diff --git a/rain_api_core/view_util.py b/rain_api_core/view_util.py index 5428f25..b1750db 100644 --- a/rain_api_core/view_util.py +++ b/rain_api_core/view_util.py @@ -181,12 +181,8 @@ def decode_jwt_payload(jwt_payload: str, algo: str = JWT_ALGO) -> dict: return {} if os.getenv("BLACKLIST_ENDPOINT"): - try: - if is_jwt_blacklisted(cookiedecoded): - return {} - except Exception as e: - # TODO(reweeden): This error handling should be moved into `is_jwt_blacklisted` and/or `set_jwt_blacklist` - log.debug(f"Received the following error while checking the given JWT against the blacklist: {e}") + if is_jwt_blacklisted(cookiedecoded): + return {} else: log.debug('No environment variable BLACKLIST_ENDPOINT') @@ -212,23 +208,27 @@ def make_set_cookie_headers_jwt(payload: dict, expdate: str = '', cookie_domain: def is_jwt_blacklisted(decoded_jwt: dict) -> bool: - set_jwt_blacklist() - urs_user_id = decoded_jwt["urs-user-id"] - blacklist = JWT_BLACKLIST["blacklist"] - user_blacklist_time = blacklist.get(urs_user_id) - - if user_blacklist_time is not None: - jwt_mint_time = decoded_jwt["iat"] - log.debug(f"JWT was minted @: {jwt_mint_time}, the Blacklist is for cookies BEFORE: {user_blacklist_time}") - - if user_blacklist_time >= jwt_mint_time: - log.info(f"User {urs_user_id}'s JWT was minted before blacklist date and is INVALID") - return True - else: - log.info(f"User {urs_user_id}s JWT was minted AFTER blacklist date and is still VALID") - - log.info(f"User {urs_user_id} is NOT in the blacklist") - return False + try: + set_jwt_blacklist() + urs_user_id = decoded_jwt["urs-user-id"] + blacklist = JWT_BLACKLIST["blacklist"] + user_blacklist_time = blacklist.get(urs_user_id) + + if user_blacklist_time is not None: + jwt_mint_time = decoded_jwt["iat"] + log.debug(f"JWT was minted @: {jwt_mint_time}, the Blacklist is for cookies BEFORE: {user_blacklist_time}") + + if user_blacklist_time >= jwt_mint_time: + log.info(f"User {urs_user_id}'s JWT was minted before blacklist date and is INVALID") + return True + else: + log.info(f"User {urs_user_id}s JWT was minted AFTER blacklist date and is still VALID") + + log.info(f"User {urs_user_id} is NOT in the blacklist") + return False + except Exception: + log.debug("Error checking JWT against the blacklist", exc_info=True) + return False def set_jwt_blacklist() -> dict: diff --git a/tests/test_view_util.py b/tests/test_view_util.py index 0bcf842..ced7c77 100644 --- a/tests/test_view_util.py +++ b/tests/test_view_util.py @@ -343,24 +343,6 @@ def test_decode_jwt_payload_blacklist( assert decode_jwt_payload(encoded) == payload -@mock.patch(f"{MODULE}.is_jwt_blacklisted", autospec=True) -@mock.patch(f"{MODULE}.get_jwt_keys", autospec=True) -def test_decode_jwt_payload_blacklist_error( - mock_get_jwt_keys, - mock_is_jwt_blacklisted, - jwt_pub_key, - jwt_priv_key, - monkeypatch -): - mock_get_jwt_keys.return_value = {"rsa_pub_key": jwt_pub_key} - mock_is_jwt_blacklisted.side_effect = Exception("Test exception") - monkeypatch.setenv("BLACKLIST_ENDPOINT", "true") - payload = {"foo": "bar"} - - encoded = jwt.encode(payload, jwt_priv_key, algorithm="RS256") - assert decode_jwt_payload(encoded) == payload - - @mock.patch(f"{MODULE}.make_jwt_payload", autospec=True) @mock.patch(f"{MODULE}.get_cookie_expiration_date_str", autospec=True) def test_make_set_cookie_headers_jwt(mock_get_cookie_expiration_date_str, mock_make_jwt_payload): @@ -395,6 +377,13 @@ def test_is_jwt_blacklisted(jwt_blacklist, mock_set_jwt_blacklist): assert is_jwt_blacklisted({"urs-user-id": "other_user", "iat": 10}) is False +@mock.patch(f"{MODULE}.set_jwt_blacklist", autospec=True) +def test_is_jwt_blacklisted_error(mock_set_jwt_blacklist): + mock_set_jwt_blacklist.side_effect = Exception("Test exception") + + assert is_jwt_blacklisted({"urs-user-id": "user_id", "iat": 10}) is False + + @mock.patch(f"{MODULE}.time", autospec=True) @mock.patch(f"{MODULE}.urllib.request", autospec=True) @mock.patch(f"{MODULE}.JWT_BLACKLIST", new_callable=dict)