def get_object(self):
backend = ModelBackend()
self.token = self.request.GET['url_auth_token']
self.user = backend.parse_token(self.token)
if self.user is None:
raise PermissionDenied("bad token")
return self.user
def setUp(self):
self.backend = ModelBackend()
self.user = User.objects.create_user(username='******', password='******')
self.log = io.StringIO()
self.handler = logging.StreamHandler(self.log)
self.logger = logging.getLogger('sesame')
self.logger.addHandler(self.handler)
self.logger.setLevel(logging.DEBUG)
def setUp(self):
self.user = User.objects.create_user(username='******', password='******')
self.token = ModelBackend().create_token(self.user)
self.bad_token = self.token.lower()
self.log = io.StringIO()
self.handler = logging.StreamHandler(self.log)
self.logger = logging.getLogger('sesame')
self.logger.addHandler(self.handler)
def get_object(self):
backend = ModelBackend()
try:
self.token = self.request.GET['url_auth_token']
except KeyError:
raise PermissionDenied("No auth token set")
self.user = backend.parse_token(self.token)
if self.user is None:
raise PermissionDenied("bad token")
return self.user
def test_inactive_user(self):
self.user.is_active = False
self.user.save()
token = create_token(self.user)
user = ModelBackend().authenticate(request=None, sesame=token)
self.assertIsNone(user)
self.assertLogsContain("Unknown or inactive user")
def test_token_with_max_age_override(self):
token = create_token(self.user)
user = ModelBackend().authenticate(request=None,
sesame=token,
max_age=-300)
self.assertIsNone(user)
self.assertLogsContain("Expired token")
def test_scoped_token(self):
token = create_token(self.user, scope="test")
user = ModelBackend().authenticate(request=None,
sesame=token,
scope="test")
self.assertEqual(user, self.user)
self.assertLogsContain("Valid token for user john in scope test")
class AuthMiddlewareTestCase(TestCase):
def setUp(self):
self.user = User.objects.create_user(username='******', password='******')
self.token = ModelBackend().create_token(self.user)
self.bad_token = self.token.lower()
self.log = io.StringIO()
self.handler = logging.StreamHandler(self.log)
self.logger = logging.getLogger('sesame')
self.logger.addHandler(self.handler)
def tearDown(self):
self.logger.removeHandler(self.handler)
def test_token(self):
response = self.client.get('/', {'url_auth_token': self.token})
self.assertEqual(response.content, b'john')
def test_bad_token(self):
response = self.client.get('/', {'url_auth_token': self.bad_token})
self.assertEqual(response.content, b'anonymous')
def test_no_token(self):
response = self.client.get('/')
self.assertEqual(response.content, b'anonymous')
class AuthMiddlewareTestCase(TestCase):
def setUp(self):
self.user = User.objects.create_user(username='******', password='******')
self.token = ModelBackend().create_token(self.user)
self.bad_token = self.token.lower()
self.log = io.StringIO()
self.handler = logging.StreamHandler(self.log)
self.logger = logging.getLogger('sesame')
self.logger.addHandler(self.handler)
def tearDown(self):
self.logger.removeHandler(self.handler)
def test_token(self):
response = self.client.get('/', {'url_auth_token': self.token})
self.assertEqual(response.content, b'john')
def test_bad_token(self):
response = self.client.get('/', {'url_auth_token': self.bad_token})
self.assertEqual(response.content, b'anonymous')
def test_no_token(self):
response = self.client.get('/')
self.assertEqual(response.content, b'anonymous')
def setUp(self):
self.backend = ModelBackend()
self.user = User.objects.create_user(username='******', password='******')
self.log = io.StringIO()
self.handler = logging.StreamHandler(self.log)
self.logger = logging.getLogger('sesame')
self.logger.addHandler(self.handler)
self.logger.setLevel(logging.DEBUG)
def setUp(self):
self.user = User.objects.create_user(username='******', password='******')
self.token = ModelBackend().create_token(self.user)
self.bad_token = self.token.lower()
self.log = io.StringIO()
self.handler = logging.StreamHandler(self.log)
