Jwt

[ricardo8990]

Agrega la autenticación por JWT para usar en aplicaciones internas

closes #77

[codecov]

Codecov Report

Merging #79 (aed0a32) into main (098522e) will not change coverage.
The diff coverage is 100.00%.

@@            Coverage Diff            @@
##              main       #79   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files           16        17    +1     
  Lines          420       445   +25     
=========================================
+ Hits           420       445   +25     

Flag	Coverage Δ
unittests	100.00% <100.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
cuenca/exc.py	100.00% <100.00%> (ø)
cuenca/http/client.py	100.00% <100.00%> (ø)
cuenca/jwt.py	100.00% <100.00%> (ø)
cuenca/version.py	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 098522e...aed0a32. Read the comment docs.

[matin]

also missing some form of docs on how to use JWT auth. At a minimum, it should be in README.md

[matin]

try block should only include one line of code

[matin]

huh? why take this approach?

[ricardo8990]

Payload in JWT tokens contain exp in base64 which indicates the datetime when the token will be invalid. So I'm extracting that part of the token to validate it before I send the request, this way I save one request saying that the token is expired.

[matin]

There are few cases in life where you should catch Exception. Why are you doing it in this case?

[ricardo8990]

There're a few cases here where this part of the code can generate an Exception:

• IndexError if the current token is malformed
• binascii.Error if the token can't be decoded with base64
• JSONDecodeError if the JSON is malformed
• I added one if the token is expired

All of this exceptions can happen if authed responded with an invalid token or the current token is somehow manipulated (which there should not be a reason you would want to do it). In any case, the token should be generated again.

If I include only one line of code per try block, I'd ended up having something like:

        try:
            payload_encoded = self.jwt_token.split('.')[1]
        except IndexError:
             self.jwt_token = None
       else:
           try:
                 payload = json.loads(base64.b64decode(f'{payload_encoded}=='))
           except (binascii.Error, JSONDecodeError):
               self.jwt_token = None
           else:
                if dt.datetime.utcfromtimestamp(
                    payload['exp']
                ) - dt.datetime.utcnow() <= dt.timedelta(minutes=5):
                    self.jwt_token = None

Which I think is way more confusing. I didn't see it necessary to create a new Exception since it's only going to be used here but I could clean it up by specify all the possible exceptions:

        try:
            payload_encoded = self.jwt_token.split('.')[1]
            payload = json.loads(base64.b64decode(f'{payload_encoded}=='))
            # Get a new token if there's less than 5 mins for the actual
            # to be expired
            if dt.datetime.utcfromtimestamp(
                payload['exp']
            ) - dt.datetime.utcnow() <= dt.timedelta(minutes=5):
                raise CustomException('Expired token')
        except (IndexError, binascii.Error, JSONDecodeError, CustomException):
            self.jwt_token = None

[matin]

Only one minor change. Otherwise, looks good!

[matin]

@ricardo8990 looks good. just need to rebase main

[matin]

@ricardo8990 can you release?