def test_incorrect_signature(self):
api_key = self.create_api_key(self.user)
token = self.create_auth_token(api_key.user, api_key.key,
api_key.secret)
decoy_api_key = APIKey( # Don't save in database, it would conflict.
user=self.user, key=api_key.key, secret='another-secret')
with self.assertRaises(jwt.DecodeError) as ctx:
jwt_auth.jwt_decode_handler(
token, get_api_key=lambda **k: decoy_api_key)
assert str(ctx.exception) == 'Signature verification failed'
