def test_expired_tokens(self):
"""Ensure expired token is removed from db while valid one remains."""
now = timezone.now()
tomorrow = now + datetime.timedelta(days=1)
valid_token = AuthTokenFactory.create(expires=tomorrow)
# this token is expired
long_ago = now - datetime.timedelta(days=33)
AuthTokenFactory.create(expires=long_ago)
self.command.handle()
expected = AuthToken.objects.all()
self.assertCountEqual(expected, [valid_token])
def _create_token(self, when):
token = AuthTokenFactory.create(
key=self.key,
user=self.user,
expires=when,
)
return token
def test_valid_token(self):
token = AuthTokenFactory.create()
data = QueryDict('', mutable=True)
data.update({'token': token.key})
request = mock.Mock(data=data)
response = FormTokenAuthentication().authenticate(request)
expected = (token.user, token)
self.assertEqual(response, expected)
def test_no_tokens_removed(self):
"""Tests that non-expired tokens are not removed."""
tomorrow = timezone.now() + datetime.timedelta(days=1)
token = AuthTokenFactory.create(expires=tomorrow)
self.command.handle()
expected = AuthToken.objects.all()
self.assertCountEqual(expected, [token])
def test_delete(self):
someday = timezone.now() + datetime.timedelta(days=1)
user = UserFactory.create()
token = AuthTokenFactory.create(user=user, expires=someday)
# Custom auth header containing token
auth = 'Token ' + token.key
request = self.create_request(
'delete',
user=user,
HTTP_AUTHORIZATION=auth,
)
response = self.view_class.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
with self.assertRaises(self.model.DoesNotExist):
self.model.objects.get(pk=token.pk)
def test_delete(self):
someday = timezone.now() + datetime.timedelta(days=1)
user = UserFactory.create()
token = AuthTokenFactory.create(user=user, expires=someday)
# Custom auth header containing token
auth = 'Token ' + token.key
request = self.create_request(
'delete',
user=user,
HTTP_AUTHORIZATION=auth,
)
response = self.view_class.as_view()(request)
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
with self.assertRaises(self.model.DoesNotExist):
self.model.objects.get(pk=token.pk)
def test_send_without_token_header(self):
"""Test support for legacy browsers that cannot support AJAX uploads.
This shows three things:
- users can authenticate by submitting the token in the form data.
- users can use a POST fallback.
- csrf is not required (the token is equivalent).
"""
client = Client(enforce_csrf_checks=True)
user = UserFactory.create()
token = AuthTokenFactory(user=user)
data = {'avatar': SIMPLE_PNG, 'token': token.key}
url = reverse('user_management_api:profile_avatar')
response = client.post(url, data=data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn('avatar', response.data)
def test_delete_user_logged_out_signal(self):
"""Send the user_logged_out signal if a user deletes their Auth Token."""
handler = MagicMock()
signals.user_logged_out.connect(handler)
someday = timezone.now() + datetime.timedelta(days=1)
user = UserFactory.create()
token = AuthTokenFactory.create(user=user, expires=someday)
# Custom auth header containing token
auth = 'Token ' + token.key
request = self.create_request(
'delete',
user=user,
HTTP_AUTHORIZATION=auth,
)
response = self.view_class.as_view()(request)
handler.assert_called_once_with(
signal=signals.user_logged_out,
sender=views.GetAuthToken,
request=response.renderer_context['request'],
user=user,
)
def test_delete_user_logged_out_signal(self):
"""Send the user_logged_out signal if a user deletes their Auth Token."""
handler = MagicMock()
signals.user_logged_out.connect(handler)
someday = timezone.now() + datetime.timedelta(days=1)
user = UserFactory.create()
token = AuthTokenFactory.create(user=user, expires=someday)
# Custom auth header containing token
auth = 'Token ' + token.key
request = self.create_request(
'delete',
user=user,
HTTP_AUTHORIZATION=auth,
)
response = self.view_class.as_view()(request)
handler.assert_called_once_with(
signal=signals.user_logged_out,
sender=views.GetAuthToken,
request=response.renderer_context['request'],
user=user,
)
