Yasuke/moto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Cognito - Dont run test in ServerMode

Browse Source
This commit is contained in:
Bert Blommers 2020-06-20 12:48:10 +01:00
parent 655b92a2a4
commit f27e29e04d
1 changed files with 51 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
tests/test_cognitoidp/test_cognitoidp.py
View File

@ -14,7 +14,7 @@ from botocore.exceptions import ClientError
from jose import jws, jwk, jwt from jose import jws, jwk, jwt
from nose.tools import assert_raises from nose.tools import assert_raises
from moto import mock_cognitoidp from moto import mock_cognitoidp, settings
from moto.core import ACCOUNT_ID from moto.core import ACCOUNT_ID
@ -1312,52 +1312,58 @@ def test_admin_update_user_attributes():
val.should.equal("Jane") val.should.equal("Jane")
@mock_cognitoidp # Test will retrieve public key from cognito.amazonaws.com/.well-known/jwks.json,
def test_idtoken_contains_kid_header(): # which isnt mocked in ServerMode
# https://github.com/spulec/moto/issues/3078 if not settings.TEST_SERVER_MODE:
# Setup
cognito = boto3.client("cognito-idp", "us-west-2")
user_pool_id = cognito.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"][
"Id"
]
client = cognito.create_user_pool_client(
UserPoolId=user_pool_id,
ExplicitAuthFlows=[
"ALLOW_ADMIN_USER_PASSWORD_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH",
"ALLOW_ADMIN_NO_SRP_AUTH",
],
AllowedOAuthFlows=["code", "implicit"],
ClientName=str(uuid.uuid4()),
CallbackURLs=["https://example.com"],
)
client_id = client["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
temporary_password = "1TemporaryP@ssword"
cognito.admin_create_user(
UserPoolId=user_pool_id, Username=username, TemporaryPassword=temporary_password
)
result = cognito.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
# A newly created user is forced to set a new password @mock_cognitoidp
# This sets a new password and logs the user in (creates tokens) def test_idtoken_contains_kid_header():
password = "1F@kePassword" # https://github.com/spulec/moto/issues/3078
result = cognito.respond_to_auth_challenge( # Setup
Session=result["Session"], cognito = boto3.client("cognito-idp", "us-west-2")
ClientId=client_id, user_pool_id = cognito.create_user_pool(PoolName=str(uuid.uuid4()))["UserPool"][
ChallengeName="NEW_PASSWORD_REQUIRED", "Id"
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": password}, ]
) client = cognito.create_user_pool_client(
# UserPoolId=user_pool_id,
id_token = result["AuthenticationResult"]["IdToken"] ExplicitAuthFlows=[
"ALLOW_ADMIN_USER_PASSWORD_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH",
"ALLOW_ADMIN_NO_SRP_AUTH",
],
AllowedOAuthFlows=["code", "implicit"],
ClientName=str(uuid.uuid4()),
CallbackURLs=["https://example.com"],
)
client_id = client["UserPoolClient"]["ClientId"]
username = str(uuid.uuid4())
temporary_password = "1TemporaryP@ssword"
cognito.admin_create_user(
UserPoolId=user_pool_id,
Username=username,
TemporaryPassword=temporary_password,
)
result = cognito.admin_initiate_auth(
UserPoolId=user_pool_id,
ClientId=client_id,
AuthFlow="ADMIN_NO_SRP_AUTH",
AuthParameters={"USERNAME": username, "PASSWORD": temporary_password},
)
# Verify the KID header is present in the token, and corresponds to the KID supplied by the public JWT # A newly created user is forced to set a new password
verify_kid_header(id_token) # This sets a new password and logs the user in (creates tokens)
password = "1F@kePassword"
result = cognito.respond_to_auth_challenge(
Session=result["Session"],
ClientId=client_id,
ChallengeName="NEW_PASSWORD_REQUIRED",
ChallengeResponses={"USERNAME": username, "NEW_PASSWORD": password},
)
#
id_token = result["AuthenticationResult"]["IdToken"]
# Verify the KID header is present in the token, and corresponds to the KID supplied by the public JWT
verify_kid_header(id_token)
def verify_kid_header(token): def verify_kid_header(token):