def test_auth_refresh__valid_token__returns_new_token(self): payload = JSONWebTokenAuthentication.jwt_create_payload( self.active_user) payload[ 'exp'] = payload['iat'] + 100 # add 100 seconds to issued at time auth_token = JSONWebTokenAuthentication.jwt_encode_payload(payload) refresh_response = call_auth_refresh_endpoint(self.client, auth_token) refresh_token = refresh_response.json()['token'] self.assertNotEqual(refresh_token, auth_token)
def test_auth_refresh__expired_token__returns_validation_error(self): payload = JSONWebTokenAuthentication.jwt_create_payload( self.active_user) payload['iat'] = 0 payload['exp'] = 1 auth_token = JSONWebTokenAuthentication.jwt_encode_payload(payload) expected_output = {'non_field_errors': [_('Token has expired.')]} refresh_response = call_auth_refresh_endpoint(self.client, auth_token) self.assertEqual(refresh_response.json(), expected_output)
def test_auth_refresh__without_orig_iat_in_payload__returns_validation_error( self): # create token without orig_iat in payload payload = JSONWebTokenAuthentication.jwt_create_payload( self.active_user) del payload['orig_iat'] auth_token = JSONWebTokenAuthentication.jwt_encode_payload(payload) expected_output = { 'non_field_errors': [_('orig_iat field not found in token.')] } response = call_auth_refresh_endpoint(self.client, auth_token) self.assertEqual(response.json(), expected_output)
def test_auth_refresh__with_JWT_ALLOW_REFRESH_disabled__returns_validation_error( self, mock_settings): mock_settings = setup_default_mocked_api_settings(mock_settings) mock_settings.JWT_ALLOW_REFRESH = False payload = JSONWebTokenAuthentication.jwt_create_payload( self.active_user) payload[ 'exp'] = payload['iat'] + 100 # add 100 seconds to issued at time auth_token = JSONWebTokenAuthentication.jwt_encode_payload(payload) expected_output = { 'non_field_errors': ['orig_iat field not found in token.'] } refresh_response = call_auth_refresh_endpoint(self.client, auth_token) self.assertEqual(refresh_response.json(), expected_output)
def test_auth_refresh__invalid_token__returns_validation_error(self): expected_output = {'non_field_errors': [_('Error decoding token.')]} response = call_auth_refresh_endpoint(self.client, "invalid_token") self.assertEqual(response.json(), expected_output)