def test_invalid_token(self):
request = Request(request=self.request_factory.get(
'/', HTTP_AUTHORIZATION='Token INVALID-TOKEN'),
authenticators=[SecureTokenAuthentication()])
with self.assertRaises(exceptions.AuthenticationFailed):
request._authenticate()
def test_ignoring_marked_for_delete_tokens(self):
token = Token.objects.create(user=self.user)
now = timezone.now()
Token.objects.update(expire_in=now - timedelta(seconds=5),
dead_in=now + timedelta(seconds=5),
marked_for_delete=True)
request = Request(request=self.request_factory.get(
'/', HTTP_AUTHORIZATION='Token %s' % token),
authenticators=[SecureTokenAuthentication()])
request._authenticate()
response = HttpResponse()
middleware = UpdateTokenMiddleware()
response = middleware.process_response(request._request, response)
new_token = response.get('X-Token', None)
self.assertIsNone(new_token)
def test_token_updating(self):
token = Token.objects.create(user=self.user)
now = timezone.now()
Token.objects.update(expire_in=now - timedelta(seconds=5), dead_in=now + timedelta(seconds=5))
request = Request(
request=self.request_factory.get('/', HTTP_AUTHORIZATION='Token {0}'.format(token)),
authenticators=[SecureTokenAuthentication()],
)
request._authenticate()
response = HttpResponse()
middleware = UpdateTokenMiddleware()
response = middleware.process_response(request._request, response)
new_token = response.get('X-Token', None)
self.assertIsNotNone(new_token)
new_token = Token.objects.get(key=new_token)
self.assertEqual(new_token.user, self.user)
old_token = Token.objects.get(id=token.id)
self.assertTrue(old_token.marked_for_delete)
