def test_auth_refresh__valid_token__returns_new_token(self):
payload = JSONWebTokenAuthentication.jwt_create_payload(
self.active_user)
payload[
'exp'] = payload['iat'] + 100 # add 100 seconds to issued at time
auth_token = JSONWebTokenAuthentication.jwt_encode_payload(payload)
refresh_response = call_auth_refresh_endpoint(self.client, auth_token)
refresh_token = refresh_response.json()['token']
self.assertNotEqual(refresh_token, auth_token)
def test_auth_refresh__expired_token__returns_validation_error(self):
payload = JSONWebTokenAuthentication.jwt_create_payload(
self.active_user)
payload['iat'] = 0
payload['exp'] = 1
auth_token = JSONWebTokenAuthentication.jwt_encode_payload(payload)
expected_output = {'non_field_errors': [_('Token has expired.')]}
refresh_response = call_auth_refresh_endpoint(self.client, auth_token)
self.assertEqual(refresh_response.json(), expected_output)
def test_auth_refresh__without_orig_iat_in_payload__returns_validation_error(
self):
# create token without orig_iat in payload
payload = JSONWebTokenAuthentication.jwt_create_payload(
self.active_user)
del payload['orig_iat']
auth_token = JSONWebTokenAuthentication.jwt_encode_payload(payload)
expected_output = {
'non_field_errors': [_('orig_iat field not found in token.')]
}
response = call_auth_refresh_endpoint(self.client, auth_token)
self.assertEqual(response.json(), expected_output)
def test_auth_refresh__with_JWT_ALLOW_REFRESH_disabled__returns_validation_error(
self, mock_settings):
mock_settings = setup_default_mocked_api_settings(mock_settings)
mock_settings.JWT_ALLOW_REFRESH = False
payload = JSONWebTokenAuthentication.jwt_create_payload(
self.active_user)
payload[
'exp'] = payload['iat'] + 100 # add 100 seconds to issued at time
auth_token = JSONWebTokenAuthentication.jwt_encode_payload(payload)
expected_output = {
'non_field_errors': ['orig_iat field not found in token.']
}
refresh_response = call_auth_refresh_endpoint(self.client, auth_token)
self.assertEqual(refresh_response.json(), expected_output)
def test_auth_refresh__invalid_token__returns_validation_error(self):
expected_output = {'non_field_errors': [_('Error decoding token.')]}
response = call_auth_refresh_endpoint(self.client, "invalid_token")
self.assertEqual(response.json(), expected_output)
