def test_auth_user_is_allowed_to_revoke_tokens(self):
user = factories.User()
token = model.ApiToken(user[u"id"])
model.Session.add(token)
model.Session.commit()
helpers.call_auth(u"api_token_revoke", {
u"model": model,
u"user": user[u"name"]
}, jti=token.id)
def test_auth_user_is_allowed_to_revoke_unowned_tokens(self):
owner = factories.User()
not_owner = factories.User()
token = model.ApiToken(owner[u"id"])
model.Session.add(token)
model.Session.commit()
with pytest.raises(logic.NotAuthorized):
helpers.call_auth(u"api_token_revoke", {
u"model": model,
u"user": not_owner[u"name"]
}, jti=token.id)