def test_set_logged_in_jwt_cookies(self): setup_login_oauth_client() self._set_use_jwt_cookie_header(self.request) response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user) self._assert_cookies_present(response, cookies_api.ALL_LOGGED_IN_COOKIE_NAMES) self._assert_consistent_expires(response) self._assert_recreate_jwt_from_cookies(response, can_recreate=True)
def test_set_logged_in_jwt_cookies(self): setup_login_oauth_client() self._set_use_jwt_cookie_header(self.request) response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user) self._assert_cookies_present(response, cookies_api.ALL_LOGGED_IN_COOKIE_NAMES) self._assert_consistent_expires(response) self._assert_recreate_jwt_from_cookies(response, can_recreate=True)
def test_refresh_jwt_cookies(self): setup_login_oauth_client() self._set_use_jwt_cookie_header(self.request) response = cookies_api.refresh_jwt_cookies(self.request, HttpResponse(), self.user) self._assert_cookies_present(response, cookies_api.JWT_COOKIE_NAMES) self._assert_consistent_expires(response, num_of_unique_expires=1) self._assert_recreate_jwt_from_cookies(response, can_recreate=True)
def test_login_and_registration_form_already_authenticated(self, url_name): setup_login_oauth_client() # call the account registration api that sets the login cookies url = reverse('user_api_registration') request_data = { 'username': self.USERNAME, 'password': self.PASSWORD, 'email': self.EMAIL, 'name': self.USERNAME, 'terms_of_service': 'true', 'honor_code': 'true', } result = self.client.post(url, data=request_data) assert result.status_code == 200 result = self.client.login(username=self.USERNAME, password=self.PASSWORD) assert result # Verify that we're redirected to the dashboard response = self.client.get(reverse(url_name)) self.assertRedirects(response, reverse("dashboard")) # Refresh login even if JWT cookies are expired. # (Give precedence to the session.) for name in JWT_COOKIE_NAMES: del self.client.cookies[name] # Verify that we're still redirected to the dashboard response = self.client.get(reverse(url_name)) self.assertRedirects(response, reverse("dashboard")) # Verify that we got new JWT cookies. for name in JWT_COOKIE_NAMES: assert name in self.client.cookies
def test_refresh_jwt_cookies(self): setup_login_oauth_client() self._set_use_jwt_cookie_header(self.request) response = cookies_api.refresh_jwt_cookies(self.request, HttpResponse(), self.user) self._assert_cookies_present(response, cookies_api.JWT_COOKIE_NAMES) self._assert_consistent_expires(response, num_of_unique_expires=1) self._assert_recreate_jwt_from_cookies(response, can_recreate=True)
def test_set_logged_in_jwt_cookies(self): setup_login_oauth_client() with cookies_api.JWT_COOKIES_FLAG.override(True): response = cookies_api.set_logged_in_cookies( self.request, HttpResponse(), self.user) self._assert_cookies_present( response, cookies_api.ALL_LOGGED_IN_COOKIE_NAMES) self._assert_recreate_jwt_from_cookies(response, can_recreate=True)
def test_delete_and_are_logged_in_cookies_set(self): setup_login_oauth_client() response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user) self._copy_cookies_to_request(response, self.request) self.assertTrue(cookies_api.are_logged_in_cookies_set(self.request)) cookies_api.delete_logged_in_cookies(response) self._copy_cookies_to_request(response, self.request) self.assertFalse(cookies_api.are_logged_in_cookies_set(self.request))
def test_delete_and_are_logged_in_cookies_set(self): setup_login_oauth_client() response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user) self._copy_cookies_to_request(response, self.request) self.assertTrue(cookies_api.are_logged_in_cookies_set(self.request)) cookies_api.delete_logged_in_cookies(response) self._copy_cookies_to_request(response, self.request) self.assertFalse(cookies_api.are_logged_in_cookies_set(self.request))
