def test_invalid_token(self): request = Request(request=self.request_factory.get( '/', HTTP_AUTHORIZATION='Token INVALID-TOKEN'), authenticators=[SecureTokenAuthentication()]) with self.assertRaises(exceptions.AuthenticationFailed): request._authenticate()
def test_ignoring_marked_for_delete_tokens(self): token = Token.objects.create(user=self.user) now = timezone.now() Token.objects.update(expire_in=now - timedelta(seconds=5), dead_in=now + timedelta(seconds=5), marked_for_delete=True) request = Request(request=self.request_factory.get( '/', HTTP_AUTHORIZATION='Token %s' % token), authenticators=[SecureTokenAuthentication()]) request._authenticate() response = HttpResponse() middleware = UpdateTokenMiddleware() response = middleware.process_response(request._request, response) new_token = response.get('X-Token', None) self.assertIsNone(new_token)
def test_token_updating(self): token = Token.objects.create(user=self.user) now = timezone.now() Token.objects.update(expire_in=now - timedelta(seconds=5), dead_in=now + timedelta(seconds=5)) request = Request( request=self.request_factory.get('/', HTTP_AUTHORIZATION='Token {0}'.format(token)), authenticators=[SecureTokenAuthentication()], ) request._authenticate() response = HttpResponse() middleware = UpdateTokenMiddleware() response = middleware.process_response(request._request, response) new_token = response.get('X-Token', None) self.assertIsNotNone(new_token) new_token = Token.objects.get(key=new_token) self.assertEqual(new_token.user, self.user) old_token = Token.objects.get(id=token.id) self.assertTrue(old_token.marked_for_delete)