def test_auth_verify__valid_token__returns_same_token(self):
auth_response = call_auth_endpoint(self.client, "foobar", "foo")
auth_token = auth_response.json()['token']
verify_response = call_auth_verify_endpoint(self.client, auth_token)
verify_token = verify_response.json()['token']
self.assertEqual(verify_token, auth_token)
def test_auth__valid_credentials__returns_jwt_token(self):
response = call_auth_endpoint(self.client, "foobar", "foo")
token = response.json()['token']
payload = JSONWebTokenAuthentication.jwt_decode_token(token)
self.assertEqual(response.status_code, HTTP_200_OK)
self.assertEqual(payload['user_id'], self.active_user.id)
self.assertEqual(payload['username'], self.active_user.get_username())
def test_auth__empty_credentials__returns_validation_error(self):
expected_output = {
'password': [_('This field may not be blank.')],
'username': [_('This field may not be blank.')]
}
response = call_auth_endpoint(self.client, "", "")
self.assertEqual(response.json(), expected_output)
def test_view__authenticated(self):
auth_response = call_auth_endpoint(self.client, "foobar", "foo")
token = auth_response.json()["token"]
self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + token)
url = reverse('test-view')
response = self.client.get(url)
self.assertEqual(response.status_code, HTTP_200_OK)
def test_auth__invalid_credentials__returns_validation_error(self):
expected_output = {
'non_field_errors':
[_('Unable to log in with provided credentials.')]
}
response = call_auth_endpoint(self.client, "invalid_username",
"invalid_password")
self.assertEqual(response.json(), expected_output)
def test_auth__valid_credentials_with_auth_cookie_settings__returns_jwt_token_and_cookie(
self, mock_settings):
auth_cookie = 'jwt-auth'
# Use default settings and override JWT_AUTH_COOKIE setting
mock_settings = setup_default_mocked_api_settings(mock_settings)
mock_settings.JWT_AUTH_COOKIE = auth_cookie
response = call_auth_endpoint(self.client, "foobar", "foo")
self.assertEqual(response.status_code, HTTP_200_OK)
self.assertIn('token', force_text(response.content))
self.assertIn(auth_cookie, response.client.cookies)
def test_auth__valid_credentials_with_no_user_id_setting__returns_jwt_token(
self, mock_settings):
mock_settings = setup_default_mocked_api_settings(mock_settings)
mock_settings.JWT_PAYLOAD_INCLUDE_USER_ID = False
response = call_auth_endpoint(self.client, "foobar", "foo")
token = response.json()['token']
payload = JSONWebTokenAuthentication.jwt_decode_token(token)
self.assertEqual(response.status_code, HTTP_200_OK)
self.assertNotIn('user_id', payload)
self.assertEqual(payload['username'], self.active_user.get_username())
def test_auth__valid_credentials_with_JWT_GET_USER_SECRET_KEY_handler_set__returns_jwt_token(
self, mock_settings):
# Use default settings and override JWT_GET_USER_SECRET_KEY setting
mock_settings = setup_default_mocked_api_settings(mock_settings)
mock_settings.JWT_GET_USER_SECRET_KEY = jwt_get_user_secret_key
response = call_auth_endpoint(self.client, "foobar", "foo")
token = response.json()['token']
payload = JSONWebTokenAuthentication.jwt_decode_token(token)
self.assertEqual(response.status_code, HTTP_200_OK)
self.assertEqual(payload['user_id'], self.active_user.id)
self.assertEqual(payload['username'], self.active_user.get_username())
def test_view__auth_cookie(self, auth_mock_settings, views_mock_settings):
auth_cookie = 'jwt-auth'
# Use default settings and override JWT_AUTH_COOKIE setting
auth_mock_settings = \
setup_default_mocked_api_settings(auth_mock_settings)
views_mock_settings = \
setup_default_mocked_api_settings(views_mock_settings)
auth_mock_settings.JWT_AUTH_COOKIE = auth_cookie
views_mock_settings.JWT_AUTH_COOKIE = auth_cookie
response = call_auth_endpoint(self.client, "foobar", "foo")
url = reverse('test-view')
response = response.client.get(url)
self.assertEqual(response.status_code, HTTP_200_OK)
def test_auth__valid_credentials_with_aud_and_iss_settings__returns_jwt_token(
self, mock_settings):
# Use default settings and override JWT_AUDIENCE and JWT_ISSUER settings
mock_settings = setup_default_mocked_api_settings(mock_settings)
mock_settings.JWT_AUDIENCE = 'test-aud'
mock_settings.JWT_ISSUER = 'test-iss'
response = call_auth_endpoint(self.client, "foobar", "foo")
token = response.json()['token']
payload = JSONWebTokenAuthentication.jwt_decode_token(token)
self.assertEqual(response.status_code, HTTP_200_OK)
self.assertEqual(payload['aud'], mock_settings.JWT_AUDIENCE)
self.assertEqual(payload['iss'], mock_settings.JWT_ISSUER)
self.assertEqual(payload['user_id'], self.active_user.id)
self.assertEqual(payload['username'], self.active_user.get_username())