def test_returns_tokens_on_successful_auth(self, auth_mock: Mock) -> None:
auth_mock.return_value = self.user
serializer = TokenObtainSerializer(data={})
self.assertTrue(serializer.is_valid())
self.assertTrue(auth_mock.called)
self.assertIn("refresh", serializer.validated_data)
self.assertIn("access", serializer.validated_data)
def test_token_signed_with_secret_key(self, auth_mock: Mock) -> None:
auth_mock.return_value = self.user
serializer = TokenObtainSerializer(data={})
self.assertTrue(serializer.is_valid())
access_token = serializer.validated_data.get("access")
jwt.decode(access_token, settings.SECRET_KEY, verify=True)
with self.assertRaises(InvalidSignatureError):
jwt.decode(access_token, "not secret key", verify=True)
def test_token_contains_username_and_id(self, auth_mock: Mock) -> None:
auth_mock.return_value = self.user
serializer = TokenObtainSerializer(data={})
self.assertTrue(serializer.is_valid())
self.assertIn("access", serializer.validated_data)
access_token = serializer.validated_data.get("access")
data = jwt.decode(access_token, verify=False)
self.assertDictContainsSubset(
{"username": self.user.username, "user_id": self.user.id}, data
)
def test_raises_authentication_error_on_no_user(self, auth_mock: Mock) -> None:
auth_mock.return_value = None
serializer = TokenObtainSerializer(data={})
with self.assertRaises(AuthenticationFailed):
serializer.is_valid()
def test_data_is_ignored(self, auth_mock: Mock) -> None:
auth_mock.return_value = self.user
serializer = TokenObtainSerializer(data={"username": "******"})
self.assertTrue(serializer.is_valid())
self.assertNotIn("username", serializer.validated_data)