self.logger = logging.getLogger('sesame')
self.logger.addHandler(self.handler)
def test_token(self):
token = create_token(self.user)
user = ModelBackend().authenticate(request=None, sesame=token)
self.assertEqual(user, self.user)
self.assertLogsContain("Valid token for user john in default scope")
def test_bad_token(self):
token = "~!@#$%^&*~!@#$%^&*~"
user = ModelBackend().authenticate(request=None, sesame=token)
self.assertIsNone(user)
self.assertLogsContain("Bad token")
def test_no_token(self):
token = None
user = ModelBackend().authenticate(request=None, sesame=token)
self.assertIsNone(user)
self.assertNoLogs()
class TestModelBackend(TestCase):
def setUp(self):
self.backend = ModelBackend()
self.user = User.objects.create_user(username='******', password='******')
self.log = io.StringIO()
self.handler = logging.StreamHandler(self.log)
self.logger = logging.getLogger('sesame')
self.logger.addHandler(self.handler)
self.logger.setLevel(logging.DEBUG)
def get_log(self):
self.handler.flush()
return self.log.getvalue()
def tearDown(self):
self.logger.removeHandler(self.handler)
def test_authenticate(self):
token = self.backend.create_token(self.user)
user = self.backend.authenticate(url_auth_token=token)
self.assertEqual(user, self.user)
def test_token(self):
token = self.backend.create_token(self.user)
user = self.backend.parse_token(token)
self.assertEqual(user, self.user)
self.assertIn("Valid token for user john", self.get_log())
def test_invalid_token(self):
token = self.backend.create_token(self.user)
user = self.backend.parse_token(token.lower())
self.assertEqual(user, None)
self.assertIn("Invalid token", self.get_log())
def test_unknown_token(self):
token = self.backend.create_token(self.user)
self.user.delete()
user = self.backend.parse_token(token)
self.assertEqual(user, None)
self.assertIn("Unknown token", self.get_log())
def test_expired_token(self):
token = self.backend.create_token(self.user)
self.user.set_password('hunter2')
self.user.save()
user = self.backend.parse_token(token)
self.assertEqual(user, None)
self.assertIn("Expired token", self.get_log())
def test_type_error_is_logged(self):
def raise_type_error(*args):
raise TypeError
self.backend.parse_token = raise_type_error
with self.assertRaises(TypeError):
self.backend.authenticate(None)
self.assertIn("TypeError", self.get_log())
class TestModelBackend(TestCase):
def setUp(self):
self.backend = ModelBackend()
self.user = User.objects.create_user(username='******', password='******')
self.log = io.StringIO()
self.handler = logging.StreamHandler(self.log)
self.logger = logging.getLogger('sesame')
self.logger.addHandler(self.handler)
self.logger.setLevel(logging.DEBUG)
def get_log(self):
self.handler.flush()
return self.log.getvalue()
def tearDown(self):
self.logger.removeHandler(self.handler)
def test_authenticate(self):
token = self.backend.create_token(self.user)
user = self.backend.authenticate(url_auth_token=token)
self.assertEqual(user, self.user)
def test_token(self):
token = self.backend.create_token(self.user)
user = self.backend.parse_token(token)
self.assertEqual(user, self.user)
self.assertIn("Valid token for user john", self.get_log())
def test_invalid_token(self):
token = self.backend.create_token(self.user)
user = self.backend.parse_token(token.lower())
self.assertEqual(user, None)
self.assertIn("Invalid token", self.get_log())
def test_unknown_token(self):
token = self.backend.create_token(self.user)
self.user.delete()
user = self.backend.parse_token(token)
self.assertEqual(user, None)
self.assertIn("Unknown token", self.get_log())
def test_expired_token(self):
token = self.backend.create_token(self.user)
self.user.set_password('hunter2')
self.user.save()
user = self.backend.parse_token(token)
self.assertEqual(user, None)
self.assertIn("Expired token", self.get_log())
def test_type_error_is_logged(self):
def raise_type_error(*args):
raise TypeError
self.backend.parse_token = raise_type_error
with self.assertRaises(TypeError):
self.backend.authenticate(None)
self.assertIn("TypeError", self.get_log())
