def test_process_google_token_invalid_token():
allow(id_token).verify_oauth2_token.and_raise(
ValueError('Token Error'))
with pytest.raises(NotAuthenticated) as exec_info:
SessionService.process_google_token('valid_token')
assert exec_info.value.detail.code == INVALID_GOOGLE_TOKEN_ID['code']
def post(self, request, **kwargs):
"""Clear all application sessions."""
serializer = RefreshTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
SessionService.drop_session(serializer.validated_data['refresh_token'])
return DoneResponse(**response_codes.LOGGED_OUT)
def test_validate_session_invalid_credentials(test_user):
with pytest.raises(NotAuthenticated) as exec_info:
SessionService.validate_session(None, 'new_password')
assert exec_info.value.detail.code == INVALID_CREDENTIALS['code']
with pytest.raises(NotAuthenticated) as exec_info:
SessionService.validate_session(test_user, 'new_password')
assert exec_info.value.detail.code == INVALID_CREDENTIALS['code']
def test_process_google_token_invalid_issuer():
allow(id_token).verify_oauth2_token.and_return({
'iss':
'https://any.server',
})
with pytest.raises(NotAuthenticated) as exec_info:
SessionService.process_google_token('valid_token')
assert exec_info.value.detail.code == INVALID_GOOGLE_TOKEN_ISSUER[
'code']
def test_validate_session_inactive_account(test_user):
plain_password = '******'
test_user.set_password(plain_password)
test_user.is_active = False
test_user.save()
with pytest.raises(NotAuthenticated) as exec_info:
SessionService.validate_session(test_user, plain_password)
assert exec_info.value.detail.code == INACTIVE_ACCOUNT['code']
def test_process_facebook_token_invalid_access_token():
access_token = 'invalid_access_token'
with requests_mock.mock() as mock:
mock.get(
SessionService.make_facebook_profile_url(access_token),
text=json.dumps({'error': 'facebook_raised_error'}),
status_code=status.HTTP_200_OK,
)
with pytest.raises(NotAuthenticated) as exec_info:
SessionService.process_facebook_token(access_token)
assert exec_info.value.detail.code == INVALID_FACEBOOK_ACCESS_TOKEN[
'code']
def post(self, request):
"""Get session from google token id.
POST /api/v1/auth/login/
"""
serializer = LoginSerializer(
data=request.data,
context={'request': request},
)
serializer.is_valid(raise_exception=True)
username_or_email = serializer.validated_data.get('user')
plain_password = serializer.validated_data.get('password')
user = UserSelector.get_by_username_or_email(username_or_email)
SessionService.validate_session(user, plain_password)
return Response(SessionSerializer(user).data)
def test_process_facebook_valid_access_token(test_user):
allow(UserService).create_or_update_for_social_networks.and_return(
test_user)
access_token = 'valid_access_token'
with requests_mock.mock() as mock:
mock.get(
SessionService.make_facebook_profile_url(access_token),
text=json.dumps({
'email': test_user.email,
'first_name': test_user.first_name,
'last_name': test_user.last_name,
}),
status_code=status.HTTP_200_OK,
)
user = SessionService.process_facebook_token(access_token)
assert user is not None
assert isinstance(user, User)
def test_process_google_token(test_user):
allow(id_token).verify_oauth2_token.and_return({
'iss':
SessionService.GOOGLE_ACCOUNTS_URL,
})
allow(UserService).create_or_update_for_social_networks.and_return(
test_user)
user = SessionService.process_google_token('valid_token')
assert user is not None
assert isinstance(user, User)
def post(self, request):
"""Get session from facebook access token.
POST /api/v1/auth/facebook-login/
"""
serializer = AccessTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = SessionService.process_facebook_token(
serializer.validated_data['access_token'])
return Response(SessionSerializer(user).data)
def post(self, request):
"""Get session from google token id.
POST /api/v1/auth/google-login/
"""
serializer = GoogleTokenSerializer(data=request.data)
serializer.is_valid(raise_exception=True)
user = SessionService.process_google_token(
serializer.validated_data['token'], )
return Response(SessionSerializer(user).data)
def data(self, ):
return {
'session': SessionService.make_user_session(self.user),
'profile': UserProfileSerializer(self.user).data,
}
def test_validate_session(test_user):
plain_password = '******'
test_user.set_password(plain_password)
test_user.save()
assert SessionService.validate_session(test_user, plain_password)
def test_make_user_session(test_user):
session = SessionService.make_user_session(test_user)
assert 'access_token' in session
assert 'refresh_token' in session