def test_deprecation_warning(self):
graphene_settings.MIDDLEWARE = []
with warnings.catch_warnings(record=True) as warning_list:
JSONWebTokenMiddleware()
self.assertTrue(warning_list)
graphene_settings.MIDDLEWARE = [JSONWebTokenMiddleware]
def jwt_middleware(get_response):
"""Authenticate user using JSONWebTokenMiddleware
ignoring the session-based authentication.
This middleware resets authentication made by any previous middlewares
and authenticates the user
with graphql_jwt.middleware.JSONWebTokenMiddleware.
"""
jwt_middleware = JSONWebTokenMiddleware(get_response=get_response)
def middleware(request):
if request.path == reverse('api'):
# clear user authenticated by AuthenticationMiddleware
request._cached_user = AnonymousUser()
request.user = AnonymousUser()
# authenticate using JWT middleware
jwt_middleware.process_request(request)
return get_response(request)
return middleware
def jwt_middleware(get_response):
"""Authenticate a user using JWT and ignore the session-based authentication.
This middleware resets authentication made by any previous middlewares
and authenticates the user
with graphql_jwt.middleware.JSONWebTokenMiddleware.
"""
# Disable warnings for django-graphene-jwt
graphene_settings.MIDDLEWARE.append(JSONWebTokenMiddleware)
jwt_middleware_inst = JSONWebTokenMiddleware(get_response=get_response)
graphene_settings.MIDDLEWARE.remove(JSONWebTokenMiddleware)
def middleware(request):
if request.path == reverse("api"):
# clear user authenticated by AuthenticationMiddleware
request._cached_user = AnonymousUser()
request.user = AnonymousUser()
# authenticate using JWT middleware
jwt_middleware_inst.process_request(request)
return get_response(request)
return middleware
def setUp(self):
super(MiddlewareTests, self).setUp()
self.get_response_mock = mock.Mock(return_value=JsonResponse({}))
self.middleware = JSONWebTokenMiddleware(self.get_response_mock)
def setUp(self):
super().setUp()
self.middleware = JSONWebTokenMiddleware()
class AuthenticateByHeaderTests(TestCase):
def setUp(self):
super().setUp()
self.middleware = JSONWebTokenMiddleware()
@override_jwt_settings(JWT_ALLOW_ANY_HANDLER=lambda *args: False)
def test_authenticate(self):
headers = {
jwt_settings.JWT_AUTH_HEADER_NAME: '{0} {1}'.format(
jwt_settings.JWT_AUTH_HEADER_PREFIX,
self.token,
),
}
next_mock = mock.Mock()
info_mock = self.info(AnonymousUser(), **headers)
self.middleware.resolve(next_mock, None, info_mock)
next_mock.assert_called_with(None, info_mock)
self.assertEqual(info_mock.context.user, self.user)
@override_jwt_settings(JWT_ALLOW_ANY_HANDLER=lambda *args: False)
@mock.patch('graphql_jwt.middleware.authenticate', return_value=None)
def test_not_authenticate(self, authenticate_mock):
headers = {
jwt_settings.JWT_AUTH_HEADER_NAME: '{0} {1}'.format(
jwt_settings.JWT_AUTH_HEADER_PREFIX,
self.token,
),
}
next_mock = mock.Mock()
info_mock = self.info(AnonymousUser(), **headers)
self.middleware.resolve(next_mock, None, info_mock)
next_mock.assert_called_with(None, info_mock)
authenticate_mock.assert_called_with(request=info_mock.context)
self.assertIsInstance(info_mock.context.user, AnonymousUser)
@override_jwt_settings(JWT_ALLOW_ANY_HANDLER=lambda *args: False)
def test_invalid_token(self):
headers = {
jwt_settings.JWT_AUTH_HEADER_NAME: '{} invalid'.format(
jwt_settings.JWT_AUTH_HEADER_PREFIX,
),
}
next_mock = mock.Mock()
info_mock = self.info(AnonymousUser(), **headers)
with self.assertRaises(JSONWebTokenError):
self.middleware.resolve(next_mock, None, info_mock)
