbf)." in response.json.get( - "reasons" - ) + assert "The token is not yet valid (nbf)." in response.json.get("reasons") with freeze_time(datetime.utcnow() + timedelta(seconds=(60 * 5 + 10))): _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -178,17 +176,19 @@ def test_iat(app_with_iat): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, + sanic_jwt.config.secret(), + algorithms=sanic_jwt.config.algorithm(), + verify=False, ) - payload = jwt.decode(access_token, sanic_jwt.config.secret(), verify=False) assert "iat" in payload assert isinstance(payload.get("iat"), int) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -200,17 +200,19 @@ def test_iss(app_with_iss): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, + sanic_jwt.config.secret(), + algorithms=sanic_jwt.config.algorithm(), + verify=False, ) - payload = jwt.decode(access_token, sanic_jwt.config.secret(), verify=False) assert "iss" in payload assert isinstance(payload.get("iss"), str) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -223,17 +225,19 @@ def test_aud(app_with_aud): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, + sanic_jwt.config.secret(), + algorithms=sanic_jwt.config.algorithm(), + verify=False, ) - payload = jwt.decode(access_token, sanic_jwt.config.secret(), verify=False) assert "aud" in payload assert isinstance(payload.get("aud"), str) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 diff --git a/tests/test_complete_authentication.py b/tests/test_complete_authentication.py index d89c871..117d85b 100644 --- a/tests/test_complete_authentication.py +++ b/tests/test_complete_authentication.py @@ -14,17 +14,13 @@ def cache(): @pytest.yield_fixture def my_authentication_class(users, cache): - class MyAuthentication(Authentication): - async def authenticate(self, request, *args, **kwargs): username = request.json.get("username", None) password = request.json.get("password", None) if not username or not password: - raise exceptions.AuthenticationFailed( - "Missing username or password." - ) + raise exceptions.AuthenticationFailed("Missing username or password.") user = None @@ -41,9 +37,7 @@ async def authenticate(self, request, *args, **kwargs): return user - async def store_refresh_token( - self, user_id, refresh_token, *args, **kwargs - ): + async def store_refresh_token(self, user_id, refresh_token, *args, **kwargs): key = "refresh_token_{user_id}".format(user_id=user_id) cache[key] = refresh_token @@ -99,12 +93,8 @@ def app_full_auth_cls(sanic_app, my_authentication_class): @pytest.yield_fixture -def app_full_bytes_refresh_token( - users, sanic_app, my_authentication_class, cache -): - +def app_full_bytes_refresh_token(users, sanic_app, my_authentication_class, cache): class MyAuthentication(my_authentication_class): - async def retrieve_refresh_token(self, user_id, *args, **kwargs): key = "refresh_token_{user_id}".format(user_id=user_id) token = cache.get(key, None).encode("utf-8") @@ -112,9 +102,7 @@ async def retrieve_refresh_token(self, user_id, *args, **kwargs): return token sanicjwt = Initialize( - sanic_app, - authentication_class=MyAuthentication, - refresh_token_enabled=True, + sanic_app, authentication_class=MyAuthentication, refresh_token_enabled=True ) yield (sanic_app, sanicjwt) @@ -133,29 +121,27 @@ def test_authentication_all_methods(app_full_auth_cls): assert sanicjwt.config.refresh_token_name() in response.json access_token = response.json.get(sanicjwt.config.access_token_name(), None) - refresh_token = response.json.get( - sanicjwt.config.refresh_token_name(), None - ) + refresh_token = response.json.get(sanicjwt.config.refresh_token_name(), None) assert access_token is not None assert refresh_token is not None - payload = jwt.decode(access_token, sanicjwt.config.secret()) + payload = jwt.decode( + access_token, sanicjwt.config.secret(), algorithms=sanicjwt.config.algorithm() + ) assert "foo" in payload assert payload.get("foo") == "bar" _, response = app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 assert response.json.get("protected") is True _, response = app.test_client.get( - "/auth/verify", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/verify", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -173,15 +159,13 @@ def test_authentication_all_methods(app_full_auth_cls): json={sanicjwt.config.refresh_token_name(): refresh_token}, ) - new_access_token = response.json.get( - sanicjwt.config.access_token_name(), None - ) + new_access_token = response.json.get(sanicjwt.config.access_token_name(), None) assert response.status == 200 assert new_access_token is not None - assert response.json.get( - sanicjwt.config.refresh_token_name(), None - ) is None # there is no new refresh token + assert ( + response.json.get(sanicjwt.config.refresh_token_name(), None) is None + ) # there is no new refresh token assert sanicjwt.config.refresh_token_name() not in response.json @@ -198,9 +182,7 @@ def test_refresh_token_with_expired_access_token(app_full_auth_cls): assert sanicjwt.config.refresh_token_name() in response.json access_token = response.json.get(sanicjwt.config.access_token_name(), None) - refresh_token = response.json.get( - sanicjwt.config.refresh_token_name(), None - ) + refresh_token = response.json.get(sanicjwt.config.refresh_token_name(), None) assert access_token is not None assert refresh_token is not None @@ -212,15 +194,13 @@ def test_refresh_token_with_expired_access_token(app_full_auth_cls): json={sanicjwt.config.refresh_token_name(): refresh_token}, ) - new_access_token = response.json.get( - sanicjwt.config.access_token_name(), None - ) + new_access_token = response.json.get(sanicjwt.config.access_token_name(), None) assert response.status == 200 assert new_access_token is not None - assert response.json.get( - sanicjwt.config.refresh_token_name(), None - ) is None # there is no new refresh token + assert ( + response.json.get(sanicjwt.config.refresh_token_name(), None) is None + ) # there is no new refresh token assert sanicjwt.config.refresh_token_name() not in response.json @@ -236,9 +216,7 @@ def test_authentication_cross_tokens(app_full_auth_cls): assert sanicjwt.config.access_token_name() in response.json assert sanicjwt.config.refresh_token_name() in response.json - access_token_u1 = response.json.get( - sanicjwt.config.access_token_name(), None - ) + access_token_u1 = response.json.get(sanicjwt.config.access_token_name(), None) _, response = app.test_client.post( "/auth", json={"username": "user2", "password": "abcxyz"} @@ -248,9 +226,7 @@ def test_authentication_cross_tokens(app_full_auth_cls): assert sanicjwt.config.access_token_name() in response.json assert sanicjwt.config.refresh_token_name() in response.json - refresh_token_u2 = response.json.get( - sanicjwt.config.refresh_token_name(), None - ) + refresh_token_u2 = response.json.get(sanicjwt.config.refresh_token_name(), None) _, response = app.test_client.post( "/auth/refresh", @@ -276,29 +252,27 @@ def test_authentication_with_bytes_refresh_token(app_full_bytes_refresh_token): assert sanicjwt.config.refresh_token_name() in response.json access_token = response.json.get(sanicjwt.config.access_token_name(), None) - refresh_token = response.json.get( - sanicjwt.config.refresh_token_name(), None - ) + refresh_token = response.json.get(sanicjwt.config.refresh_token_name(), None) assert access_token is not None assert refresh_token is not None - payload = jwt.decode(access_token, sanicjwt.config.secret()) + payload = jwt.decode( + access_token, sanicjwt.config.secret(), algorithms=sanicjwt.config.algorithm() + ) assert "foo" in payload assert payload.get("foo") == "bar" _, response = app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 assert response.json.get("protected") is True _, response = app.test_client.get( - "/auth/verify", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/verify", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -316,13 +290,11 @@ def test_authentication_with_bytes_refresh_token(app_full_bytes_refresh_token): json={sanicjwt.config.refresh_token_name(): refresh_token}, ) - new_access_token = response.json.get( - sanicjwt.config.access_token_name(), None - ) + new_access_token = response.json.get(sanicjwt.config.access_token_name(), None) assert response.status == 200 assert new_access_token is not None - assert response.json.get( - sanicjwt.config.refresh_token_name(), None - ) is None # there is no new refresh token + assert ( + response.json.get(sanicjwt.config.refresh_token_name(), None) is None + ) # there is no new refresh token assert sanicjwt.config.refresh_token_name() not in response.json diff --git a/tests/test_configuration.py b/tests/test_configuration.py index bb77df7..ed55c28 100644 --- a/tests/test_configuration.py +++ b/tests/test_configuration.py @@ -78,7 +78,6 @@ def test_configuration_initialize_class_with_getter(): app = Sanic() class MyConfig(Configuration): - def set_access_token_name(self): return "return-level" @@ -94,13 +93,10 @@ def test_configuration_initialize_class_as_argument(): app = Sanic() class MyConfig(Configuration): - def set_access_token_name(self): return "return-level" - sanicjwt = Initialize( - app, configuration_class=MyConfig, authenticate=lambda: True - ) + sanicjwt = Initialize(app, configuration_class=MyConfig, authenticate=lambda: True) assert sanicjwt.config.access_token_name() == "return-level" @@ -111,9 +107,7 @@ def test_configuration_warning_non_callable(caplog): class MyConfig(Configuration): set_access_token_name = "return-level" - sanicjwt = Initialize( - app, configuration_class=MyConfig, authenticate=lambda: True - ) + sanicjwt = Initialize(app, configuration_class=MyConfig, authenticate=lambda: True) for record in caplog.records: if record.levelname == "WARNING": @@ -143,7 +137,6 @@ def test_configuration_dynamic_config(): auth_header_key = "x-authorization-header" class MyConfig(Configuration): - def get_authorization_header(self, request): if auth_header_key in request.headers: return request.headers.get(auth_header_key) @@ -153,9 +146,7 @@ def get_authorization_header(self, request): async def authenticate(request, *args, **kwargs): return {"user_id": 1} - sanicjwt = Initialize( - app, configuration_class=MyConfig, authenticate=authenticate - ) + sanicjwt = Initialize(app, configuration_class=MyConfig, authenticate=authenticate) @app.route("/protected") @sanicjwt.protected() @@ -183,9 +174,7 @@ def protected_route(request): _, response = app.test_client.get( "/protected", headers={ - sanicjwt.config.authorization_header(): "Bearer {}".format( - access_token - ) + sanicjwt.config.authorization_header(): "Bearer {}".format(access_token) }, ) @@ -252,8 +241,7 @@ def protected_route(request): assert response.json.get("protected") == "yes" _, response = app.test_client.get( - "/protected", - headers={sanicjwt.config.authorization_header(): access_token}, + "/protected", headers={sanicjwt.config.authorization_header(): access_token} ) assert response.status == 200 @@ -270,9 +258,7 @@ def test_configuration_custom_class_and_config_item(): class MyConfig(Configuration): access_token_name = ConfigItem("config-item-level") - sanicjwt = Initialize( - app, configuration_class=MyConfig, authenticate=lambda: True - ) + sanicjwt = Initialize(app, configuration_class=MyConfig, authenticate=lambda: True) assert sanicjwt.config.access_token_name() == "config-item-level" @@ -281,13 +267,10 @@ def test_configuration_custom_class_and_config_item_as_method(): app = Sanic() class MyConfig(Configuration): - def set_access_token_name(self): return ConfigItem("config-item-function-level") - sanicjwt = Initialize( - app, configuration_class=MyConfig, authenticate=lambda: True - ) + sanicjwt = Initialize(app, configuration_class=MyConfig, authenticate=lambda: True) assert sanicjwt.config.access_token_name() == "config-item-function-level" @@ -298,9 +281,7 @@ def test_configuration_invalid_claim(): class MyConfig(Configuration): claim_foo = "bar" - sanicjwt = Initialize( - app, configuration_class=MyConfig, authenticate=lambda: True - ) + sanicjwt = Initialize(app, configuration_class=MyConfig, authenticate=lambda: True) assert "claim_foo" not in sanicjwt.config._all_config_keys diff --git a/tests/test_convenience_methods.py b/tests/test_convenience_methods.py index d689190..8272648 100644 --- a/tests/test_convenience_methods.py +++ b/tests/test_convenience_methods.py @@ -14,13 +14,10 @@ def test_is_authenticated_on_properly_authenticated_request(app): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) request, _ = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) is_authenticated = sanic_app.auth.is_authenticated(request) @@ -35,13 +32,10 @@ def test_extract_user_id(app): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) request, _ = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) user_id = sanic_app.auth.extract_user_id(request) diff --git a/tests/test_custom_claims.py b/tests/test_custom_claims.py index affbab7..75b867e 100644 --- a/tests/test_custom_claims.py +++ b/tests/test_custom_claims.py @@ -20,10 +20,10 @@ def test_custom_claims_payload(app_with_custom_claims): _, response = sanic_app.test_client.post( "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, sanic_jwt.config.secret(), algorithms=sanic_jwt.config.algorithm() ) - payload = jwt.decode(access_token, sanic_jwt.config.secret()) assert isinstance(payload, dict) assert "username" in payload @@ -36,12 +36,9 @@ def test_custom_claims(app_with_custom_claims): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 401 @@ -51,19 +48,15 @@ def test_custom_claims(app_with_custom_claims): "/auth", json={"username": "user2", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 def test_custom_claims_bad(authenticate): - class MissingVerifyClaim(Claim): key = "username" @@ -77,7 +70,6 @@ def verify(self, payload, value): return True class MissingKeyClaim(Claim): - def setup(self, payload, user): return user.username @@ -87,28 +79,21 @@ def verify(self, payload, value): with pytest.raises(exceptions.InvalidCustomClaim): sanic_app = Sanic() Initialize( - sanic_app, - authenticate=authenticate, - custom_claims=[MissingVerifyClaim], + sanic_app, authenticate=authenticate, custom_claims=[MissingVerifyClaim] ) with pytest.raises(exceptions.InvalidCustomClaim): sanic_app = Sanic() Initialize( - sanic_app, - authenticate=authenticate, - custom_claims=[MissingSetupClaim], + sanic_app, authenticate=authenticate, custom_claims=[MissingSetupClaim] ) with pytest.raises(exceptions.InvalidCustomClaim): sanic_app = Sanic() Initialize( - sanic_app, - authenticate=authenticate, - custom_claims=[MissingKeyClaim], + sanic_app, authenticate=authenticate, custom_claims=[MissingKeyClaim] ) def test_custom_claim_non_boolean_return(): - class CustomClaim(Claim): key = "foo" diff --git a/tests/test_decorators.py b/tests/test_decorators.py index db9e409..267e317 100644 --- a/tests/test_decorators.py +++ b/tests/test_decorators.py @@ -34,16 +34,14 @@ async def scoped_endpoint(request): access_token = response.json.get(sanicjwt.config.access_token_name(), None) _, response = app.test_client.get( - "/test/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/test/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 500 assert response.json.get("exception") == "SanicJWTException" _, response = app.test_client.get( - "/test/scoped", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/test/scoped", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 500 @@ -75,9 +73,7 @@ def test_inject_user_regular(app_with_retrieve_user): async def my_protected_user(request, user): return json({"user_id": user.user_id}) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} @@ -86,8 +82,7 @@ async def my_protected_user(request, user): assert response.json.get("me").get("user_id") == 1 _, response = sanic_app.test_client.get( - "/protected/user", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/user", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 assert response.json.get("user_id") == 1 @@ -105,9 +100,7 @@ def test_inject_user_on_instance(app_with_retrieve_user): async def my_protected_user(request, user): return json({"user_id": user.user_id}) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} @@ -116,8 +109,7 @@ async def my_protected_user(request, user): assert response.json.get("me").get("user_id") == 1 _, response = sanic_app.test_client.get( - "/protected/user", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/user", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 assert response.json.get("user_id") == 1 @@ -135,9 +127,7 @@ def test_inject_user_on_instance_bp(app_with_retrieve_user): async def my_protected_user(request, user): return json({"user_id": user.user_id}) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} @@ -146,8 +136,7 @@ async def my_protected_user(request, user): assert response.json.get("me").get("user_id") == 1 _, response = sanic_app.test_client.get( - "/protected/user", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/user", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 assert response.json.get("user_id") == 1 @@ -165,9 +154,7 @@ def test_inject_user_on_instance_non_async(app_with_retrieve_user): def my_protected_user(request, user): return json({"user_id": user.user_id}) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} @@ -176,15 +163,13 @@ def my_protected_user(request, user): assert response.json.get("me").get("user_id") == 1 _, response = sanic_app.test_client.get( - "/protected/user", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/user", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 assert response.json.get("user_id") == 1 def test_inject_user_with_auth_mode_off(app_with_retrieve_user): - async def retrieve_user(request, payload, *args, **kwargs): return {"user_id": 123} @@ -204,13 +189,10 @@ async def my_protected_user(request, user): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = microservice_app.test_client.get( - "/protected/user", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/user", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 diff --git a/tests/test_decorators_override_config.py b/tests/test_decorators_override_config.py index dd32d5a..331583c 100644 --- a/tests/test_decorators_override_config.py +++ b/tests/test_decorators_override_config.py @@ -50,7 +50,9 @@ async def scoped_endpoint(request): access_token = response.json.get(sanicjwt.config.access_token_name(), None) - payload = jwt.decode(access_token, sanicjwt.config.secret()) + payload = jwt.decode( + access_token, sanicjwt.config.secret(), algorithms=sanicjwt.config.algorithm() + ) exp = payload.get("exp", None) assert "exp" in payload diff --git a/tests/test_endpoints_async_methods.py b/tests/test_endpoints_async_methods.py index b64dc38..60db388 100644 --- a/tests/test_endpoints_async_methods.py +++ b/tests/test_endpoints_async_methods.py @@ -11,7 +11,6 @@ class User(object): - def __init__(self, id, username, password): self.id = id self.username = username @@ -38,9 +37,7 @@ async def authenticate(request, *args, **kwargs): password = request.json.get("password", None) if not username or not password: - raise exceptions.AuthenticationFailed( - "Missing username or password." - ) + raise exceptions.AuthenticationFailed("Missing username or password.") user = None @@ -108,7 +105,6 @@ async def protected_request(request): class TestEndpointsAsync(object): - @pytest.yield_fixture def authenticated_response(self, app_with_async_methods): app, sanicjwt = app_with_async_methods @@ -124,17 +120,14 @@ def test_root_endpoint(self, app_with_async_methods): assert response.status == 200 assert response.json.get("hello") == "world" - def test_protected_endpoint( - self, app_with_async_methods, authenticated_response - ): + def test_protected_endpoint(self, app_with_async_methods, authenticated_response): app, sanicjwt = app_with_async_methods access_token = authenticated_response.json.get( sanicjwt.config.access_token_name(), None ) _, response = app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -147,16 +140,13 @@ def test_me_endpoint(self, app_with_async_methods, authenticated_response): ) _, response = app.test_client.get( - "/auth/me", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 assert response.json.get("me").get("user_id") == "0x1" - def test_refresh_token_async( - self, app_with_async_methods, authenticated_response - ): + def test_refresh_token_async(self, app_with_async_methods, authenticated_response): app, sanicjwt = app_with_async_methods access_token = authenticated_response.json.get( sanicjwt.config.access_token_name(), None @@ -174,13 +164,11 @@ def test_refresh_token_async( assert response.json is not None assert sanicjwt.config.access_token_name() in response.json - new_access_token = response.json.get( - sanicjwt.config.access_token_name(), None - ) + new_access_token = response.json.get(sanicjwt.config.access_token_name(), None) assert response.status == 200 assert new_access_token is not None - assert response.json.get( - sanicjwt.config.refresh_token_name(), None - ) is None # there is no new refresh token + assert ( + response.json.get(sanicjwt.config.refresh_token_name(), None) is None + ) # there is no new refresh token assert sanicjwt.config.refresh_token_name() not in response.json diff --git a/tests/test_endpoints_auth.py b/tests/test_endpoints_auth.py index e55ddd3..e60fc6b 100644 --- a/tests/test_endpoints_auth.py +++ b/tests/test_endpoints_auth.py @@ -14,11 +14,12 @@ def access_token(app): @pytest.fixture def payload(app, access_token): _, sanic_jwt = app - return jwt.decode(access_token, sanic_jwt.config.secret()) + return jwt.decode( + access_token, sanic_jwt.config.secret(), algorithms=sanicjwt.config.algorithm() + ) class TestEndpointsAuth: - def dispatch(self, path, method, app, access_token): sanic_app, sanic_jwt = app header_token = "{} {}".format( @@ -26,8 +27,7 @@ def dispatch(self, path, method, app, access_token): ) method = getattr(sanic_app.test_client, method) request, response = method( - path, - headers={sanic_jwt.config.authorization_header(): header_token}, + path, headers={sanic_jwt.config.authorization_header(): header_token} ) return request, response diff --git a/tests/test_endpoints_auth_on_url_prefix.py b/tests/test_endpoints_auth_on_url_prefix.py index ecf73b9..a76adce 100644 --- a/tests/test_endpoints_auth_on_url_prefix.py +++ b/tests/test_endpoints_auth_on_url_prefix.py @@ -12,7 +12,6 @@ def access_token(app_with_url_prefix): class TestEndpointsAuth: - def dispatch(self, path, method, app_with_url_prefix, access_token): sanic_app, sanic_jwt = app_with_url_prefix header_token = "{} {}".format( @@ -20,8 +19,7 @@ def dispatch(self, path, method, app_with_url_prefix, access_token): ) method = getattr(sanic_app.test_client, method) request, response = method( - path, - headers={sanic_jwt.config.authorization_header(): header_token}, + path, headers={sanic_jwt.config.authorization_header(): header_token} ) return request, response @@ -37,9 +35,7 @@ def test_verify_token(self, app_with_url_prefix, access_token): assert response.json.get("valid") is True def test_protected(self, app_with_url_prefix, access_token): - _, response = self.get( - "/protected/", app_with_url_prefix, access_token - ) + _, response = self.get("/protected/", app_with_url_prefix, access_token) assert response.status == 200 assert response.json.get("protected") is True diff --git a/tests/test_endpoints_basic.py b/tests/test_endpoints_basic.py index 2913940..27bf271 100644 --- a/tests/test_endpoints_basic.py +++ b/tests/test_endpoints_basic.py @@ -36,10 +36,10 @@ def test_auth_proper_credentials(app): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, sanic_jwt.config.secret(), algorithms=sanic_jwt.config.algorithm() ) - payload = jwt.decode(access_token, sanic_jwt.config.secret()) assert response.status == 200 assert access_token is not None @@ -48,8 +48,7 @@ def test_auth_proper_credentials(app): assert "exp" in payload _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -114,8 +113,7 @@ def test_auth_refresh_not_enabled(app_with_refresh_token): assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.post( - "/auth/refresh", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/refresh", headers={"Authorization": "Bearer {}".format(access_token)} ) message = "Refresh tokens have not been enabled properly." "Perhaps you forgot to initialize with a retrieve_user handler?" diff --git a/tests/test_endpoints_cbv.py b/tests/test_endpoints_cbv.py index d2e6c4a..1491b72 100644 --- a/tests/test_endpoints_cbv.py +++ b/tests/test_endpoints_cbv.py @@ -9,7 +9,6 @@ class User(object): - def __init__(self, id, username, password): self.id = id self.username = username @@ -48,7 +47,6 @@ async def authenticate(request, *args, **kwargs): class PublicView(HTTPMethodView): - def get(self, request): return json({"hello": "world"}) @@ -65,7 +63,6 @@ async def get(self, request): class TestEndpointsCBV(object): - def test_unprotected(self): _, response = sanic_app.test_client.get("/") assert response.status == 200 @@ -74,9 +71,7 @@ def test_protected(self): _, response = sanic_app.test_client.get("/protected") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") def test_auth_invalid_method(self): _, response = sanic_app.test_client.get("/auth") @@ -88,10 +83,12 @@ def test_auth_proper_credentials(self): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, + sanic_jwt.config.secret(), + algorithms=sanic_jwt.config.algorithm(), ) - payload = jwt.decode(access_token, sanic_jwt.config.secret()) assert response.status == 200 assert access_token is not None @@ -100,7 +97,6 @@ def test_auth_proper_credentials(self): assert "exp" in payload _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 diff --git a/tests/test_endpoints_cookies.py b/tests/test_endpoints_cookies.py index 297db27..9de8faf 100644 --- a/tests/test_endpoints_cookies.py +++ b/tests/test_endpoints_cookies.py @@ -66,7 +66,6 @@ async def protected_request(request): class TestEndpointsCookies(object): - @pytest.yield_fixture def authenticated_response(self, app_with_refresh_token): sanic_app, sanicjwt = app_with_refresh_token @@ -83,9 +82,7 @@ def test_authenticate_and_read_response_cookie( key = sanicjwt.config.cookie_access_token_name() # print(key) # print(authenticated_response.cookies.values()) - access_token_from_cookie = authenticated_response.cookies.get( - key, None - ) + access_token_from_cookie = authenticated_response.cookies.get(key, None) assert access_token_from_cookie is not None @@ -98,10 +95,14 @@ def test_authenticate_and_read_response_cookie( assert access_token_from_json is not None payload_cookie = jwt.decode( - access_token_from_cookie, sanicjwt.config.secret() + access_token_from_cookie, + sanicjwt.config.secret(), + algorithms=sanicjwt.config.algorithm(), ) payload_json = jwt.decode( - access_token_from_json, sanicjwt.config.secret() + access_token_from_json, + sanicjwt.config.secret(), + algorithms=sanicjwt.config.algorithm(), ) assert access_token_from_json is not None @@ -115,11 +116,11 @@ def test_using_token_as_cookie( ): sanic_app, sanicjwt = app_with_refresh_token key = sanicjwt.config.cookie_access_token_name() - access_token_from_cookie = authenticated_response.cookies.get( - key - ).value + access_token_from_cookie = authenticated_response.cookies.get(key).value payload_cookie = jwt.decode( - access_token_from_cookie, sanicjwt.config.secret() + access_token_from_cookie, + sanicjwt.config.secret(), + algorithms=sanicjwt.config.algorithm(), ) assert isinstance(payload_cookie, dict) @@ -136,12 +137,8 @@ def test_using_token_as_cookie( assert response.json.get("me") is not None assert sanicjwt.config.user_id() in response.json.get("me") - user_id_from_me = response.json.get("me").get( - sanicjwt.config.user_id() - ) - user_id_from_payload_cookie = payload_cookie.get( - sanicjwt.config.user_id() - ) + user_id_from_me = response.json.get("me").get(sanicjwt.config.user_id()) + user_id_from_payload_cookie = payload_cookie.get(sanicjwt.config.user_id()) assert response.status == 200 assert user_id_from_me == user_id_from_payload_cookie @@ -151,11 +148,11 @@ def test_using_token_as_header_strict( ): sanic_app, sanicjwt = app_with_refresh_token key = sanicjwt.config.cookie_access_token_name() - access_token_from_cookie = authenticated_response.cookies.get( - key - ).value + access_token_from_cookie = authenticated_response.cookies.get(key).value payload_cookie = jwt.decode( - access_token_from_cookie, sanicjwt.config.secret() + access_token_from_cookie, + sanicjwt.config.secret(), + algorithms=sanicjwt.config.algorithm(), ) assert isinstance(payload_cookie, dict) @@ -163,42 +160,30 @@ def test_using_token_as_header_strict( _, response = sanic_app.test_client.get( "/auth/me", - headers={ - "Authorization": "Bearer {}".format(access_token_from_cookie) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_cookie)}, ) assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization cookie not present." in response.json.get( - "reasons" - ) + assert "Authorization cookie not present." in response.json.get("reasons") _, response = sanic_app.test_client.get( "/protected", - headers={ - "Authorization": "Bearer {}".format(access_token_from_cookie) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_cookie)}, ) assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization cookie not present." in response.json.get( - "reasons" - ) + assert "Authorization cookie not present." in response.json.get("reasons") _, response = sanic_app.test_client.get( "/auth/verify", - headers={ - "Authorization": "Bearer {}".format(access_token_from_cookie) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_cookie)}, ) assert response.status == 401 assert response.json.get("exception") == "MissingAuthorizationCookie" - assert "Authorization cookie not present." in response.json.get( - "reasons" - ) + assert "Authorization cookie not present." in response.json.get("reasons") _, response = sanic_app.test_client.get( "/auth/me", @@ -228,11 +213,11 @@ def test_using_token_as_header_not_strict( sanic_app.auth.config.cookie_strict.update(False) key = sanicjwt.config.cookie_access_token_name() - access_token_from_cookie = authenticated_response.cookies.get( - key - ).value + access_token_from_cookie = authenticated_response.cookies.get(key).value payload_cookie = jwt.decode( - access_token_from_cookie, sanicjwt.config.secret() + access_token_from_cookie, + sanicjwt.config.secret(), + algorithms=sanicjwt.config.algorithm(), ) assert isinstance(payload_cookie, dict) @@ -240,39 +225,30 @@ def test_using_token_as_header_not_strict( _, response = sanic_app.test_client.get( "/auth/me", - headers={ - "Authorization": "Bearer {}".format(access_token_from_cookie) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_cookie)}, ) assert response.status == 200 assert response.json.get("me") is not None - assert ( - response.json.get("me").get(sanicjwt.config.user_id()) - == payload_cookie.get(sanicjwt.config.user_id()) - ) + assert response.json.get("me").get( + sanicjwt.config.user_id() + ) == payload_cookie.get(sanicjwt.config.user_id()) _, response = sanic_app.test_client.get( "/protected", - headers={ - "Authorization": "Bearer {}".format(access_token_from_cookie) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_cookie)}, ) assert response.status == 200 _, response = sanic_app.test_client.get( "/auth/verify", - headers={ - "Authorization": "Bearer {}".format(access_token_from_cookie) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_cookie)}, ) _, response = sanic_app.test_client.get( "/protected", - headers={ - "Authorization": "Bearer {}".format(access_token_from_cookie) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_cookie)}, ) assert response.status == 200 @@ -304,14 +280,12 @@ def test_refresh_token_with_cookies_strict( assert response.status == 200 assert response.json is not None - new_access_token = response.json.get( - sanicjwt.config.access_token_name(), None - ) + new_access_token = response.json.get(sanicjwt.config.access_token_name(), None) assert new_access_token is not None - assert response.json.get( - sanicjwt.config.cookie_refresh_token_name(), None - ) is None # there is no new refresh token + assert ( + response.json.get(sanicjwt.config.cookie_refresh_token_name(), None) is None + ) # there is no new refresh token assert sanicjwt.config.cookie_refresh_token_name() not in response.json sanicjwt.config.debug.update(False) @@ -323,9 +297,7 @@ def test_refresh_token_with_cookies_strict( assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization cookie not present." in response.json.get( - "reasons" - ) + assert "Authorization cookie not present." in response.json.get("reasons") sanicjwt.config.debug.update(True) _, response = sanic_app.test_client.post( @@ -336,9 +308,7 @@ def test_refresh_token_with_cookies_strict( assert response.status == 400 assert response.json.get("exception") == "Unauthorized" - assert "Authorization cookie not present." in response.json.get( - "reasons" - ) + assert "Authorization cookie not present." in response.json.get("reasons") def test_refresh_token_with_cookies_not_strict( self, app_with_refresh_token, authenticated_response @@ -361,20 +331,17 @@ def test_refresh_token_with_cookies_not_strict( ) assert response.status == 200 - assert response.json.get( - sanicjwt.config.cookie_refresh_token_name(), None - ) is None # there is no new refresh token + assert ( + response.json.get(sanicjwt.config.cookie_refresh_token_name(), None) is None + ) # there is no new refresh token assert sanicjwt.config.cookie_refresh_token_name() not in response.json def test_auth_verify_invalid_token(self, app_with_refresh_token): sanic_app, sanicjwt = app_with_refresh_token _, response = sanic_app.test_client.get( - "/auth/verify", - cookies={sanicjwt.config.cookie_access_token_name(): ""}, + "/auth/verify", cookies={sanicjwt.config.cookie_access_token_name(): ""} ) assert response.status == 401 assert response.json.get("exception") == "MissingAuthorizationCookie" - assert "Authorization cookie not present." in response.json.get( - "reasons" - ) + assert "Authorization cookie not present." in response.json.get("reasons") diff --git a/tests/test_endpoints_custom.py b/tests/test_endpoints_custom.py index b85e75c..dd18a61 100644 --- a/tests/test_endpoints_custom.py +++ b/tests/test_endpoints_custom.py @@ -7,31 +7,26 @@ class MyAuthenticateEndpoint(BaseEndpoint): - async def post(self, request, *args, **kwargs): return json({"hello": msg.format("authentication")}) class RetrieveUserEndpoint(BaseEndpoint): - async def get(self, request, *args, **kwargs): return json({"hello": msg.format("retrieve user")}) class VerifyEndpoint(BaseEndpoint): - async def get(self, request, *args, **kwargs): return json({"hello": msg.format("verify")}) class RefreshEndpoint(BaseEndpoint): - async def post(self, request, *args, **kwargs): return json({"hello": msg.format("refresh")}) class MyAuthentication(Authentication): - async def store_refresh_token(self, *args, **kwargs): return @@ -84,9 +79,7 @@ async def protected_route(request): assert response.status == 200 assert response.json.get("hello") == msg.format("verify") - _, response = app.test_client.post( - "/auth/refresh", json={"not": "important"} - ) + _, response = app.test_client.post("/auth/refresh", json={"not": "important"}) assert response.status == 200 assert response.json.get("hello") == msg.format("refresh") diff --git a/tests/test_endpoints_dict_first.py b/tests/test_endpoints_dict_first.py index f7e9653..bcf6a46 100644 --- a/tests/test_endpoints_dict_first.py +++ b/tests/test_endpoints_dict_first.py @@ -5,7 +5,6 @@ class MyCustomDict(dict): - async def to_dict(self): raise Exception("i am not supposed to be called") @@ -23,9 +22,7 @@ async def authenticate(request, *args, **kwargs): password = request.json.get("password", None) if not username or not password: - raise exceptions.AuthenticationFailed( - "Missing username or password." - ) + raise exceptions.AuthenticationFailed("Missing username or password.") user = the_user @@ -40,7 +37,6 @@ async def authenticate(request, *args, **kwargs): class TestEndpointsAsync(object): - @pytest.yield_fixture def authenticated_response(self, app_with_dict_test): app, sanicjwt = app_with_dict_test @@ -57,8 +53,7 @@ def test_me_endpoint(self, app_with_dict_test, authenticated_response): ) _, response = app.test_client.get( - "/auth/me", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 diff --git a/tests/test_endpoints_extra.py b/tests/test_endpoints_extra.py index 15b82cc..0fded77 100644 --- a/tests/test_endpoints_extra.py +++ b/tests/test_endpoints_extra.py @@ -5,7 +5,6 @@ class MagicLoginHandler(BaseEndpoint): - async def options(self, request): return response.text("", status=204) @@ -22,7 +21,8 @@ async def post(self, request): authenticate=lambda: True, class_views=[ ( - "/magic-login", MagicLoginHandler + "/magic-login", + MagicLoginHandler, ) # The path will be relative to the url prefix # (which defaults to /auth) ], @@ -30,7 +30,6 @@ async def post(self, request): class TestEndpointsExtra(object): - def dispatch(self, path, method): method = getattr(app.test_client, method) request, response = method(path) diff --git a/tests/test_endpoints_init_on_bp_and_app.py b/tests/test_endpoints_init_on_bp_and_app.py index 48ffe3d..f4bd9a0 100644 --- a/tests/test_endpoints_init_on_bp_and_app.py +++ b/tests/test_endpoints_init_on_bp_and_app.py @@ -57,33 +57,23 @@ def test_protected_blueprints(): assert response1.status == 200 assert response2.status == 200 - access_token_1 = response1.json.get( - sanicjwt1.config.access_token_name(), None - ) - access_token_2 = response2.json.get( - sanicjwt2.config.access_token_name(), None - ) + access_token_1 = response1.json.get(sanicjwt1.config.access_token_name(), None) + access_token_2 = response2.json.get(sanicjwt2.config.access_token_name(), None) assert access_token_1 is not None assert access_token_2 is not None - wrong_token_grab_1 = response1.json.get( - sanicjwt2.config.access_token_name(), None - ) - wrong_token_grab_2 = response2.json.get( - sanicjwt1.config.access_token_name(), None - ) + wrong_token_grab_1 = response1.json.get(sanicjwt2.config.access_token_name(), None) + wrong_token_grab_2 = response2.json.get(sanicjwt1.config.access_token_name(), None) assert wrong_token_grab_1 is None assert wrong_token_grab_2 is None _, response1 = app.test_client.get( - "/test1/", - headers={"Authorization": "Bearer {}".format(access_token_1)}, + "/test1/", headers={"Authorization": "Bearer {}".format(access_token_1)} ) _, response2 = app.test_client.get( - "/", - cookies={sanicjwt2.config.cookie_access_token_name(): access_token_2}, + "/", cookies={sanicjwt2.config.cookie_access_token_name(): access_token_2} ) assert response1.status == 200 @@ -92,12 +82,10 @@ def test_protected_blueprints(): assert response2.json.get("type") == "app" _, response1 = app.test_client.get( - "/test1/", - headers={"Authorization": "Bearer {}".format(access_token_2)}, + "/test1/", headers={"Authorization": "Bearer {}".format(access_token_2)} ) _, response2 = app.test_client.get( - "/", - cookies={sanicjwt2.config.cookie_access_token_name(): access_token_1}, + "/", cookies={sanicjwt2.config.cookie_access_token_name(): access_token_1} ) assert response1.status == 401 @@ -119,20 +107,14 @@ def test_protected_blueprints_debug(): "/a", json={"username": "user1", "password": "abcxyz"} ) - access_token_1 = response1.json.get( - sanicjwt1.config.access_token_name(), None - ) - access_token_2 = response2.json.get( - sanicjwt2.config.access_token_name(), None - ) + access_token_1 = response1.json.get(sanicjwt1.config.access_token_name(), None) + access_token_2 = response2.json.get(sanicjwt2.config.access_token_name(), None) _, response1 = app.test_client.get( - "/test1/", - headers={"Authorization": "Bearer {}".format(access_token_2)}, + "/test1/", headers={"Authorization": "Bearer {}".format(access_token_2)} ) _, response2 = app.test_client.get( - "/", - cookies={sanicjwt2.config.cookie_access_token_name(): access_token_1}, + "/", cookies={sanicjwt2.config.cookie_access_token_name(): access_token_1} ) assert response1.status == 400 diff --git a/tests/test_endpoints_init_on_bp_decorated.py b/tests/test_endpoints_init_on_bp_decorated.py index ceac7f7..8e57a84 100644 --- a/tests/test_endpoints_init_on_bp_decorated.py +++ b/tests/test_endpoints_init_on_bp_decorated.py @@ -60,8 +60,7 @@ def test_protected_blueprint(): assert response.json.get("message") == "hello world" _, response = app.test_client.get( - "/test/user/1", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/test/user/1", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 401 diff --git a/tests/test_endpoints_init_on_bp_multiple.py b/tests/test_endpoints_init_on_bp_multiple.py index 4149fe1..9d0e7f1 100644 --- a/tests/test_endpoints_init_on_bp_multiple.py +++ b/tests/test_endpoints_init_on_bp_multiple.py @@ -66,33 +66,23 @@ def test_protected_blueprints(): assert response1.status == 200 assert response2.status == 200 - access_token_1 = response1.json.get( - sanicjwt1.config.access_token_name(), None - ) - access_token_2 = response2.json.get( - sanicjwt2.config.access_token_name(), None - ) + access_token_1 = response1.json.get(sanicjwt1.config.access_token_name(), None) + access_token_2 = response2.json.get(sanicjwt2.config.access_token_name(), None) assert access_token_1 is not None assert access_token_2 is not None - wrong_token_grab_1 = response1.json.get( - sanicjwt2.config.access_token_name(), None - ) - wrong_token_grab_2 = response2.json.get( - sanicjwt1.config.access_token_name(), None - ) + wrong_token_grab_1 = response1.json.get(sanicjwt2.config.access_token_name(), None) + wrong_token_grab_2 = response2.json.get(sanicjwt1.config.access_token_name(), None) assert wrong_token_grab_1 is None assert wrong_token_grab_2 is None _, response1 = app.test_client.get( - "/test1/", - headers={"Authorization": "Bearer {}".format(access_token_1)}, + "/test1/", headers={"Authorization": "Bearer {}".format(access_token_1)} ) _, response2 = app.test_client.get( - "/test2/", - cookies={sanicjwt2.config.cookie_access_token_name(): access_token_2}, + "/test2/", cookies={sanicjwt2.config.cookie_access_token_name(): access_token_2} ) assert response1.status == 200 @@ -101,12 +91,10 @@ def test_protected_blueprints(): assert response2.json.get("version") == 2 _, response1 = app.test_client.get( - "/test1/", - headers={"Authorization": "Bearer {}".format(access_token_2)}, + "/test1/", headers={"Authorization": "Bearer {}".format(access_token_2)} ) _, response2 = app.test_client.get( - "/test2/", - cookies={sanicjwt2.config.cookie_access_token_name(): access_token_1}, + "/test2/", cookies={sanicjwt2.config.cookie_access_token_name(): access_token_1} ) assert response1.status == 401 @@ -128,20 +116,14 @@ def test_protected_blueprints_debug(): "/test2/a", json={"username": "user1", "password": "abcxyz"} ) - access_token_1 = response1.json.get( - sanicjwt1.config.access_token_name(), None - ) - access_token_2 = response2.json.get( - sanicjwt2.config.access_token_name(), None - ) + access_token_1 = response1.json.get(sanicjwt1.config.access_token_name(), None) + access_token_2 = response2.json.get(sanicjwt2.config.access_token_name(), None) _, response1 = app.test_client.get( - "/test1/", - headers={"Authorization": "Bearer {}".format(access_token_2)}, + "/test1/", headers={"Authorization": "Bearer {}".format(access_token_2)} ) _, response2 = app.test_client.get( - "/test2/", - cookies={sanicjwt2.config.cookie_access_token_name(): access_token_1}, + "/test2/", cookies={sanicjwt2.config.cookie_access_token_name(): access_token_1} ) assert response1.status == 400 diff --git a/tests/test_endpoints_init_on_bp_retrieve_user.py b/tests/test_endpoints_init_on_bp_retrieve_user.py index 3481500..f6891cf 100644 --- a/tests/test_endpoints_init_on_bp_retrieve_user.py +++ b/tests/test_endpoints_init_on_bp_retrieve_user.py @@ -8,11 +8,7 @@ def app_with_retrieve_user_on_bp( ): app, bp = app_with_bp_setup_without_init sanicjwt = Initialize( - bp, - app=app, - authenticate=authenticate, - retrieve_user=retrieve_user, - debug=True, + bp, app=app, authenticate=authenticate, retrieve_user=retrieve_user, debug=True ) app.blueprint(bp) return app, sanicjwt, bp diff --git a/tests/test_endpoints_jwt_cryptography.py b/tests/test_endpoints_jwt_cryptography.py index e9b4440..7d28a43 100644 --- a/tests/test_endpoints_jwt_cryptography.py +++ b/tests/test_endpoints_jwt_cryptography.py @@ -61,8 +61,7 @@ async def