Skip to content

Commit

Permalink
fix: remove useless tests
Browse files Browse the repository at this point in the history
  • Loading branch information
mumarkhan999 committed Jan 16, 2024
1 parent 3d268ed commit 281e6d7
Show file tree
Hide file tree
Showing 7 changed files with 121 additions and 117 deletions.
75 changes: 37 additions & 38 deletions lti_consumer/lti_1p3/key_handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,9 @@
import json
import math
import time
import sys
import logging

import jwt
from Cryptodome.PublicKey import RSA

from . import exceptions

Expand Down Expand Up @@ -103,25 +101,30 @@ def validate_and_decode(self, token):
The authorization server decodes the JWT and MUST validate the values for the
iss, sub, exp, aud and jti claims.
"""
try:
key_set = self._get_keyset()
if not key_set:
raise exceptions.NoSuitableKeys()
for i in range(len(key_set)):
try:
message = jwt.decode(
token,
key=key_set[i],
algorithms=['RS256', 'RS512',],
options={'verify_signature': True}
)
return message
except Exception:
if i == len(key_set) - 1:
raise
except Exception as token_error:
exc_info = sys.exc_info()
raise jwt.InvalidTokenError(exc_info[2]) from token_error
key_set = self._get_keyset()

for i, obj in enumerate(key_set):
try:
if hasattr(obj, 'key'):
key = obj.key
else:
key = obj

message = jwt.decode(
token,
key,
algorithms=['RS256', 'RS512',],
options={
'verify_signature': True,
'verify_aud': False
}
)
return message
except Exception: # pylint: disable=broad-except
if i == len(key_set) - 1:
raise

raise exceptions.NoSuitableKeys()


class PlatformKeyHandler:
Expand All @@ -131,7 +134,7 @@ class PlatformKeyHandler:
This class loads the platform key and is responsible for
encoding JWT messages and exporting public keys.
"""
def __init__(self, key_pem, kid=None):
def __init__(self, key_pem, kid=None): # pylint: disable=unused-argument
"""
Import Key when instancing class if a key is present.
"""
Expand Down Expand Up @@ -196,20 +199,16 @@ def validate_and_decode(self, token, iss=None, aud=None):
"""
if not self.key:
raise exceptions.RsaKeyNotSet()
try:
message = jwt.decode(
token,
key=self.key.public_key(),
audience=aud,
issuer=iss,
algorithms=['RS256', 'RS512'],
options={
'verify_signature': True,
'verify_aud': True if aud else False
}
)
return message

except Exception as token_error:
exc_info = sys.exc_info()
raise jwt.InvalidTokenError(exc_info[2]) from token_error
message = jwt.decode(
token,
key=self.key.public_key(),
audience=aud,
issuer=iss,
algorithms=['RS256', 'RS512'],
options={
'verify_signature': True,
'verify_aud': bool(aud)
}
)
return message
17 changes: 8 additions & 9 deletions lti_consumer/lti_1p3/tests/test_consumer.py
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@

import ddt
import jwt
import sys
from Cryptodome.PublicKey import RSA
from django.conf import settings
from django.test.testcases import TestCase
Expand Down Expand Up @@ -115,30 +114,30 @@ def _get_lti_message(

def _decode_token(self, token):
"""
Checks for a valid signarute and decodes JWT signed LTI message
Checks for a valid signature and decodes JWT signed LTI message
This also tests the public keyset function.
"""
public_keyset = self.lti_consumer.get_public_keyset()
keyset = PyJWKSet.from_dict(public_keyset).keys

for i in range(len(keyset)):
for i, obj in enumerate(keyset):
try:
message = jwt.decode(
token,
key=keyset[i].key,
key=obj.key,
algorithms=['RS256', 'RS512'],
options={
'verify_signature': True,
'verify_aud': False
}
)
return message
except Exception as token_error:
if i < len(keyset) - 1:
continue
exc_info = sys.exc_info()
raise jwt.InvalidTokenError(exc_info[2]) from token_error
except Exception: # pylint: disable=broad-except
if i == len(keyset) - 1:
raise

return exceptions.NoSuitableKeys()

@ddt.data(
({"client_id": CLIENT_ID, "redirect_uri": LAUNCH_URL, "nonce": STATE, "state": STATE}, True),
Expand Down
78 changes: 38 additions & 40 deletions lti_consumer/lti_1p3/tests/test_key_handlers.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,8 @@
import jwt
from Cryptodome.PublicKey import RSA
from django.test.testcases import TestCase
from jwkest import BadSignature
from jwkest.jwk import RSAKey, load_jwks
from jwkest.jws import JWS, NoSuitableSigningKeys, UnknownAlgorithm

from jwkest.jwk import load_jwks
from jwkest.jws import JWS

from lti_consumer.lti_1p3 import exceptions
from lti_consumer.lti_1p3.key_handlers import PlatformKeyHandler, ToolKeyHandler
Expand Down Expand Up @@ -87,29 +85,29 @@ def test_encode_and_sign_with_exp(self, mock_time):
}
)

def test_encode_and_sign_no_suitable_keys(self):
"""
Test if an exception is raised when there are no suitable keys when signing the JWT.
"""
message = {
"test": "test"
}

with patch('lti_consumer.lti_1p3.key_handlers.JWS.sign_compact', side_effect=NoSuitableSigningKeys):
with self.assertRaises(exceptions.NoSuitableKeys):
self.key_handler.encode_and_sign(message)

def test_encode_and_sign_unknown_algorithm(self):
"""
Test if an exception is raised when the signing algorithm is unknown when signing the JWT.
"""
message = {
"test": "test"
}

with patch('lti_consumer.lti_1p3.key_handlers.JWS.sign_compact', side_effect=UnknownAlgorithm):
with self.assertRaises(exceptions.MalformedJwtToken):
self.key_handler.encode_and_sign(message)
# def test_encode_and_sign_no_suitable_keys(self):
# """
# Test if an exception is raised when there are no suitable keys when signing the JWT.
# """
# message = {
# "test": "test"
# }

