def get_object(self): backend = ModelBackend() self.token = self.request.GET['url_auth_token'] self.user = backend.parse_token(self.token) if self.user is None: raise PermissionDenied("bad token") return self.user
def setUp(self): self.backend = ModelBackend() self.user = User.objects.create_user(username='******', password='******') self.log = io.StringIO() self.handler = logging.StreamHandler(self.log) self.logger = logging.getLogger('sesame') self.logger.addHandler(self.handler) self.logger.setLevel(logging.DEBUG)
def setUp(self): self.user = User.objects.create_user(username='******', password='******') self.token = ModelBackend().create_token(self.user) self.bad_token = self.token.lower() self.log = io.StringIO() self.handler = logging.StreamHandler(self.log) self.logger = logging.getLogger('sesame') self.logger.addHandler(self.handler)
def get_object(self): backend = ModelBackend() try: self.token = self.request.GET['url_auth_token'] except KeyError: raise PermissionDenied("No auth token set") self.user = backend.parse_token(self.token) if self.user is None: raise PermissionDenied("bad token") return self.user
def test_inactive_user(self): self.user.is_active = False self.user.save() token = create_token(self.user) user = ModelBackend().authenticate(request=None, sesame=token) self.assertIsNone(user) self.assertLogsContain("Unknown or inactive user")
def test_token_with_max_age_override(self): token = create_token(self.user) user = ModelBackend().authenticate(request=None, sesame=token, max_age=-300) self.assertIsNone(user) self.assertLogsContain("Expired token")
def test_scoped_token(self): token = create_token(self.user, scope="test") user = ModelBackend().authenticate(request=None, sesame=token, scope="test") self.assertEqual(user, self.user) self.assertLogsContain("Valid token for user john in scope test")
class AuthMiddlewareTestCase(TestCase): def setUp(self): self.user = User.objects.create_user(username='******', password='******') self.token = ModelBackend().create_token(self.user) self.bad_token = self.token.lower() self.log = io.StringIO() self.handler = logging.StreamHandler(self.log) self.logger = logging.getLogger('sesame') self.logger.addHandler(self.handler) def tearDown(self): self.logger.removeHandler(self.handler) def test_token(self): response = self.client.get('/', {'url_auth_token': self.token}) self.assertEqual(response.content, b'john') def test_bad_token(self): response = self.client.get('/', {'url_auth_token': self.bad_token}) self.assertEqual(response.content, b'anonymous') def test_no_token(self): response = self.client.get('/') self.assertEqual(response.content, b'anonymous')
def test_token(self): token = create_token(self.user) user = ModelBackend().authenticate(request=None, sesame=token) self.assertEqual(user, self.user) self.assertLogsContain("Valid token for user john in default scope")
def test_bad_token(self): token = "~!@#$%^&*~!@#$%^&*~" user = ModelBackend().authenticate(request=None, sesame=token) self.assertIsNone(user) self.assertLogsContain("Bad token")
def test_no_token(self): token = None user = ModelBackend().authenticate(request=None, sesame=token) self.assertIsNone(user) self.assertNoLogs()
class TestModelBackend(TestCase): def setUp(self): self.backend = ModelBackend() self.user = User.objects.create_user(username='******', password='******') self.log = io.StringIO() self.handler = logging.StreamHandler(self.log) self.logger = logging.getLogger('sesame') self.logger.addHandler(self.handler) self.logger.setLevel(logging.DEBUG) def get_log(self): self.handler.flush() return self.log.getvalue() def tearDown(self): self.logger.removeHandler(self.handler) def test_authenticate(self): token = self.backend.create_token(self.user) user = self.backend.authenticate(url_auth_token=token) self.assertEqual(user, self.user) def test_token(self): token = self.backend.create_token(self.user) user = self.backend.parse_token(token) self.assertEqual(user, self.user) self.assertIn("Valid token for user john", self.get_log()) def test_invalid_token(self): token = self.backend.create_token(self.user) user = self.backend.parse_token(token.lower()) self.assertEqual(user, None) self.assertIn("Invalid token", self.get_log()) def test_unknown_token(self): token = self.backend.create_token(self.user) self.user.delete() user = self.backend.parse_token(token) self.assertEqual(user, None) self.assertIn("Unknown token", self.get_log()) def test_expired_token(self): token = self.backend.create_token(self.user) self.user.set_password('hunter2') self.user.save() user = self.backend.parse_token(token) self.assertEqual(user, None) self.assertIn("Expired token", self.get_log()) def test_type_error_is_logged(self): def raise_type_error(*args): raise TypeError self.backend.parse_token = raise_type_error with self.assertRaises(TypeError): self.backend.authenticate(None) self.assertIn("TypeError", self.get_log())