fix: wrong access token required claims (#139)

* Fix optionals claims * New behaviour of pydantic * New behaviour of pydantic * fix unittest * Fix description * Fix linting --------- Co-authored-by: Kristiyan Tashev <kristiyan.tashev@gfk.com>
Intility · Jun 24, 2023 · c3eb8de · c3eb8de
1 parent 2ff9aab
commit c3eb8de
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 8 deletions.
diff --git a/fastapi_azure_auth/user.py b/fastapi_azure_auth/user.py
@@ -38,7 +38,7 @@ class Claims(BaseModel):
         description='Specifies the expiration time before which the JWT can be accepted for processing.',
     )
     aio: Optional[str] = Field(
-        ...,
+        default=None,
         description='An internal claim used by Azure AD to record data for token reuse. Resources should not use this claim.',
     )
     name: Optional[str] = Field(
@@ -74,12 +74,12 @@ class Claims(BaseModel):
         description='Represents the tenant that the user is signing in to',
     )
     uti: Optional[str] = Field(
-        ...,
+        default=None,
         description='Token identifier claim, equivalent to jti in the JWT specification. Unique, per-token identifier that is case-sensitive.',
     )
     rh: Optional[str] = Field(
-        ...,
-        description='An internal claim used by Azure to revalidate tokens. Resources should not use this claim.',
+        default=None,
+        description='Token identifier claim, equivalent to jti in the JWT specification. Unique, per-token identifier that is case-sensitive.',
     )
     ver: Literal['1.0', '2.0'] = Field(
         ...,

diff --git a/tests/test_openapi_scheme.py b/tests/test_openapi_scheme.py
@@ -44,12 +44,9 @@
                     'iat',
                     'nbf',
                     'exp',
-                    'aio',
                     'sub',
                     'oid',
                     'tid',
-                    'uti',
-                    'rh',
                     'ver',
                     'claims',
                     'access_token',
@@ -147,7 +144,7 @@
                     'rh': {
                         'title': 'Rh',
                         'type': 'string',
-                        'description': 'An internal claim used by Azure to revalidate tokens. Resources should not use this claim.',
+                        'description': 'Token identifier claim, equivalent to jti in the JWT specification. Unique, per-token identifier that is case-sensitive.',
                     },
                     'ver': {
                         'title': 'Ver',

diff --git a/tests/test_guest_user.py → tests/test_user.py b/tests/test_guest_user.py → tests/test_user.py
@@ -1,7 +1,10 @@
+import calendar
+import datetime
 from typing import Dict
 
 import pytest
 
+from fastapi_azure_auth.user import User
 from fastapi_azure_auth.utils import is_guest
 
 
@@ -79,3 +82,26 @@
 )
 def test_guest_user(claims: Dict[str, str], expected: bool):
     assert is_guest(claims=claims) == expected
+
+
+def get_utc_now_as_unix_timestamp() -> int:
+    date = datetime.datetime.utcnow()
+    return calendar.timegm(date.utctimetuple())
+
+
+def test_user_missing_optionals():
+    user = User(
+        aud='Dummy',
+        tid='Dummy',
+        access_token='Dummy',
+        claims={'oid': 'Dummy oid'},
+        iss='https://dummy-platform.dummylogin.com/dummy-uid/v2.0/',
+        iat=get_utc_now_as_unix_timestamp(),
+        nbf=get_utc_now_as_unix_timestamp(),
+        exp=get_utc_now_as_unix_timestamp(),
+        sub='dummy-sub',
+        oid='dummy-oid',
+        ver='1.0',
+        scp='AccessAsUser',
+    )
+    assert user is not None