zwf
75 lines
2.1 KiB
Python
75 lines
2.1 KiB
Python
"""
|
|
测试 JWT 令牌编解码功能。
|
|
使用 mock 配置,不依赖真实密钥文件。
|
|
"""
|
|
|
|
import time
|
|
|
|
import pytest
|
|
|
|
from paste.security.token import encode_token, decode_token
|
|
|
|
|
|
class TestJwtToken:
|
|
"""JWT 令牌测试"""
|
|
|
|
def test_encode_decode_basic(self):
|
|
"""基础编解码测试"""
|
|
payload = {
|
|
'user_id': 123,
|
|
'username': 'test_user',
|
|
'role': 'admin',
|
|
}
|
|
token = encode_token(**payload)
|
|
assert token is not None
|
|
assert isinstance(token, str)
|
|
assert len(token) > 0
|
|
|
|
decoded = decode_token(token)
|
|
assert decoded is not None
|
|
assert decoded.get('params', {}).get('user_id') == 123
|
|
|
|
def test_token_contains_expected_fields(self):
|
|
"""验证 token 包含必要字段"""
|
|
payload = {'user_id': 456, 'username': 'demo'}
|
|
token = encode_token(**payload)
|
|
decoded = decode_token(token)
|
|
|
|
# 标准 JWT 字段
|
|
assert 'iss' in decoded, "Token should have issuer"
|
|
assert 'iat' in decoded, "Token should have issued-at time"
|
|
assert 'exp' in decoded, "Token should have expiration time"
|
|
|
|
# 自定义字段
|
|
params = decoded.get('params', {})
|
|
assert params.get('user_id') == 456
|
|
assert params.get('username') == 'demo'
|
|
|
|
def test_token_expiration(self):
|
|
"""验证 token 过期机制"""
|
|
payload = {
|
|
'user_id': 789,
|
|
'username': 'expired_user',
|
|
'exp': int(time.time()) - 3600, # 1小时前过期
|
|
}
|
|
token = encode_token(**payload)
|
|
|
|
with pytest.raises(Exception):
|
|
decode_token(token)
|
|
|
|
def test_token_tampering(self):
|
|
"""验证 token 防篡改"""
|
|
payload = {'user_id': 999, 'username': 'hacker'}
|
|
token = encode_token(**payload)
|
|
|
|
# 篡改 token
|
|
tampered_token = token[:-5] + 'XXXXX'
|
|
|
|
with pytest.raises(Exception):
|
|
decode_token(tampered_token)
|
|
|
|
def test_empty_payload(self):
|
|
"""空 payload 处理"""
|
|
token = encode_token()
|
|
decoded = decode_token(token)
|
|
assert decoded is not None |