def test_user_can_get_access_refresh_and_delete_token_cookies_and_use_them( self): with override_api_settings(AUTH_COOKIE='Authorization', ): res = self.client.post( reverse('token_obtain_pair'), data={ User.USERNAME_FIELD: self.username, 'password': self.password, }, ) res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar') res = self.client.post(reverse('token_refresh'), ) res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar') res = self.client.post(reverse('token_delete'), ) res = self.view_get() self.assertEqual(res.status_code, 401) res = self.client.post(reverse('token_refresh'), ) self.assertEqual(res.status_code, 401)
def test_user_can_get_access_refresh_and_delete_sliding_token_cookies_and_use_them( self): with override_api_settings( AUTH_COOKIE='Authorization', AUTH_TOKEN_CLASSES=( 'rest_framework_simplejwt.tokens.SlidingToken', )): res = self.client.post( reverse('token_obtain_sliding'), data={ User.USERNAME_FIELD: self.username, 'password': self.password, }, ) res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar') res = self.client.post(reverse('token_refresh_sliding'), ) res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar') res = self.client.post(reverse('token_delete'), ) res = self.view_get() self.assertEqual(res.status_code, 401) res = self.client.post(reverse('token_refresh_sliding'), ) self.assertEqual(res.status_code, 401)
def test_user_can_get_access_and_refresh_tokens_and_use_them(self): res = self.client.post( reverse('token_obtain_pair'), data={ User.USERNAME_FIELD: self.username, 'password': self.password, }, ) access = res.data['access'] refresh = res.data['refresh'] self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], access) with override_api_settings(AUTH_TOKEN_CLASSES=('rest_framework_simplejwt.tokens.AccessToken',)): res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar') res = self.client.post( reverse('token_refresh'), data={'refresh': refresh}, ) access = res.data['access'] self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], access) with override_api_settings(AUTH_TOKEN_CLASSES=('rest_framework_simplejwt.tokens.AccessToken',)): res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar')
def test_user_can_get_access_refresh_and_delete_sliding_token_cookies_and_use_them( self): with override_api_settings( AUTH_COOKIE='Authorization', AUTH_TOKEN_CLASSES=( 'rest_framework_simplejwt.tokens.SlidingToken', )): client = self.client_class(enforce_csrf_checks=True) res = client.post( reverse('token_obtain_sliding'), data={ User.USERNAME_FIELD: self.username, 'password': self.password, }, ) csrf_cookie = res.wsgi_request.environ['CSRF_COOKIE'] client.cookies.load({settings.CSRF_COOKIE_NAME: csrf_cookie}) res = client.get(reverse(self.view_name)) self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar') res = client.post(reverse(self.view_name)) self.assertEqual(res.status_code, 403) self.assertTrue(REASON_BAD_TOKEN in res.data['detail']) res = client.post(reverse(self.view_name), **{settings.CSRF_HEADER_NAME: csrf_cookie}) self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar') res = client.post(reverse('token_refresh_sliding'), ) res = client.get(reverse(self.view_name)) self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar') res = client.post(reverse('token_delete'), ) res = client.get(reverse(self.view_name)) self.assertEqual(res.status_code, 401) res = client.post(reverse('token_refresh_sliding'), ) self.assertEqual(res.status_code, 401)
def test_user_can_auth_via_cookies_if_enabled(self): with override_api_settings(JWT_AUTH_COOKIE='test_cookie'): res = self.client.post( reverse('token_obtain_pair'), data={ User.USERNAME_FIELD: self.username, 'password': self.password, }, ) access = res.data['access'] refresh = res.data['refresh'] # verify that we received a cookie with the same token inside it self.assertIn(api_settings.JWT_AUTH_COOKIE, res.cookies) self.assertEqual( str(res.data), res.cookies.get(api_settings.JWT_AUTH_COOKIE).value) self.authenticate_with_cookie(api_settings.JWT_AUTH_COOKIE, access) with override_api_settings(AUTH_TOKEN_CLASSES=( 'rest_framework_simplejwt.tokens.AccessToken', )): res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar') res = self.client.post( reverse('token_refresh'), data={'refresh': refresh}, ) access = res.data['access'] self.authenticate_with_cookie(api_settings.JWT_AUTH_COOKIE, access) with override_api_settings(AUTH_TOKEN_CLASSES=( 'rest_framework_simplejwt.tokens.AccessToken', )): res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar')
