def test_purge_expired_tokens(self):
""" Generate tokens with current time as expiration date/time.
That is, tokens are expired as soon as they are generated.
"""
for user in self.users:
token = generate_user_auth_token(user,
'password hash',
timeout=0)
auth_token = lookup_user_auth_token(user, token)
self.assertEqual(None, auth_token)
# As expired tokens are purged from the DB just before
# they are generated, the above should leave us with one
# expired token in the DB
query = Session.gql("WHERE expire_date <= :1", api.utcnow())
expired_tokens = query.count()
self.assertEqual(1, expired_tokens)
# Generate another token to trigger cache purging which
# should leave us with no expired sessions in the DB (as
# this token is generated with a future expiration date.)
token = generate_user_auth_token('fake user', 'password hash')
query = Session.gql("WHERE expire_date <= :1", api.utcnow())
expired_tokens = query.count()
self.assertEqual(0, expired_tokens)
def test_look_up_nonexistent_sessions(self):
for user in self.users:
token = generate_user_auth_token(user, 'password hash')
auth_token = lookup_user_auth_token('*****@*****.**',
'password hash')
self.assertEqual(None, auth_token)
auth_token = lookup_user_auth_token(user, 'some other password hash')
self.assertEqual(None, auth_token)
def test_sessions_should_be_cached(self):
for user in self.users:
token = generate_user_auth_token(user, 'password hash')
auth_token = lookup_user_auth_token(user, token)
self.assertEqual('password hash', auth_token)
