def test_unauthenicated_view(self):
"Test valid JWT with unauthenticated view"
client = BaseClient()
with freeze_time('2020-01-01T09:00:00'):
client.cookies[settings.SESSION_COOKIE_NAME] = session.create_jwt(
self.user,
self.client.session.session_key,
)
jwt1 = session.verify_jwt(
client.cookies[settings.SESSION_COOKIE_NAME].value)
with freeze_time('2020-01-01T09:05:00'):
r = client.get('/get/')
self.assertEqual(r.status_code, 200)
jwt2 = session.verify_jwt(
r.cookies.get(settings.SESSION_COOKIE_NAME).value)
self.assertNotEqual(jwt1['iat'], jwt2['iat'])
def test_login(self):
"Test logging in a user using Client.login()"
ret = self.client.login(username='******', password='******')
self.assertTrue(ret)
fields = session.verify_jwt(self.client.cookies[settings.SESSION_COOKIE_NAME].value)
self.assertTrue('id' in fields) # short form
self.assertTrue('user_id' in fields) # long form
self.assertTrue('u' in fields) # short form
self.assertTrue('username' in fields) # long form
self.assertTrue('e' in fields) # short form
self.assertTrue('email' in fields) # long form
self.assertTrue('foo' in fields) # from callable
def test_expiration(self):
"Test JWT exp field handling"
r = self.client.post('/login/', {'username': '******', 'password': '******'})
self.assertEqual(r.status_code, 200)
r = self.client.post('/set/', { 'a': '12345', 'b': 'abcde' })
self.assertEqual(r.status_code, 200)
fields = session.verify_jwt(r.cookies[settings.SESSION_COOKIE_NAME].value)
# JWT expiration should exceed cookie expiration.
expires = r.cookies[settings.SESSION_COOKIE_NAME]['expires']
# Normalize date format (different Django versions use - or <space>)
expires = expires.replace('-', ' ')
# format: "Fri, 14 Aug 2020 19:27:28 GMT"
expires = int(time.mktime(datetime.strptime(expires, '%a, %d %b %Y %H:%M:%S %Z').timetuple()))
self.assertGreater(expires, fields['exp'])
def test_login(self):
"Test logging in a user via POST"
r = self.client.post('/login/', {'username': '******', 'password': '******'})
self.assertEqual(r.status_code, 200)
fields = session.verify_jwt(r.cookies[settings.SESSION_COOKIE_NAME].value)
self.assertTrue('id' in fields) # short form
self.assertTrue('user_id' in fields) # long form
self.assertTrue('u' in fields) # short form
self.assertTrue('username' in fields) # long form
self.assertTrue('e' in fields) # short form
self.assertTrue('email' in fields) # long form
self.assertFalse('i' in fields) # short form
self.assertFalse('invalid' in fields) # long form
self.assertTrue('foo' in fields) # from callable
def test_asymmetrical(self):
"Test using RSA key"
key, pubkey, algo = session._parse_key((
normpath(pathjoin(dirname(__file__), '../keys/rsa')),
normpath(pathjoin(dirname(__file__), '../keys/rsa.pub'))
))
with mock.patch('django_session_jwt.middleware.session.ALGO', algo), \
mock.patch('django_session_jwt.middleware.session.KEY', key):
session_key = '1234abcdef'
jwt = session.create_jwt(self.user, session_key)
with mock.patch('django_session_jwt.middleware.session.ALGO', algo), \
mock.patch('django_session_jwt.middleware.session.PUBKEY', pubkey):
fields = session.verify_jwt(jwt)
self.assertEqual(fields['sk'], session_key)
def test_create(self):
"Test JWT creation / verification"
session_key = '1234abcdef'
jwt = session.create_jwt(self.user, session_key)
fields = session.verify_jwt(jwt)
self.assertEqual(fields['sk'], session_key)