mirror of https://github.com/MieuxVoter/mvapi
parent
caacaad028
commit
f7fc535a89
@ -0,0 +1,47 @@
|
||||
import json
|
||||
from collections.abc import Mapping
|
||||
import typing as t
|
||||
from jose import jws, JWSError
|
||||
from . import errors
|
||||
from .settings import settings
|
||||
|
||||
|
||||
def jws_verify(token: str) -> Mapping[str, t.Any]:
|
||||
"""
|
||||
Verify the content of a JWS token
|
||||
"""
|
||||
try:
|
||||
data = jws.verify(token, settings.secret, algorithms=["HS256"])
|
||||
except JWSError:
|
||||
raise errors.UnauthorizedError("Can not decode token")
|
||||
|
||||
if not isinstance(data, bytes):
|
||||
raise errors.BadRequestError("Ununderstandable token")
|
||||
|
||||
try:
|
||||
return json.loads(data)
|
||||
except json.decoder.JSONDecodeError:
|
||||
raise errors.BadRequestError("Ununderstandable token")
|
||||
|
||||
|
||||
def create_ballot_token(
|
||||
vote_ids: int | list[int],
|
||||
election_id: int,
|
||||
) -> str:
|
||||
if isinstance(vote_ids, int):
|
||||
vote_ids = [vote_ids]
|
||||
return jws.sign(
|
||||
{"votes": vote_ids, "election": election_id},
|
||||
settings.secret,
|
||||
algorithm="HS256",
|
||||
)
|
||||
|
||||
|
||||
def create_admin_token(
|
||||
election_id: int,
|
||||
) -> str:
|
||||
return jws.sign(
|
||||
{"admin": True, "election": election_id},
|
||||
settings.secret,
|
||||
algorithm="HS256",
|
||||
)
|
@ -0,0 +1,56 @@
|
||||
import pytest
|
||||
from jose import jws
|
||||
from ..auth import create_ballot_token, jws_verify, create_admin_token
|
||||
from ..settings import settings
|
||||
from .. import errors
|
||||
|
||||
|
||||
def test_jws_verify_dict():
|
||||
"""
|
||||
Can verify a JWS token given as a dict
|
||||
"""
|
||||
payload = {"bar": "foo"}
|
||||
token = jws.sign(payload, settings.secret, algorithm="HS256")
|
||||
data = jws_verify(token)
|
||||
assert payload == data
|
||||
|
||||
|
||||
def test_jws_verify_secret():
|
||||
"""
|
||||
It must fail with a wrong key
|
||||
"""
|
||||
payload = {"bar": "foo"}
|
||||
token = jws.sign(payload, settings.secret + "WRONG", algorithm="HS256")
|
||||
with pytest.raises(errors.UnauthorizedError):
|
||||
jws_verify(token)
|
||||
|
||||
|
||||
def test_jws_verify_bytes():
|
||||
"""
|
||||
It must fail with bytes content
|
||||
"""
|
||||
payload = b"foo"
|
||||
token = jws.sign(payload, settings.secret, algorithm="HS256")
|
||||
with pytest.raises(errors.BadRequestError):
|
||||
jws_verify(token)
|
||||
|
||||
|
||||
def test_ballot_token():
|
||||
"""
|
||||
Can verify ballot tokens with MANY different tokens
|
||||
"""
|
||||
vote_ids = list(range(1000))
|
||||
election_id = 0
|
||||
token = create_ballot_token(vote_ids, election_id)
|
||||
data = jws_verify(token)
|
||||
assert data == {"votes": vote_ids, "election": election_id}
|
||||
|
||||
|
||||
def test_admin_token():
|
||||
"""
|
||||
Can verify ballot tokens with MANY different tokens
|
||||
"""
|
||||
election_id = 0
|
||||
token = create_admin_token(election_id)
|
||||
data = jws_verify(token)
|
||||
assert data == {"admin": True, "election": election_id}
|
@ -1 +1,7 @@
|
||||
docker exec -it majority-judgment-api-python-mj_api-1 pytest
|
||||
tmpfile=$(mktemp /tmp/mj-api.XXXX)
|
||||
echo "SECRET=mysecrettoken" >> $tmpfile
|
||||
echo "SQLITE=True" >> $tmpfile
|
||||
|
||||
docker run --env-file $tmpfile \
|
||||
majority-judgment/api-python:latest \
|
||||
pytest
|
||||
|
Loading…
Reference in new issue