def test_refresh_jwt_cookies(self): setup_login_oauth_client() self._set_use_jwt_cookie_header(self.request) response = cookies_api.get_response_with_refreshed_jwt_cookies( self.request, self.user) data = json.loads(response.content.decode('utf8').replace("'", '"')) self.assertGreater(data['expires_epoch_seconds'], 0) self.assertNotEqual(data['expires'], 'not-found') self._assert_cookies_present(response, cookies_api.JWT_COOKIE_NAMES) self._assert_consistent_expires(response, num_of_unique_expires=1) self._assert_recreate_jwt_from_cookies(response, can_recreate=True)
def test_login_refresh(self): def _assert_jwt_cookie_present(response): self.assertEqual(response.status_code, 200) self.assertIn(jwt_cookies.jwt_cookie_header_payload_name(), self.client.cookies) setup_login_oauth_client() response, _ = self._login_response(self.user_email, self.password) _assert_jwt_cookie_present(response) response = self.client.post(reverse('login_refresh')) _assert_jwt_cookie_present(response)
def test_login_refresh(self): def _assert_jwt_cookie_present(response): self.assertEqual(response.status_code, 200) self.assertIn(jwt_cookies.jwt_cookie_header_payload_name(), self.client.cookies) setup_login_oauth_client() response, _ = self._login_response('*****@*****.**', 'test_password') _assert_jwt_cookie_present(response) response = self.client.post(reverse('login_refresh')) _assert_jwt_cookie_present(response)
def test_login_refresh(self): def _assert_jwt_cookie_present(response): self.assertEqual(response.status_code, 200) self.assertIn(jwt_cookies.jwt_refresh_cookie_name(), self.client.cookies) setup_login_oauth_client() response, _ = self._login_response('*****@*****.**', 'test_password') _assert_jwt_cookie_present(response) response = self.client.post(reverse('login_refresh')) _assert_jwt_cookie_present(response)
def test_refresh_jwt_cookies(self): def _get_refresh_token_value(response): return response.cookies[cookies_api.jwt_cookies.jwt_refresh_cookie_name()].value setup_login_oauth_client() self._set_use_jwt_cookie_header(self.request) response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user) self._copy_cookies_to_request(response, self.request) new_response = cookies_api.refresh_jwt_cookies(self.request, HttpResponse()) self._assert_recreate_jwt_from_cookies(new_response, can_recreate=True) self.assertNotEqual( _get_refresh_token_value(response), _get_refresh_token_value(new_response), )
def test_refresh_jwt_cookies(self): def _get_refresh_token_value(response): return response.cookies[cookies_api.jwt_cookies.jwt_refresh_cookie_name()].value setup_login_oauth_client() self._set_use_jwt_cookie_header(self.request) response = cookies_api.set_logged_in_cookies(self.request, HttpResponse(), self.user) self._copy_cookies_to_request(response, self.request) new_response = cookies_api.refresh_jwt_cookies(self.request, HttpResponse()) self._assert_recreate_jwt_from_cookies(new_response, can_recreate=True) self.assertNotEqual( _get_refresh_token_value(response), _get_refresh_token_value(new_response), )
def test_delete_and_are_logged_in_cookies_set(self, jwt_cookies_disabled, jwk_is_set): jwt_private_signing_jwk = settings.JWT_AUTH[ 'JWT_PRIVATE_SIGNING_JWK'] if jwk_is_set else None with patch.dict( "django.conf.settings.FEATURES", {"DISABLE_SET_JWT_COOKIES_FOR_TESTS": jwt_cookies_disabled}): with patch.dict( "django.conf.settings.JWT_AUTH", {"JWT_PRIVATE_SIGNING_JWK": jwt_private_signing_jwk}): setup_login_oauth_client() response = cookies_api.set_logged_in_cookies( self.request, HttpResponse(), self.user) self._copy_cookies_to_request(response, self.request) self.assertTrue( cookies_api.are_logged_in_cookies_set(self.request)) cookies_api.delete_logged_in_cookies(response) self._copy_cookies_to_request(response, self.request) self.assertFalse( cookies_api.are_logged_in_cookies_set(self.request))