protected_request(request): assert access_token is not None _, response = app.test_client.get( - "/protected/", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -96,8 +95,7 @@ async def protected_request(request): assert access_token is not None _, response = app.test_client.get( - "/protected/", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -131,8 +129,7 @@ async def protected_request(request): assert access_token is not None _, response = app.test_client.get( - "/protected/", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -167,17 +164,14 @@ async def protected_request(request): assert access_token is not None _, response = app.test_client.get( - "/protected/", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 assert response.json.get("protected") is True -def test_jwt_rsapss_crypto_from_fullpath_as_str( - public_rsa_key, private_rsa_key -): +def test_jwt_rsapss_crypto_from_fullpath_as_str(public_rsa_key, private_rsa_key): app = Sanic() class MyConfig(Configuration): @@ -206,8 +200,7 @@ async def protected_request(request): assert access_token is not None _, response = app.test_client.get( - "/protected/", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -242,8 +235,7 @@ async def protected_request(request): assert access_token is not None _, response = app.test_client.get( - "/protected/", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -277,8 +269,7 @@ async def protected_request(request): assert access_token is not None _, response = app.test_client.get( - "/protected/", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -312,8 +303,7 @@ async def protected_request(request): assert access_token is not None _, response = app.test_client.get( - "/protected/", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -347,8 +337,7 @@ async def protected_request(request): assert access_token is not None _, response = app.test_client.get( - "/protected/", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected/", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -405,10 +394,7 @@ async def protected_request(request): def test_jwt_crypto_missing_private_key(public_rsa_key): with pytest.raises(exceptions.RequiredKeysNotFound): Initialize( - Sanic(), - authenticate=lambda: True, - secret=public_rsa_key, - algorithm="RS256", + Sanic(), authenticate=lambda: True, secret=public_rsa_key, algorithm="RS256" ) diff --git a/tests/test_endpoints_multiple.py b/tests/test_endpoints_multiple.py index 1567782..91cdcb6 100644 --- a/tests/test_endpoints_multiple.py +++ b/tests/test_endpoints_multiple.py @@ -5,8 +5,7 @@ def access_tokens(app_with_bp): app, app_int, bp, bp_init = app_with_bp _, response1 = app.test_client.post( - app_int._get_url_prefix(), - json={"username": "user1", "password": "abcxyz"}, + app_int._get_url_prefix(), json={"username": "user1", "password": "abcxyz"} ) _, response2 = app.test_client.post( bp_init._get_url_prefix() + "/", diff --git a/tests/test_endpoints_query_string.py b/tests/test_endpoints_query_string.py index 2ae7429..b4ff3cc 100644 --- a/tests/test_endpoints_query_string.py +++ b/tests/test_endpoints_query_string.py @@ -66,7 +66,6 @@ async def protected_request(request): class TestEndpointsQueryString(object): - @pytest.yield_fixture def authenticated_response(self, app_with_refresh_token): sanic_app, sanicjwt = app_with_refresh_token @@ -87,7 +86,9 @@ def test_authenticate_and_read_response_query_string( assert access_token_from_json is not None payload_json = jwt.decode( - access_token_from_json, sanicjwt.config.secret() + access_token_from_json, + sanicjwt.config.secret(), + algorithms=sanicjwt.config.algorithm(), ) assert access_token_from_json is not None @@ -101,14 +102,17 @@ def test_using_token_as_query_string( access_token_from_json = authenticated_response.json.get( sanicjwt.config.access_token_name(), None ) - payload = jwt.decode(access_token_from_json, sanicjwt.config.secret()) + payload = jwt.decode( + access_token_from_json, + sanicjwt.config.secret(), + algorithms=sanicjwt.config.algorithm(), + ) assert isinstance(payload, dict) assert sanicjwt.config.user_id() in payload me_url = "/auth/me?{}={}".format( - sanicjwt.config.query_string_access_token_name(), - access_token_from_json, + sanicjwt.config.query_string_access_token_name(), access_token_from_json ) _, response = sanic_app.test_client.get(me_url) @@ -116,9 +120,7 @@ def test_using_token_as_query_string( assert response.json.get("me") is not None assert sanicjwt.config.user_id() in response.json.get("me") - user_id_from_me = response.json.get("me").get( - sanicjwt.config.user_id() - ) + user_id_from_me = response.json.get("me").get(sanicjwt.config.user_id()) user_id_from_payload = payload.get(sanicjwt.config.user_id()) assert response.status == 200 @@ -133,17 +135,18 @@ def test_using_token_as_header_strict( access_token_from_json = authenticated_response.json.get( sanicjwt.config.access_token_name(), None ) - payload = jwt.decode(access_token_from_json, sanicjwt.config.secret()) + payload = jwt.decode( + access_token_from_json, + sanicjwt.config.secret(), + algorithms=sanicjwt.config.algorithm(), + ) assert isinstance(payload, dict) assert sanicjwt.config.user_id() in payload url = "/auth/me" _, response = sanic_app.test_client.get( - url, - headers={ - "Authorization": "Bearer {}".format(access_token_from_json) - }, + url, headers={"Authorization": "Bearer {}".format(access_token_from_json)} ) assert response.status == 401 @@ -153,8 +156,7 @@ def test_using_token_as_header_strict( ) url += "?{}={}".format( - sanicjwt.config.query_string_access_token_name(), - access_token_from_json, + sanicjwt.config.query_string_access_token_name(), access_token_from_json ) _, response = sanic_app.test_client.get(url) @@ -162,10 +164,7 @@ def test_using_token_as_header_strict( url = "/protected" _, response = sanic_app.test_client.get( - url, - headers={ - "Authorization": "Bearer {}".format(access_token_from_json) - }, + url, headers={"Authorization": "Bearer {}".format(access_token_from_json)} ) assert response.status == 401 @@ -176,10 +175,7 @@ def test_using_token_as_header_strict( url = "/auth/verify" _, response = sanic_app.test_client.get( - url, - headers={ - "Authorization": "Bearer {}".format(access_token_from_json) - }, + url, headers={"Authorization": "Bearer {}".format(access_token_from_json)} ) assert response.status == 401 @@ -189,8 +185,7 @@ def test_using_token_as_header_strict( ) url = "/auth/me?{}={}".format( - sanicjwt.config.query_string_access_token_name(), - access_token_from_json, + sanicjwt.config.query_string_access_token_name(), access_token_from_json ) _, response = sanic_app.test_client.get(url) @@ -198,8 +193,7 @@ def test_using_token_as_header_strict( assert response.json.get("me") url = "/protected?{}={}".format( - sanicjwt.config.query_string_access_token_name(), - access_token_from_json, + sanicjwt.config.query_string_access_token_name(), access_token_from_json ) _, response = sanic_app.test_client.get(url) @@ -216,46 +210,41 @@ def test_using_token_as_header_not_strict( access_token_from_json = authenticated_response.json.get( sanicjwt.config.access_token_name(), None ) - payload = jwt.decode(access_token_from_json, sanicjwt.config.secret()) + payload = jwt.decode( + access_token_from_json, + sanicjwt.config.secret(), + algorithms=sanicjwt.config.algorithm(), + ) assert isinstance(payload, dict) assert sanicjwt.config.user_id() in payload _, response = sanic_app.test_client.get( "/auth/me", - headers={ - "Authorization": "Bearer {}".format(access_token_from_json) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_json)}, ) assert response.status == 200 assert response.json.get("me") is not None - assert ( - response.json.get("me").get(sanicjwt.config.user_id()) - == payload.get(sanicjwt.config.user_id()) + assert response.json.get("me").get(sanicjwt.config.user_id()) == payload.get( + sanicjwt.config.user_id() ) _, response = sanic_app.test_client.get( "/protected", - headers={ - "Authorization": "Bearer {}".format(access_token_from_json) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_json)}, ) assert response.status == 200 _, response = sanic_app.test_client.get( "/auth/verify", - headers={ - "Authorization": "Bearer {}".format(access_token_from_json) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_json)}, ) _, response = sanic_app.test_client.get( "/protected", - headers={ - "Authorization": "Bearer {}".format(access_token_from_json) - }, + headers={"Authorization": "Bearer {}".format(access_token_from_json)}, ) assert response.status == 200 @@ -287,14 +276,13 @@ def test_refresh_token_with_query_string_strict( assert response.status == 200 assert response.json is not None - new_access_token = response.json.get( - sanicjwt.config.access_token_name(), None - ) + new_access_token = response.json.get(sanicjwt.config.access_token_name(), None) assert new_access_token is not None - assert response.json.get( - sanicjwt.config.query_string_refresh_token_name(), None - ) is None # there is no new refresh token + assert ( + response.json.get(sanicjwt.config.query_string_refresh_token_name(), None) + is None + ) # there is no new refresh token assert sanicjwt.config.query_string_refresh_token_name() not in response.json url = "/auth/refresh?{}={}&{}={}".format( @@ -330,18 +318,17 @@ def test_refresh_token_with_query_string_not_strict( _, response = sanic_app.test_client.post(url) assert response.status == 200 - assert response.json.get( - sanicjwt.config.query_string_refresh_token_name(), None - ) is None # there is no new refresh token + assert ( + response.json.get(sanicjwt.config.query_string_refresh_token_name(), None) + is None + ) # there is no new refresh token assert sanicjwt.config.query_string_refresh_token_name() not in response.json def test_auth_verify_invalid_token(self, app_with_refresh_token): sanic_app, sanicjwt = app_with_refresh_token _, response = sanic_app.test_client.get( - "/auth/verify?{}=".format( - sanicjwt.config.cookie_access_token_name() - ) + "/auth/verify?