Slurm JWT Checks: Fix tests

The previous change in a1a9e9d meant that the test data now failed.
DiamondLightSource · Jun 13, 2024 · 760661f · 760661f
1 parent a1a9e9d
commit 760661f
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 4 deletions.
diff --git a/src/zocalo/util/slurm/__init__.py b/src/zocalo/util/slurm/__init__.py
@@ -21,9 +21,24 @@ def validate_is_jwt(token: str) -> bool:
     header, payload, _ = token.split(".")
     try:
         # Check both header and payload are valid base64-encoded json objects
+        # Note that JWT are Base64URL, which might not have padding.
         if not (
-            isinstance(json.loads(base64.b64decode(header, validate=True)), dict)
-            and isinstance(json.loads(base64.b64decode(payload, validate=True)), dict)
+            isinstance(
+                json.loads(
+                    base64.urlsafe_b64decode(
+                        header + "=" * (4 - len(header) % 4)
+                    ).decode()
+                ),
+                dict,
+            )
+            and isinstance(
+                json.loads(
+                    base64.urlsafe_b64decode(
+                        payload + "=" * (4 - len(payload) % 4)
+                    ).decode()
+                ),
+                dict,
+            )
         ):
             return False
     except (binascii.Error, json.JSONDecodeError):

diff --git a/tests/util/test_slurm.py b/tests/util/test_slurm.py
@@ -4,14 +4,17 @@
 import zocalo.configuration
 from zocalo.util import slurm
 
+# A sample (valid but not useful) JWT token
+SAMPLE_JWT_TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
+
 
 @pytest.fixture
 def zocalo_configuration(mocker):
     zc = mocker.MagicMock(zocalo.configuration.Configuration)
     zc.slurm = {
         "url": "http://slurm.example.com:1234",
         "user": "foo",
-        "user_token": "sometoken",
+        "user_token": SAMPLE_JWT_TOKEN,
         "api_version": "v0.0.40",
     }
     return zc
@@ -229,7 +232,7 @@ def test_get_slurm_api_from_zocalo_configuration(slurm_api):
     assert slurm_api.url == "http://slurm.example.com:1234"
     assert slurm_api.version == "v0.0.40"
     assert slurm_api.user_name == "foo"
-    assert slurm_api.user_token == "sometoken"
+    assert slurm_api.user_token == SAMPLE_JWT_TOKEN
 
 
 def test_get_slurm_api_user_token_external_file(tmp_path):