8000 JWT Audit · DataXujing/twilio-python@5e3ea2f · GitHub
[go: up one dir, main page]
Skip to content

Commit 5e3ea2f

Browse files
author
matt
committed
JWT Audit
 * Move access_token into the jwt module * Update the task_router jwt code * Migrate tests for access_token and task_router from current gen
1 parent 905bb51 commit 5e3ea2f
Copy full SHA for 5e3ea2f

File tree

5 files changed

+866
-104
lines changed

5 files changed

+866
-104
lines changed

tests/unit/jwt/test_access_token.py

Lines changed: 107 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,107 @@
1+
import time
2+
import unittest
3+
4+
from datetime import datetime
5+
from nose.tools import assert_equal
6+
from twilio.jwt import decode
7+
from twilio.jwt.access_token import AccessToken, ConversationsGrant, IpMessagingGrant
8+
9+
ACCOUNT_SID = 'AC123'
10+
SIGNING_KEY_SID = 'SK123'
11+
12+
13+
# python2.6 support
14+
def assert_is_not_none(obj):
15+
assert obj is not None, '%r is None' % obj
16+
17+
18+
def assert_in(obj1, obj2):
19+
assert obj1 in obj2, '%r is not in %r' % (obj1, obj2)
20+
21+
22+
def assert_greater_equal(obj1, obj2):
23+
assert obj1 > obj2, '%r is not greater than or equal to %r' % (obj1, obj2)
24+
25+
26+
class AccessTokenTest(unittest.TestCase):
27+
def _validate_claims(self, payload):
28+
assert_equal(SIGNING_KEY_SID, payload['iss'])
29+
assert_equal(ACCOUNT_SID, payload['sub'])
30+
31+
assert_is_not_none(payload['exp'])
32+
assert_is_not_none(payload['jti'])
33+
assert_is_not_none(payload['grants'])
34+
35+
assert_greater_equal(payload['exp'], int(time.time()))
36+
37+
assert_in(payload['iss'], payload['jti'])
38+
39+
def test_empty_grants(self):
40+
scat = AccessToken(ACCOUNT_SID, SIGNING_KEY_SID, 'secret')
41+
token = str(scat)
42+
43+
assert_is_not_none(token)
44+
payload = decode(token, 'secret')
45+
self._validate_claims(payload)
46+
assert_equal({}, payload['grants'])
47+
48+
def test_nbf(self):
49+
now = int(time.mktime(datetime.now().timetuple()))
50+
scat = AccessToken(ACCOUNT_SID, SIGNING_KEY_SID, 'secret', nbf=now)
51+
token = str(scat)
52+
53+
assert_is_not_none(token)
54+
payload = decode(token, 'secret')
55+
self._validate_claims(payload)
56+
assert_equal(now, payload['nbf'])
57+
58+
def test_identity(self):
59+
scat = AccessToken(ACCOUNT_SID, SIGNING_KEY_SID, 'secret', identity='test@twilio.com')
60+
token = str(scat)
61+
62+
assert_is_not_none(token)
63+
payload = decode(token, 'secret')
64+
self._validate_claims(payload)
65+
assert_equal({
66+
'identity': 'test@twilio.com'
67+
}, payload['grants'])
68+
69+
def test_conversations_grant(self):
70+
scat = AccessToken(ACCOUNT_SID, SIGNING_KEY_SID, 'secret')
71+
scat.add_grant(ConversationsGrant(configuration_profile_sid='CP123'))
72+
73+
token = str(scat)
74+
assert_is_not_none(token)
75+
payload = decode(token, 'secret')
76+
self._validate_claims(payload)
77+
assert_equal(1, len(payload['grants']))
78+
assert_equal({
79+
'configuration_profile_sid': 'CP123'
80+
}, payload['grants']['rtc'])
81+
82+
def test_ip_messaging_grant(self):
83+
scat = AccessToken(ACCOUNT_SID, SIGNING_KEY_SID, 'secret')
84+
scat.add_grant(IpMessagingGrant(service_sid='IS123', push_credential_sid='CR123'))
85+
86+
token = str(scat)
87+
assert_is_not_none(token)
88+
payload = decode(token, 'secret')
89+
self._validate_claims(payload)
90+
assert_equal(1, len(payload['grants']))
91+
assert_equal({
92+
'service_sid': 'IS123',
93+
'push_credential_sid': 'CR123'
94+
}, payload['grants']['ip_messaging'])
95+
96+
def test_grants(self):
97+
scat = AccessToken(ACCOUNT_SID, SIGNING_KEY_SID, 'secret')
98+
scat.add_grant(ConversationsGrant())
99+
scat.add_grant(IpMessagingGrant())
100+
101+
token = str(scat)
102+
assert_is_not_none(token)
103+
payload = decode(token, 'secret')
104+
self._validate_claims(payload)
105+
assert_equal(2, len(payload['grants']))
106+
assert_equal({}, payload['grants']['rtc'])
107+
assert_equal({}, payload['grants']['ip_messaging'])

0 commit comments

Comments
 (0)
0