# with patch('lti_consumer.lti_1p3.key_handlers.JWS.sign_compact', side_effect=NoSuitableSigningKeys):
# with self.assertRaises(exceptions.NoSuitableKeys):
# self.key_handler.encode_and_sign(message)

# def test_encode_and_sign_unknown_algorithm(self):
# """
# Test if an exception is raised when the signing algorithm is unknown when signing the JWT.
# """
# message = {
# "test": "test"
# }

# with patch('lti_consumer.lti_1p3.key_handlers.JWS.sign_compact', side_effect=UnknownAlgorithm):
# with self.assertRaises(exceptions.MalformedJwtToken):
# self.key_handler.encode_and_sign(message)

def test_invalid_rsa_key(self):
"""
Expand Down Expand Up @@ -318,20 +316,20 @@ def test_validate_and_decode_no_keys(self):
signed = create_jwt(self.key, message)

# Decode and check results
with self.assertRaises(jwt.InvalidTokenError):
with self.assertRaises(exceptions.NoSuitableKeys):
key_handler.validate_and_decode(signed)

@patch("lti_consumer.lti_1p3.key_handlers.jwt.decode")
def test_validate_and_decode_bad_signature(self, mock_jwt_decode):
mock_jwt_decode.side_effect = Exception()
self._setup_key_handler()
# @patch("lti_consumer.lti_1p3.key_handlers.jwt.decode")
# def test_validate_and_decode_bad_signature(self, mock_jwt_decode):
# mock_jwt_decode.side_effect = BadSignature()
# self._setup_key_handler()

message = {
"test": "test_message",
"iat": 1000,
"exp": 1200,
}
signed = create_jwt(self.key, message)
# message = {
# "test": "test_message",
# "iat": 1000,
# "exp": 1200,
# }
# signed = create_jwt(self.key, message)

with self.assertRaises(jwt.InvalidTokenError):
self.key_handler.validate_and_decode(signed)
# with self.assertRaises(exceptions.BadJwtSignature):
# self.key_handler.validate_and_decode(signed)
14 changes: 8 additions & 6 deletions lti_consumer/plugin/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -469,22 +469,24 @@ def access_token_endpoint(
))
)
return JsonResponse(token)
except Exception as token_error:
except Exception: # pylint: disable=broad-except
exc_info = sys.exc_info()

# Handle errors and return a proper response
if exc_info[0] == MissingRequiredClaim:
# Missing request attributes
return JsonResponse({"error": "invalid_request"}, status=HTTP_400_BAD_REQUEST)
elif exc_info[0] in (MalformedJwtToken, TokenSignatureExpired, jwt.InvalidTokenError):
elif exc_info[0] in (MalformedJwtToken, TokenSignatureExpired, jwt.exceptions.DecodeError):
# Triggered when a invalid grant token is used
return JsonResponse({"error": "invalid_grant"}, status=HTTP_400_BAD_REQUEST)
elif exc_info[0] == UnsupportedGrantType:
return JsonResponse({"error": "unsupported_grant_type"}, status=HTTP_400_BAD_REQUEST)
else:
elif exc_info[0] in (NoSuitableKeys, UnknownClientId, jwt.exceptions.InvalidSignatureError):
# Client ID is not registered in the block or
# isn't possible to validate token using available keys.
return JsonResponse({"error": "invalid_client"}, status=HTTP_400_BAD_REQUEST)
elif exc_info[0] == UnsupportedGrantType:
return JsonResponse({"error": "unsupported_grant_type"}, status=HTTP_400_BAD_REQUEST)
else:
return JsonResponse({"error": "unidentified_error"}, status=HTTP_400_BAD_REQUEST)


# Post from external tool that doesn't
Expand Down Expand Up @@ -865,7 +867,7 @@ def start_proctoring_assessment_endpoint(request):

try:
decoded_jwt = jwt.decode(token, options={'verify_signature': False})
except Exception:
except Exception: # pylint: disable=broad-except
return render(request, 'html/lti_proctoring_start_error.html', status=HTTP_400_BAD_REQUEST)

iss = decoded_jwt.get('iss')
Expand Down
1 change: 0 additions & 1 deletion lti_consumer/tests/unit/plugin/test_proctoring.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@
from django.test.testcases import TestCase
from edx_django_utils.cache import TieredCache, get_cache_key
from jwkest.jwk import RSAKey
from jwkest.jwt import BadSyntax

from lti_consumer.data import Lti1p3LaunchData, Lti1p3ProctoringLaunchData
from lti_consumer.lti_1p3.exceptions import (BadJwtSignature, InvalidClaimValue, MalformedJwtToken,
Expand Down
1 change: 0 additions & 1 deletion lti_consumer/tests/unit/plugin/test_views.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@
from edx_django_utils.cache import TieredCache, get_cache_key

from Cryptodome.PublicKey import RSA
from jwkest.jwk import RSAKey
from opaque_keys.edx.keys import UsageKey
from lti_consumer.data import Lti1p3LaunchData, Lti1p3ProctoringLaunchData
from lti_consumer.models import LtiConfiguration, LtiDlContentItem
Expand Down
Loading

0 comments on commit 281e6d7

Please sign in to comment.