next_mock.assert_not_called()
@override_jwt_settings(JWT_ALLOW_ANY_HANDLER=lambda *args: False)
@mock.patch('graphql_jwt.middleware.authenticate')
def test_already_authenticated(self, authenticate_mock):
headers = {
jwt_settings.JWT_AUTH_HEADER_NAME: '{0} {1}'.format(
jwt_settings.JWT_AUTH_HEADER_PREFIX,
self.token,
),
}
next_mock = mock.Mock()
info_mock = self.info(self.user, **headers)
self.middleware.resolve(next_mock, None, info_mock)
next_mock.assert_called_with(None, info_mock)
authenticate_mock.assert_not_called()
@override_jwt_settings(JWT_ALLOW_ANY_HANDLER=lambda *args: True)
def test_allow_any(self):
headers = {
jwt_settings.JWT_AUTH_HEADER_NAME: '{0} {1}'.format(
jwt_settings.JWT_AUTH_HEADER_PREFIX,
self.token,
),
}
next_mock = mock.Mock()
info_mock = self.info(AnonymousUser(), **headers)
self.middleware.resolve(next_mock, None, info_mock)
next_mock.assert_called_with(None, info_mock)
self.assertIsInstance(info_mock.context.user, AnonymousUser)
def test_authenticate_context(self):
info_mock = self.info()
self.middleware.cached_allow_any.add('test')
authenticate_context = self.middleware.authenticate_context(info_mock)
self.assertFalse(authenticate_context)
class AuthenticateByArgumentTests(TestCase):
@override_jwt_settings(JWT_ALLOW_ARGUMENT=True)
def setUp(self):
super().setUp()
self.middleware = JSONWebTokenMiddleware()
@override_jwt_settings(
JWT_ALLOW_ARGUMENT=True,
JWT_ALLOW_ANY_HANDLER=lambda *args, **kwargs: False)
def test_authenticate(self):
kwargs = {
jwt_settings.JWT_ARGUMENT_NAME: self.token,
}
next_mock = mock.Mock()
info_mock = self.info(AnonymousUser())
self.middleware.resolve(next_mock, None, info_mock, **kwargs)
next_mock.assert_called_with(None, info_mock, **kwargs)
self.assertEqual(info_mock.context.user, self.user)
user = self.middleware.cached_authentication[tuple(info_mock.path)]
self.assertEqual(user, self.user)
@override_jwt_settings(
JWT_ALLOW_ARGUMENT=True,
JWT_ALLOW_ANY_HANDLER=lambda *args, **kwargs: False)
def test_authenticate_parent(self):
next_mock = mock.Mock()
info_mock = self.info(AnonymousUser())
info_mock.path = ['0', '1']
self.middleware.cached_authentication.insert(['0'], self.user)
self.middleware.resolve(next_mock, None, info_mock)
next_mock.assert_called_with(None, info_mock)
self.assertEqual(info_mock.context.user, self.user)
@override_jwt_settings(
JWT_ALLOW_ARGUMENT=True,
JWT_ALLOW_ANY_HANDLER=lambda *args, **kwargs: False)
def test_clear_authentication(self):
next_mock = mock.Mock()
info_mock = self.info(self.user)
self.middleware.resolve(next_mock, None, info_mock)
next_mock.assert_called_with(None, info_mock)
self.assertIsInstance(info_mock.context.user, AnonymousUser)
@override_jwt_settings(
JWT_ALLOW_ARGUMENT=True,
JWT_ALLOW_ANY_HANDLER=lambda *args, **kwargs: False)
def test_clear_session_authentication(self):
next_mock = mock.Mock()
info_mock = self.info(self.user)
info_mock.context.session = self.client.session
self.middleware.resolve(next_mock, None, info_mock)
next_mock.assert_called_with(None, info_mock)
self.assertIsInstance(info_mock.context.user, AnonymousUser)
@override_jwt_settings(
JWT_ALLOW_ARGUMENT=True,
JWT_ALLOW_ANY_HANDLER=lambda *args, **kwargs: False)
def test_context_has_not_attr_user(self):
next_mock = mock.Mock()
info_mock = self.info()
self.middleware.resolve(next_mock, None, info_mock)
next_mock.assert_called_with(None, info_mock)
self.assertFalse(hasattr(info_mock.context, 'user'))
def setUp(self):
super(AuthenticateByHeaderTests, self).setUp()
self.middleware = JSONWebTokenMiddleware()