{}=".format(sanicjwt.config.cookie_access_token_name()) ) assert response.status == 401 assert response.json.get("exception") == "MissingAuthorizationQueryArg" diff --git a/tests/test_endpoints_scoped.py b/tests/test_endpoints_scoped.py index f74f826..0b867bd 100644 --- a/tests/test_endpoints_scoped.py +++ b/tests/test_endpoints_scoped.py @@ -7,7 +7,6 @@ class User: - def __init__(self, id, username, password, scopes): self.id = id self.username = username @@ -15,11 +14,7 @@ def __init__(self, id, username, password, scopes): self.scopes = scopes def to_dict(self): - return { - "user_id": self.id, - "username": self.username, - "scopes": self.scopes, - } + return {"user_id": self.id, "username": self.username, "scopes": self.scopes} @property def user_id(self): @@ -188,7 +183,6 @@ def app_with_scopes_destructure(app_with_scopes_base): class TestEndpointsSync(object): - @pytest.yield_fixture def user1(self, app_with_scopes): sanic_app, _ = app_with_scopes @@ -252,114 +246,83 @@ def test_scopes_anonymous_user(self, app_with_scopes): _, response = sanic_app.test_client.get("/auth/me") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/1") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/2") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/3") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/4") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/5") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/6/1") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/6/foo") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/7/1") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/7/foo") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/8") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/9/1") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") _, response = sanic_app.test_client.get("/protected/scoped/9/foo") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") def test_scopes_user1(self, app_with_scopes, user1): sanic_app, sanicjwt = app_with_scopes - access_token = user1.json.get( - sanicjwt.config.access_token_name(), None - ) + access_token = user1.json.get(sanicjwt.config.access_token_name(), None) _, response = sanic_app.test_client.get("/") assert response.status == 200 assert response.json.get("hello") == "world" _, response = sanic_app.test_client.get( - "/auth/me", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -368,8 +331,7 @@ def test_scopes_user1(self, app_with_scopes, user1): assert response.json.get("me").get("scopes") == ["user"] _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -470,17 +432,14 @@ def test_scopes_user1(self, app_with_scopes, user1): def test_scopes_user2(self, app_with_scopes, user2): sanic_app, sanicjwt = app_with_scopes - access_token = user2.json.get( - sanicjwt.config.access_token_name(), None - ) + access_token = user2.json.get(sanicjwt.config.access_token_name(), None) _, response = sanic_app.test_client.get("/") assert response.status == 200 assert response.json.get("hello") == "world" _, response = sanic_app.test_client.get( - "/auth/me", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -489,8 +448,7 @@ def test_scopes_user2(self, app_with_scopes, user2): assert response.json.get("me").get("scopes") == ["user", "admin"] _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -589,17 +547,14 @@ def test_scopes_user2(self, app_with_scopes, user2): def test_scopes_user3(self, app_with_scopes, user3): sanic_app, sanicjwt = app_with_scopes - access_token = user3.json.get( - sanicjwt.config.access_token_name(), None - ) + access_token = user3.json.get(sanicjwt.config.access_token_name(), None) _, response = sanic_app.test_client.get("/") assert response.status == 200 assert response.json.get("hello") == "world" _, response = sanic_app.test_client.get( - "/auth/me", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -608,8 +563,7 @@ def test_scopes_user3(self, app_with_scopes, user3): assert response.json.get("me").get("scopes") == ["user:read"] _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -707,17 +661,14 @@ def test_scopes_user3(self, app_with_scopes, user3): def test_scopes_user4(self, app_with_scopes, user4): sanic_app, sanicjwt = app_with_scopes - access_token = user4.json.get( - sanicjwt.config.access_token_name(), None - ) + access_token = user4.json.get(sanicjwt.config.access_token_name(), None) _, response = sanic_app.test_client.get("/") assert response.status == 200 assert response.json.get("hello") == "world" _, response = sanic_app.test_client.get( - "/auth/me", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -726,8 +677,7 @@ def test_scopes_user4(self, app_with_scopes, user4): assert response.json.get("me").get("scopes") == ["client1"] _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -846,17 +796,14 @@ def test_scopes_user4(self, app_with_scopes, user4): def test_scopes_user5(self, app_with_scopes, user5): sanic_app, sanicjwt = app_with_scopes - access_token = user5.json.get( - sanicjwt.config.access_token_name(), None - ) + access_token = user5.json.get(sanicjwt.config.access_token_name(), None) _, response = sanic_app.test_client.get("/") assert response.status == 200 assert response.json.get("hello") == "world" _, response = sanic_app.test_client.get( - "/auth/me", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -865,8 +812,7 @@ def test_scopes_user5(self, app_with_scopes, user5): assert response.json.get("me").get("scopes") == ["admin"] _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -965,17 +911,14 @@ def test_scopes_user5(self, app_with_scopes, user5): def test_scopes_user6(self, app_with_scopes, user6): sanic_app, sanicjwt = app_with_scopes - access_token = user6.json.get( - sanicjwt.config.access_token_name(), None - ) + access_token = user6.json.get(sanicjwt.config.access_token_name(), None) _, response = sanic_app.test_client.get("/") assert response.status == 200 assert response.json.get("hello") == "world" _, response = sanic_app.test_client.get( - "/auth/me", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -984,8 +927,7 @@ def test_scopes_user6(self, app_with_scopes, user6): assert response.json.get("me").get("scopes") is None _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 diff --git a/tests/test_endpoints_scoped_simple.py b/tests/test_endpoints_scoped_simple.py index cf48713..d19d9c3 100644 --- a/tests/test_endpoints_scoped_simple.py +++ b/tests/test_endpoints_scoped_simple.py @@ -16,11 +16,8 @@ async def scoped(request): class TestEndpointsScoped(object): - def test_scoped_empty(self): _, response = app.test_client.get("/scoped_empty") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get( - "reasons" - ) + assert "Authorization header not present." in response.json.get("reasons") diff --git a/tests/test_endpoints_sync_methods.py b/tests/test_endpoints_sync_methods.py index b22d120..b4d0977 100644 --- a/tests/test_endpoints_sync_methods.py +++ b/tests/test_endpoints_sync_methods.py @@ -27,9 +27,7 @@ def authenticate(request, *args, **kwargs): password = request.json.get("password", None) if not username or not password: - raise exceptions.AuthenticationFailed( - "Missing username or password." - ) + raise exceptions.AuthenticationFailed("Missing username or password.") user = None @@ -76,9 +74,7 @@ def retrieve_user(request, payload, *args, **kwargs): ) sanic_app.config.SANIC_JWT_REFRESH_TOKEN_ENABLED = True - sanic_app.config.SANIC_JWT_SECRET = str( - binascii.hexlify(os.urandom(32)), "utf-8" - ) + sanic_app.config.SANIC_JWT_SECRET = str(binascii.hexlify(os.urandom(32)), "utf-8") @sanic_app.route("/") async def helloworld(request): @@ -93,7 +89,6 @@ async def protected_request(request): class TestEndpointsSync(object): - @pytest.yield_fixture def authenticated_response(self, app_with_sync_methods): sanic_app, _ = app_with_sync_methods @@ -109,17 +104,14 @@ def test_root_endpoint(self, app_with_sync_methods): assert response.status == 200 assert response.json.get("hello") == "world" - def test_protected_endpoint( - self, app_with_sync_methods, authenticated_response - ): + def test_protected_endpoint(self, app_with_sync_methods, authenticated_response): sanic_app, sanicjwt = app_with_sync_methods access_token = authenticated_response.json.get( sanicjwt.config.access_token_name(), None ) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -132,8 +124,7 @@ def test_me_endpoint(self, app_with_sync_methods, authenticated_response): ) _, response = sanic_app.test_client.get( - "/auth/me", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 @@ -156,9 +147,7 @@ def test_verify_endpoint_with_error( assert response.json.get("exception") == "InvalidToken" assert "Signature has expired." in response.json.get("reasons") - def test_refresh_token_sync( - self, app_with_sync_methods, authenticated_response - ): + def test_refresh_token_sync(self, app_with_sync_methods, authenticated_response): sanic_app, sanicjwt = app_with_sync_methods access_token = authenticated_response.json.get( sanicjwt.config.access_token_name(), None @@ -173,13 +162,11 @@ def test_refresh_token_sync( json={sanicjwt.config.refresh_token_name(): refresh_token}, ) - new_access_token = response.json.get( - sanicjwt.config.access_token_name(), None - ) + new_access_token = response.json.get(sanicjwt.config.access_token_name(), None) assert response.status == 200 assert new_access_token is not None - assert response.json.get( - sanicjwt.config.refresh_token_name(), None - ) is None # there is no new refresh token + assert ( + response.json.get(sanicjwt.config.refresh_token_name(), None) is None + ) # there is no new refresh token assert sanicjwt.config.refresh_token_name() not in response.json diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index 73b700e..2324e17 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -14,9 +14,7 @@ async def test(request): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( "/abort", headers={"Authorization": "Bearer {}".format(access_token)} diff --git a/tests/test_extend_payload.py b/tests/test_extend_payload.py index 9e5d229..5c65866 100644 --- a/tests/test_extend_payload.py +++ b/tests/test_extend_payload.py @@ -8,7 +8,6 @@ class User: - def __init__(self, id, username, password): self.user_id = id self.username = username @@ -45,15 +44,12 @@ async def authenticate(request, *args, **kwargs): def test_extend_simple(): - def my_extender(payload): payload.update({"foo": "bar"}) return payload app = Sanic() - sanicjwt = Initialize( - app, authenticate=authenticate, extend_payload=my_extender - ) + sanicjwt = Initialize(app, authenticate=authenticate, extend_payload=my_extender) _, response = app.test_client.post( "/auth", json={"username": "user1", "password": "abcxyz"} @@ -61,23 +57,22 @@ def my_extender(payload): assert response.status == 200 access_token = response.json.get(sanicjwt.config.access_token_name(), None) - payload = jwt.decode(access_token, sanicjwt.config.secret()) + payload = jwt.decode( + access_token, sanicjwt.config.secret(), algorithms=sanicjwt.config.algorithm() + ) assert "foo" in payload assert payload.get("foo") == "bar" def test_extend_with_username(): - def my_extender(payload, user): username = user.to_dict().get("username") payload.update({"username": username}) return payload app = Sanic() - sanicjwt = Initialize( - app, authenticate=authenticate, extend_payload=my_extender - ) + sanicjwt = Initialize(app, authenticate=authenticate, extend_payload=my_extender) _, response = app.test_client.post( "/auth", json={"username": "user1", "password": "abcxyz"} @@ -85,16 +80,16 @@ def my_extender(payload, user): assert response.status == 200 access_token = response.json.get(sanicjwt.config.access_token_name(), None) - payload = jwt.decode(access_token, sanicjwt.config.secret()) + payload = jwt.decode( + access_token, sanicjwt.config.secret(), algorithms=sanicjwt.config.algorithm() + ) assert "username" in payload assert payload.get("username") == "user1" def test_extend_with_username_as_subclass(): - class MyAuthentication(Authentication): - async def extend_payload(self, payload, user): username = user.to_dict().get("username") payload.update({"username": username}) @@ -111,14 +106,15 @@ async def extend_payload(self, payload, user): assert response.status == 200 access_token = response.json.get(sanicjwt.config.access_token_name(), None) - payload = jwt.decode(access_token, sanicjwt.config.secret()) + payload = jwt.decode( + access_token, sanicjwt.config.secret(), algorithms=sanicjwt.config.algorithm() + ) assert "username" in payload assert payload.get("username") == "user1" def test_extend_with_mising_claim(): - def my_extender(payload, user): del payload["nbf"] return payload diff --git a/tests/test_extra_verifications.py b/tests/test_extra_verifications.py index eb61b03..d6fd86f 100644 --- a/tests/test_extra_verifications.py +++ b/tests/test_extra_verifications.py @@ -10,12 +10,9 @@ def test_extra_verification_passing(app_with_extra_verification): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 401 @@ -25,19 +22,15 @@ def test_extra_verification_passing(app_with_extra_verification): "/auth", json={"username": "user2", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 def test_extra_verification_non_boolean_return(authenticate): - def bad_return(payload): return 123 @@ -60,13 +53,10 @@ async def protected_request(request): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 500 @@ -94,13 +84,10 @@ async def protected_request(request): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 500 diff --git a/tests/test_initialize.py b/tests/test_initialize.py index e2d9f32..f964bf3 100644 --- a/tests/test_initialize.py +++ b/tests/test_initialize.py @@ -23,9 +23,7 @@ def test_store_refresh_token_ommitted(): app.config.SANIC_JWT_REFRESH_TOKEN_ENABLED = True with pytest.raises(exceptions.RefreshTokenNotImplemented): - Initialize( - app, authenticate=lambda: True, retrieve_refresh_token=lambda: True - ) + Initialize(app, authenticate=lambda: True, retrieve_refresh_token=lambda: True) def test_retrieve_refresh_token_ommitted(): @@ -33,9 +31,7 @@ def test_retrieve_refresh_token_ommitted(): app.config.SANIC_JWT_REFRESH_TOKEN_ENABLED = True with pytest.raises(exceptions.RefreshTokenNotImplemented): - initialize( - app, authenticate=lambda: True, store_refresh_token=lambda: True - ) + initialize(app, authenticate=lambda: True, store_refresh_token=lambda: True) def test_store_refresh_token_and_retrieve_refresh_token_defined(): @@ -59,9 +55,7 @@ class NotAView(object): pass with pytest.raises(exceptions.InvalidClassViewsFormat): - initialize( - app, authenticate=lambda: True, class_views=[(object, NotAView)] - ) + initialize(app, authenticate=lambda: True, class_views=[(object, NotAView)]) def test_initialize_class_missing_authenticate(): @@ -160,9 +154,7 @@ def test_initialize_class_on_blueprint_with_url_prefix_and_config(): def test_initialize_with_custom_endpoint_not_subclassed(): - class SubclassHTTPMethodView(HTTPMethodView): - async def options(self, request): return text("", status=204) @@ -179,7 +171,6 @@ async def get(self, request): def test_invalid_configuration_object(): - class MyInvalidConfiguration: MY_CUSTOM_SETTING = "foo" @@ -189,9 +180,7 @@ class MyInvalidConfiguration: def test_invalid_authentication_object(): - class MyInvalidAuthentication: - async def authenticate(*args, **kwargs): return True @@ -201,7 +190,6 @@ async def authenticate(*args, **kwargs): def test_invalid_response_object(): - class MyInvalidResponses: pass diff --git a/tests/test_me_invalid.py b/tests/test_me_invalid.py index d70e0bc..189375b 100644 --- a/tests/test_me_invalid.py +++ b/tests/test_me_invalid.py @@ -37,10 +37,10 @@ def test_expired(app_with_retrieve_user): async def my_protected_user(request, user): return json({"user_id": user.user_id}) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + payload = jwt.decode( + access_token, sanic_jwt.config.secret(), algorithms=sanic_jwt.config.algorithm() ) - payload = jwt.decode(access_token, sanic_jwt.config.secret()) exp = payload.get("exp", None) assert "exp" in payload @@ -52,8 +52,7 @@ async def my_protected_user(request, user): assert datetime.utcnow() > exp _, response = sanic_app.test_client.get( - "/auth/me", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 401 diff --git a/tests/test_microservices.py b/tests/test_microservices.py index fc387eb..fb277e3 100644 --- a/tests/test_microservices.py +++ b/tests/test_microservices.py @@ -43,15 +43,12 @@ async def protected_request(request): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get( - sanic_jwt.config.access_token_name(), None - ) + access_token = response.json.get(sanic_jwt.config.access_token_name(), None) assert response.status == 200 assert access_token is not None _, response = microservice_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) assert response.status == 200 diff --git a/tests/test_utils.py b/tests/test_utils.py index 54059dc..615d9bd 100644 --- a/tests/test_utils.py +++ b/tests/test_utils.py @@ -12,7 +12,6 @@ def fcontent(): @pytest.mark.asyncio async def test_call(): - def sync_func(a, b, c=0): return a + b + c diff --git a/tests/test_wrong_token.py b/tests/test_wrong_token.py index 343c229..17118fa 100644 --- a/tests/test_wrong_token.py +++ b/tests/test_wrong_token.py @@ -7,16 +7,11 @@ def test_wrong_token(app): payload = {"foo": "bar"} access_token = jwt.encode( - payload, - sanic_jwt.config.secret(), - algorithm=sanic_jwt.config.algorithm(), - ).decode( - "utf-8" - ) + payload, sanic_jwt.config.secret(), algorithm=sanic_jwt.config.algorithm() + ).decode("utf-8") _, response = sanic_app.test_client.get( - "/protected", - headers={"Authorization": "Bearer {}".format(access_token)}, + "/protected", headers={"Authorization": "Bearer {}".format(access_token)} ) print(response.json) From bc1d4316408f45324228a7183b256ba095347f60 Mon Sep 17 00:00:00 2001 From: amor71 Date: Sat, 30 Mar 2019 23:01:53 -0400 Subject: [PATCH 2/5] 1. add configuration for url redirect 2. add decorators support 3. black --- sanic_jwt/configuration.py | 3 ++- sanic_jwt/decorators.py | 33 +++++++++++++++++++-------------- 2 files changed, 21 insertions(+), 15 deletions(-) diff --git a/sanic_jwt/configuration.py b/sanic_jwt/configuration.py index 3010a4b..9f671ab 100644 --- a/sanic_jwt/configuration.py +++ b/sanic_jwt/configuration.py @@ -50,7 +50,8 @@ "url_prefix": "/auth", "user_id": "user_id", "blueprint_name": "auth_bp", - "verify_exp": True + "verify_exp": True, + "login_redirect_url": None, } aliases = { diff --git a/sanic_jwt/decorators.py b/sanic_jwt/decorators.py index 387eecf..4373053 100644 --- a/sanic_jwt/decorators.py +++ b/sanic_jwt/decorators.py @@ -5,6 +5,8 @@ from functools import wraps from inspect import isawaitable from sanic import Blueprint +from sanic.response import redirect + from . import exceptions from . import utils @@ -58,7 +60,9 @@ async def _do_protection(*args, **kwargs): try: if instance.auth.config.do_protection(): ( - is_authenticated, status, reasons + is_authenticated, + status, + reasons, ) = instance.auth._check_authentication( request, request_args=args, request_kwargs=use_kwargs ) @@ -77,11 +81,11 @@ async def _do_protection(*args, **kwargs): except exceptions.SanicJWTException as e: is_authenticated = False status = e.status_code - reasons = instance.auth._reasons if ( - instance.auth._reasons and instance.auth.config.debug() - ) else e.args[ - 0 - ] + reasons = ( + instance.auth._reasons + if (instance.auth._reasons and instance.auth.config.debug()) + else e.args[0] + ) if is_authenticated: if kwargs.get("return_response", True): @@ -94,13 +98,18 @@ async def _do_protection(*args, **kwargs): return True, instance else: + if kw.get("redirect_on_fail", False): + where_to = kw.get( + "redirect_url", instance.auth.config.login_redirect_url() + ) + if where_to is not None: + return redirect(where_to, status=302) + raise exceptions.Unauthorized(reasons, status_code=status) def protected(initialized_on=None, **kw): - def decorator(f): - @wraps(f) async def decorated_function(request, *args, **kwargs): kwargs.update( @@ -125,9 +134,7 @@ def scoped( initialized_on=None, **kw ): - def decorator(f): - @wraps(f) async def decorated_function(request, *args, **kwargs): protect_kwargs = deepcopy(kwargs) @@ -189,13 +196,11 @@ async def decorated_function(request, *args, **kwargs): def inject_user(initialized_on=None, **kw): - def decorator(f): - @wraps(f) async def decorated_function(request, *args, **kwargs): - if ( - initialized_on and isinstance(initialized_on, Blueprint) + if initialized_on and isinstance( + initialized_on, Blueprint ): # noqa instance = initialized_on else: From e2f61dca7ed37d803def8439c2e7a86c2c47cf0c Mon Sep 17 00:00:00 2001 From: amor71 Date: Sat, 30 Mar 2019 23:02:30 -0400 Subject: [PATCH 3/5] black configuration --- sanic_jwt/configuration.py | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/sanic_jwt/configuration.py b/sanic_jwt/configuration.py index 9f671ab..c94e7e6 100644 --- a/sanic_jwt/configuration.py +++ b/sanic_jwt/configuration.py @@ -55,7 +55,8 @@ } aliases = { - "cookie_access_token_name": "cookie_token_name", "secret": "public_key" + "cookie_access_token_name": "cookie_token_name", + "secret": "public_key", } ignore_keys = ( @@ -96,7 +97,6 @@ def _update_config_item(key, item_aliases, instance): class ConfigItem: - def __init__( self, value, @@ -151,7 +151,6 @@ def aliases(self): class Configuration: - def __iter__(self): # noqa for key in self.config_keys: yield getattr(self, key) @@ -182,9 +181,8 @@ def __new__(cls, *args, **kwargs): # check if a configuration key is set # and is an instance of ConfigItem - if ( - hasattr(instance, key) - and isinstance(getattr(instance, key), ConfigItem) + if hasattr(instance, key) and isinstance( + getattr(instance, key), ConfigItem ): _update_config_item(key, item_aliases, instance) # check if a configuration key is set with a value @@ -286,9 +284,8 @@ def _merge(self, key, value): def _validate_secret(self): logger.debug("validating provided secret") - if ( - self.secret() is None - or (isinstance(self.secret(), str) and self.secret().strip() == "") + if self.secret() is None or ( + isinstance(self.secret(), str) and self.secret().strip() == "" ): raise exceptions.InvalidConfiguration( "the SANIC_JWT_SECRET parameter cannot be None nor an empty " @@ -297,14 +294,11 @@ def _validate_secret(self): def _validate_keys(self): logger.debug("validating keys (if needed)") - if ( - utils.algorithm_is_asymmetric(self.algorithm()) - and ( - self.private_key() is None - or ( - isinstance(self.private_key(), str) - and self.private_key().strip() == "" - ) + if utils.algorithm_is_asymmetric(self.algorithm()) and ( + self.private_key() is None + or ( + isinstance(self.private_key(), str) + and self.private_key().strip() == "" ) ): raise exceptions.RequiredKeysNotFound From ee71e34d347b76601b738cd72f53a547fa29fd79 Mon Sep 17 00:00:00 2001 From: amor71 Date: Sun, 31 Mar 2019 14:57:17 -0400 Subject: [PATCH 4/5] complete unit tests --- tests/test_decorators.py | 119 +++++++++++++++++++++++++++++++++++---- 1 file changed, 107 insertions(+), 12 deletions(-) diff --git a/tests/test_decorators.py b/tests/test_decorators.py index 267e317..5ca3bde 100644 --- a/tests/test_decorators.py +++ b/tests/test_decorators.py @@ -34,14 +34,16 @@ async def scoped_endpoint(request): access_token = response.json.get(sanicjwt.config.access_token_name(), None) _, response = app.test_client.get( - "/test/protected", headers={"Authorization": "Bearer {}".format(access_token)} + "/test/protected", + headers={"Authorization": "Bearer {}".format(access_token)}, ) assert response.status == 500 assert response.json.get("exception") == "SanicJWTException" _, response = app.test_client.get( - "/test/scoped", headers={"Authorization": "Bearer {}".format(access_token)} + "/test/scoped", + headers={"Authorization": "Bearer {}".format(access_token)}, ) assert response.status == 500 @@ -73,7 +75,9 @@ def test_inject_user_regular(app_with_retrieve_user): async def my_protected_user(request, user): return json({"user_id": user.user_id}) - access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + access_token = response.json.get( + sanic_jwt.config.access_token_name(), None + ) _, response = sanic_app.test_client.get( "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} @@ -82,7 +86,8 @@ async def my_protected_user(request, user): assert response.json.get("me").get("user_id") == 1 _, response = sanic_app.test_client.get( - "/protected/user", headers={"Authorization": "Bearer {}".format(access_token)} + "/protected/user", + headers={"Authorization": "Bearer {}".format(access_token)}, ) assert response.status == 200 assert response.json.get("user_id") == 1 @@ -100,7 +105,9 @@ def test_inject_user_on_instance(app_with_retrieve_user): async def my_protected_user(request, user): return json({"user_id": user.user_id}) - access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + access_token = response.json.get( + sanic_jwt.config.access_token_name(), None + ) _, response = sanic_app.test_client.get( "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} @@ -109,7 +116,8 @@ async def my_protected_user(request, user): assert response.json.get("me").get("user_id") == 1 _, response = sanic_app.test_client.get( - "/protected/user", headers={"Authorization": "Bearer {}".format(access_token)} + "/protected/user", + headers={"Authorization": "Bearer {}".format(access_token)}, ) assert response.status == 200 assert response.json.get("user_id") == 1 @@ -127,7 +135,9 @@ def test_inject_user_on_instance_bp(app_with_retrieve_user): async def my_protected_user(request, user): return json({"user_id": user.user_id}) - access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + access_token = response.json.get( + sanic_jwt.config.access_token_name(), None + ) _, response = sanic_app.test_client.get( "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} @@ -136,7 +146,8 @@ async def my_protected_user(request, user): assert response.json.get("me").get("user_id") == 1 _, response = sanic_app.test_client.get( - "/protected/user", headers={"Authorization": "Bearer {}".format(access_token)} + "/protected/user", + headers={"Authorization": "Bearer {}".format(access_token)}, ) assert response.status == 200 assert response.json.get("user_id") == 1 @@ -154,7 +165,9 @@ def test_inject_user_on_instance_non_async(app_with_retrieve_user): def my_protected_user(request, user): return json({"user_id": user.user_id}) - access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + access_token = response.json.get( + sanic_jwt.config.access_token_name(), None + ) _, response = sanic_app.test_client.get( "/auth/me", headers={"Authorization": "Bearer {}".format(access_token)} @@ -163,7 +176,8 @@ def my_protected_user(request, user): assert response.json.get("me").get("user_id") == 1 _, response = sanic_app.test_client.get( - "/protected/user", headers={"Authorization": "Bearer {}".format(access_token)} + "/protected/user", + headers={"Authorization": "Bearer {}".format(access_token)}, ) assert response.status == 200 assert response.json.get("user_id") == 1 @@ -189,10 +203,13 @@ async def my_protected_user(request, user): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + access_token = response.json.get( + sanic_jwt.config.access_token_name(), None + ) _, response = microservice_app.test_client.get( - "/protected/user", headers={"Authorization": "Bearer {}".format(access_token)} + "/protected/user", + headers={"Authorization": "Bearer {}".format(access_token)}, ) assert response.status == 200 @@ -201,3 +218,81 @@ async def my_protected_user(request, user): _, response = microservice_app.test_client.get("/protected/user") assert response.status == 401 + + +def test_redirect_without_url(app): + sanic_app, sanic_jwt = app + + @sanic_app.route("/protected/static") + @sanic_jwt.protected(redirect_on_fail=True) + async def my_protected_static(request): + return text("", status=200) + + _, response = sanic_app.test_client.get("/protected/static") + + assert response.status == 401 + + +def test_redirect_with_decorator_url(app): + sanic_app, sanic_jwt = app + + @sanic_app.route("/protected/static") + @sanic_jwt.protected(redirect_on_fail=True, redirect_url="/unprotected") + async def my_protected_static(request): + return text("", status=200) + + @sanic_app.route("/unprotected") + async def my_unprotected_goto(request): + return text("unprotected content", status=200) + + _, response = sanic_app.test_client.get("/protected/static") + + assert response.status == 200 and response.text == "unprotected content" + + +def test_redirect_with_configured_url(): + sanic_app = Sanic() + sanic_jwt = Initialize( + sanic_app, auth_mode=False, login_redirect_url="/unprotected" + ) + + @sanic_app.route("/protected/static") + @sanic_jwt.protected(redirect_on_fail=True) + async def my_protected_static(request): + return text("", status=200) + + @sanic_app.route("/unprotected") + async def my_unprotected_goto(request): + return text("unprotected content", status=200) + + _, response = sanic_app.test_client.get("/protected/static") + + assert response.status == 200 and response.text == "unprotected content" + + +def test_authenticated_redirect(app_with_retrieve_user): + sanic_app, sanic_jwt = app_with_retrieve_user + _, response = sanic_app.test_client.post( + "/auth", json={"username": "user1", "password": "abcxyz"} + ) + + @sanic_app.route("/protected/static") + @sanic_jwt.protected(redirect_on_fail=True) + async def my_protected_static(request): + return text("protected content", status=200) + + @sanic_app.route("/unprotected") + async def my_unprotected_goto(request): + return text("unprotected content", status=200) + + access_token = response.json.get( + sanic_jwt.config.access_token_name(), None + ) + + _, response = sanic_app.test_client.get( + "/protected/static", + headers={"Authorization": "Bearer {}".format(access_token)}, + ) + + assert response.status == 200 and response.text == "protected content" + From 16a3f36f0c9bd0df44ff6e8391a72f32da67e83d Mon Sep 17 00:00:00 2001 From: Adam Hopkins Date: Wed, 24 Apr 2019 23:24:25 +0300 Subject: [PATCH 5/5] add support for CBV method level decorators --- sanic_jwt/decorators.py | 27 +++++++++++++------------- tests/test_endpoints_cbv.py | 38 ++++++++++++++++++++++++++++++++++--- 2 files changed, 48 insertions(+), 17 deletions(-) diff --git a/sanic_jwt/decorators.py b/sanic_jwt/decorators.py index 387eecf..16e9c8d 100644 --- a/sanic_jwt/decorators.py +++ b/sanic_jwt/decorators.py @@ -5,6 +5,7 @@ from functools import wraps from inspect import isawaitable from sanic import Blueprint +from sanic.views import HTTPMethodView from . import exceptions from . import utils @@ -58,7 +59,9 @@ async def _do_protection(*args, **kwargs): try: if instance.auth.config.do_protection(): ( - is_authenticated, status, reasons + is_authenticated, + status, + reasons, ) = instance.auth._check_authentication( request, request_args=args, request_kwargs=use_kwargs ) @@ -77,11 +80,11 @@ async def _do_protection(*args, **kwargs): except exceptions.SanicJWTException as e: is_authenticated = False status = e.status_code - reasons = instance.auth._reasons if ( - instance.auth._reasons and instance.auth.config.debug() - ) else e.args[ - 0 - ] + reasons = ( + instance.auth._reasons + if (instance.auth._reasons and instance.auth.config.debug()) + else e.args[0] + ) if is_authenticated: if kwargs.get("return_response", True): @@ -98,11 +101,11 @@ async def _do_protection(*args, **kwargs): def protected(initialized_on=None, **kw): - def decorator(f): - @wraps(f) async def decorated_function(request, *args, **kwargs): + if issubclass(request.__class__, HTTPMethodView): + request = args[0] kwargs.update( { "initialized_on": initialized_on, @@ -125,9 +128,7 @@ def scoped( initialized_on=None, **kw ): - def decorator(f): - @wraps(f) async def decorated_function(request, *args, **kwargs): protect_kwargs = deepcopy(kwargs) @@ -189,13 +190,11 @@ async def decorated_function(request, *args, **kwargs): def inject_user(initialized_on=None, **kw): - def decorator(f): - @wraps(f) async def decorated_function(request, *args, **kwargs): - if ( - initialized_on and isinstance(initialized_on, Blueprint) + if initialized_on and isinstance( + initialized_on, Blueprint ): # noqa instance = initialized_on else: diff --git a/tests/test_endpoints_cbv.py b/tests/test_endpoints_cbv.py index 1491b72..3b9e12a 100644 --- a/tests/test_endpoints_cbv.py +++ b/tests/test_endpoints_cbv.py @@ -58,8 +58,18 @@ async def get(self, request): return json({"protected": True}) +class PartiallyProtectedView(HTTPMethodView): + async def get(self, request): + return json({"protected": True}) + + @protected() + async def patch(self, request): + return json({"protected": True}) + + sanic_app.add_route(PublicView.as_view(), "/") sanic_app.add_route(ProtectedView.as_view(), "/protected") +sanic_app.add_route(PartiallyProtectedView.as_view(), "/partially") class TestEndpointsCBV(object): @@ -71,7 +81,20 @@ def test_protected(self): _, response = sanic_app.test_client.get("/protected") assert response.status == 401 assert response.json.get("exception") == "Unauthorized" - assert "Authorization header not present." in response.json.get("reasons") + assert "Authorization header not present." in response.json.get( + "reasons" + ) + + def test_partially_protected(self): + _, response = sanic_app.test_client.get("/partially") + assert response.status == 200 + + _, response = sanic_app.test_client.patch("/partially") + assert response.status == 401 + assert response.json.get("exception") == "Unauthorized" + assert "Authorization header not present." in response.json.get( + "reasons" + ) def test_auth_invalid_method(self): _, response = sanic_app.test_client.get("/auth") @@ -83,7 +106,9 @@ def test_auth_proper_credentials(self): "/auth", json={"username": "user1", "password": "abcxyz"} ) - access_token = response.json.get(sanic_jwt.config.access_token_name(), None) + access_token = response.json.get( + sanic_jwt.config.access_token_name(), None + ) payload = jwt.decode( access_token, sanic_jwt.config.secret(), @@ -97,6 +122,13 @@ def test_auth_proper_credentials(self): assert "exp" in payload _, response = sanic_app.test_client.get( - "/protected", headers={"Authorization": "Bearer {}".format(access_token)} + "/protected", + headers={"Authorization": "Bearer {}".format(access_token)}, + ) + assert response.status == 200 + + _, response = sanic_app.test_client.patch( + "/partially", + headers={"Authorization": "Bearer {}".format(access_token)}, ) assert response.status == 200