def wrapper_method(self, *args, **kwargs): if self.view_name is None: raise ValueError('Must give value for `view_name` property') reverse_args = kwargs.pop('reverse_args', tuple()) reverse_kwargs = kwargs.pop('reverse_kwargs', dict()) query_string = kwargs.pop('query_string', None) url = reverse(self.view_name, args=reverse_args, kwargs=reverse_kwargs) if query_string is not None: url = url + '?{0}'.format(query_string) return getattr(self.client, action)(url, *args, **kwargs)
def wrapper_method(self, *args, **kwargs): if self.view_name is None: raise ValueError("Must give value for `view_name` property") reverse_args = kwargs.pop("reverse_args", tuple()) reverse_kwargs = kwargs.pop("reverse_kwargs", dict()) query_string = kwargs.pop("query_string", None) url = reverse(self.view_name, args=reverse_args, kwargs=reverse_kwargs) if query_string is not None: url = url + f"?{query_string}" return getattr(self.client, action)(url, *args, **kwargs)
def test_user_can_get_access_and_refresh_tokens_and_use_them(self): res = self.client.post( reverse("token_obtain_pair"), data={ User.USERNAME_FIELD: self.username, "password": self.password, }, ) access = res.data["access"] refresh = res.data["refresh"] self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], access) with override_api_settings(AUTH_TOKEN_CLASSES=( "rest_framework_simplejwt.tokens.AccessToken", )): res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data["foo"], "bar") res = self.client.post( reverse("token_refresh"), data={"refresh": refresh}, ) access = res.data["access"] self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], access) with override_api_settings(AUTH_TOKEN_CLASSES=( "rest_framework_simplejwt.tokens.AccessToken", )): res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data["foo"], "bar")
def test_wrong_auth_type(self): res = self.client.post( reverse('token_obtain_sliding'), data={ User.USERNAME_FIELD: self.username, 'password': self.password, }, ) token = res.data['token'] self.authenticate_with_token('Wrong', token) res = self.view_get() self.assertEqual(res.status_code, 401) self.assertIn('credentials were not provided', res.data['detail'])
def test_wrong_auth_type(self): res = self.client.post( reverse("token_obtain_sliding"), data={ User.USERNAME_FIELD: self.username, "password": self.password, }, ) token = res.data["token"] self.authenticate_with_token("Wrong", token) res = self.view_get() self.assertEqual(res.status_code, 401) self.assertIn("credentials were not provided", res.data["detail"])
def test_user_can_get_sliding_token_and_use_it(self): res = self.client.post( reverse('token_obtain_sliding'), data={ User.USERNAME_FIELD: self.username, 'password': self.password, }, ) token = res.data['token'] self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], token) with override_api_settings(AUTH_TOKEN_CLASSES=('rest_framework_simplejwt.tokens.SlidingToken',)): res = self.view_get() self.assertEqual(res.status_code, 200) self.assertEqual(res.data['foo'], 'bar')
def test_expired_token(self): old_lifetime = AccessToken.lifetime AccessToken.lifetime = timedelta(seconds=0) try: res = self.client.post( reverse('token_obtain_pair'), data={ User.USERNAME_FIELD: self.username, 'password': self.password, }, ) finally: AccessToken.lifetime = old_lifetime access = res.data['access'] self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], access) with override_api_settings(AUTH_TOKEN_CLASSES=('rest_framework_simplejwt.tokens.AccessToken',)): res = self.view_get() self.assertEqual(res.status_code, 401) self.assertEqual('token_not_valid', res.data['code'])