def test_user_retrieval_from_token(self):
clock = mock_datetime.MockDatetime()
u = self.make_user("userid1", "credential version 0")
token = tokens.AuthToken.for_user(u, clock)
retrieved = tokens.AuthToken.get_user_for_value(
token.value, user_models.UserData.get_from_user_id, clock)
self.assertEquals(retrieved.key(), u.key())
def test_auth_token_parses(self):
clock = mock_datetime.MockDatetime()
u = self.make_user("userid1", "credential version 0")
token = tokens.AuthToken.for_user(u, clock)
parsed = tokens.AuthToken.for_value(token.value)
time_to_expiry = datetime.timedelta(30)
self.assertTrue(parsed.is_valid(u, time_to_expiry, clock))
def test_pw_reset_token_does_not_reset_pw_until_used(self):
clock = mock_datetime.MockDatetime()
u = self.make_user("userid1")
u.set_password("seekrit one")
pw_token = tokens.PasswordResetToken.for_user(u, clock)
self.assertTrue(pw_token.is_valid(u, datetime.timedelta(1), clock))
# Didn't use the token-just issued it, so the existing pw should work
self.assertTrue(u.validate_password("seekrit one"))
def test_pw_reset_token_resets_on_subsequent_creations(self):
clock = mock_datetime.MockDatetime()
u = self.make_user("userid1", "credential version 0")
token1 = tokens.PasswordResetToken.for_user(u, clock)
self.assertTrue(token1.is_valid(u, datetime.timedelta(1), clock))
token2 = tokens.PasswordResetToken.for_user(u, clock)
self.assertFalse(token1.is_valid(u, datetime.timedelta(1), clock))
self.assertTrue(token2.is_valid(u, datetime.timedelta(1), clock))
def test_pw_reset_token_should_be_single_use(self):
clock = mock_datetime.MockDatetime()
u = self.make_user("userid1")
u.set_password("seekrit one")
pw_token = tokens.PasswordResetToken.for_user(u, clock)
self.assertTrue(pw_token.is_valid(u, datetime.timedelta(1), clock))
u.set_password("seekrit two")
self.assertFalse(pw_token.is_valid(u, datetime.timedelta(1), clock))
def test_token_invalidates_properly(self):
clock = mock_datetime.MockDatetime()
u = self.make_user("userid1", "credential version 0")
token = tokens.AuthToken.for_user(u, clock)
time_to_expiry = datetime.timedelta(30)
self.assertTrue(token.is_valid(u, time_to_expiry, clock))
# Pretend the user changed her password.
u.credential_version = "credential version 1"
u.put()
self.assertFalse(token.is_valid(u, time_to_expiry, clock))
def test_token_expires_properly(self):
clock = mock_datetime.MockDatetime()
u = self.make_user("userid1", "credential version 0")
token = tokens.AuthToken.for_user(u, clock)
time_to_expiry = datetime.timedelta(30)
self.assertTrue(token.is_valid(u, time_to_expiry, clock))
# The day before expiry
clock.advance_days(29)
self.assertTrue(token.is_valid(u, time_to_expiry, clock))
# Right at expiring point!
clock.advance_days(1)
self.assertTrue(token.is_valid(u, time_to_expiry, clock))
# Tick - it's now stale.
clock.advance(datetime.timedelta(seconds=1))
self.assertFalse(token.is_valid(u, time_to_expiry, clock))
def test_timestamp_creation(self):
clock = mock_datetime.MockDatetime()
def assertDatetimeSerializes():
now = clock.utcnow()
timestamp = tokens._to_timestamp(now)
self.assertEquals(now, tokens._from_timestamp(timestamp))
assertDatetimeSerializes()
clock.advance_days(1)
assertDatetimeSerializes()
clock.advance_days(30)
assertDatetimeSerializes()
clock.advance_days(366)
assertDatetimeSerializes()
clock.advance(datetime.timedelta(seconds=1))
assertDatetimeSerializes()
clock.advance(datetime.timedelta(microseconds=1))
assertDatetimeSerializes()