/
test_orgauthtoken_jwt.py
70 lines (54 loc) · 2.31 KB
/
test_orgauthtoken_jwt.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
from datetime import datetime
from sentry.testutils import TestCase
from sentry.utils import jwt
from sentry.utils.security.orgauthtoken_jwt import SENTRY_JWT_PREFIX, generate_token, parse_token
class OrgAuthTokenJwtTest(TestCase):
def test_generate_token(self):
token = generate_token("test-org", "https://test-region.sentry.io")
assert token
assert token.startswith(SENTRY_JWT_PREFIX)
def test_parse_token(self):
token = generate_token("test-org", "https://test-region.sentry.io")
token_payload = parse_token(token)
assert token_payload["sentry_org"] == "test-org"
assert token_payload["sentry_url"] == "http://testserver"
assert token_payload["sentry_region_url"] == "https://test-region.sentry.io"
assert token_payload["nonce"]
def test_parse_invalid_token(self):
assert parse_token("invalid-token") is None
def test_parse_invalid_token_iss(self):
jwt_payload = {
"iss": "invalid.io",
"iat": datetime.utcnow(),
"nonce": "test-nonce",
"sentry_url": "test-site",
"sentry_region_url": "test-site",
"sentry_org": "test-org",
}
jwt_token = jwt.encode(jwt_payload, "ABC")
token = SENTRY_JWT_PREFIX + jwt_token
assert parse_token(token) is None
def test_parse_token_changed_secret(self):
jwt_payload = {
"iss": "sentry.io",
"iat": datetime.utcnow(),
"nonce": "test-nonce",
"sentry_url": "test-site",
"sentry_region_url": "test-site",
"sentry_org": "test-org",
}
jwt_token = jwt.encode(jwt_payload, "other-secret-here")
token = SENTRY_JWT_PREFIX + jwt_token
token_payload = parse_token(token)
assert token_payload["sentry_org"] == "test-org"
assert token_payload["sentry_url"] == "test-site"
assert token_payload["nonce"]
def test_generate_token_unique(self):
jwt1 = generate_token("test-org", "https://test-region.sentry.io")
jwt2 = generate_token("test-org", "https://test-region.sentry.io")
jwt3 = generate_token("test-org", "https://test-region.sentry.io")
assert jwt1
assert jwt2
assert jwt3
assert jwt1 != jwt2
assert jwt2 != jwt3