def test_user_can_get_access_refresh_and_delete_token_cookies_and_use_them(
self):
with override_api_settings(AUTH_COOKIE='Authorization', ):
res = self.client.post(
reverse('token_obtain_pair'),
data={
User.USERNAME_FIELD: self.username,
'password': self.password,
},
)
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
res = self.client.post(reverse('token_refresh'), )
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
res = self.client.post(reverse('token_delete'), )
res = self.view_get()
self.assertEqual(res.status_code, 401)
res = self.client.post(reverse('token_refresh'), )
self.assertEqual(res.status_code, 401)
def test_user_can_get_access_refresh_and_delete_sliding_token_cookies_and_use_them(
self):
with override_api_settings(
AUTH_COOKIE='Authorization',
AUTH_TOKEN_CLASSES=(
'rest_framework_simplejwt.tokens.SlidingToken', )):
res = self.client.post(
reverse('token_obtain_sliding'),
data={
User.USERNAME_FIELD: self.username,
'password': self.password,
},
)
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
res = self.client.post(reverse('token_refresh_sliding'), )
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
res = self.client.post(reverse('token_delete'), )
res = self.view_get()
self.assertEqual(res.status_code, 401)
res = self.client.post(reverse('token_refresh_sliding'), )
self.assertEqual(res.status_code, 401)
def test_user_can_get_access_and_refresh_tokens_and_use_them(self):
res = self.client.post(
reverse('token_obtain_pair'),
data={
User.USERNAME_FIELD: self.username,
'password': self.password,
},
)
access = res.data['access']
refresh = res.data['refresh']
self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], access)
with override_api_settings(AUTH_TOKEN_CLASSES=('rest_framework_simplejwt.tokens.AccessToken',)):
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
res = self.client.post(
reverse('token_refresh'),
data={'refresh': refresh},
)
access = res.data['access']
self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], access)
with override_api_settings(AUTH_TOKEN_CLASSES=('rest_framework_simplejwt.tokens.AccessToken',)):
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
def test_user_can_get_access_refresh_and_delete_sliding_token_cookies_and_use_them(
self):
with override_api_settings(
AUTH_COOKIE='Authorization',
AUTH_TOKEN_CLASSES=(
'rest_framework_simplejwt.tokens.SlidingToken', )):
client = self.client_class(enforce_csrf_checks=True)
res = client.post(
reverse('token_obtain_sliding'),
data={
User.USERNAME_FIELD: self.username,
'password': self.password,
},
)
csrf_cookie = res.wsgi_request.environ['CSRF_COOKIE']
client.cookies.load({settings.CSRF_COOKIE_NAME: csrf_cookie})
res = client.get(reverse(self.view_name))
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
res = client.post(reverse(self.view_name))
self.assertEqual(res.status_code, 403)
self.assertTrue(REASON_BAD_TOKEN in res.data['detail'])
res = client.post(reverse(self.view_name),
**{settings.CSRF_HEADER_NAME: csrf_cookie})
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
res = client.post(reverse('token_refresh_sliding'), )
res = client.get(reverse(self.view_name))
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
res = client.post(reverse('token_delete'), )
res = client.get(reverse(self.view_name))
self.assertEqual(res.status_code, 401)
res = client.post(reverse('token_refresh_sliding'), )
self.assertEqual(res.status_code, 401)
def test_user_can_auth_via_cookies_if_enabled(self):
with override_api_settings(JWT_AUTH_COOKIE='test_cookie'):
res = self.client.post(
reverse('token_obtain_pair'),
data={
User.USERNAME_FIELD: self.username,
'password': self.password,
},
)
access = res.data['access']
refresh = res.data['refresh']
# verify that we received a cookie with the same token inside it
self.assertIn(api_settings.JWT_AUTH_COOKIE, res.cookies)
self.assertEqual(
str(res.data),
res.cookies.get(api_settings.JWT_AUTH_COOKIE).value)
self.authenticate_with_cookie(api_settings.JWT_AUTH_COOKIE, access)
with override_api_settings(AUTH_TOKEN_CLASSES=(
'rest_framework_simplejwt.tokens.AccessToken', )):
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
res = self.client.post(
reverse('token_refresh'),
data={'refresh': refresh},
)
access = res.data['access']
self.authenticate_with_cookie(api_settings.JWT_AUTH_COOKIE, access)
with override_api_settings(AUTH_TOKEN_CLASSES=(
'rest_framework_simplejwt.tokens.AccessToken', )):
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
def wrapper_method(self, *args, **kwargs):
if self.view_name is None:
raise ValueError('Must give value for `view_name` property')
reverse_args = kwargs.pop('reverse_args', tuple())
reverse_kwargs = kwargs.pop('reverse_kwargs', dict())
query_string = kwargs.pop('query_string', None)
url = reverse(self.view_name, args=reverse_args, kwargs=reverse_kwargs)
if query_string is not None:
url = url + '?{0}'.format(query_string)
return getattr(self.client, action)(url, *args, **kwargs)
def wrapper_method(self, *args, **kwargs):
if self.view_name is None:
raise ValueError("Must give value for `view_name` property")
reverse_args = kwargs.pop("reverse_args", tuple())
reverse_kwargs = kwargs.pop("reverse_kwargs", dict())
query_string = kwargs.pop("query_string", None)
url = reverse(self.view_name, args=reverse_args, kwargs=reverse_kwargs)
if query_string is not None:
url = url + f"?{query_string}"
return getattr(self.client, action)(url, *args, **kwargs)
def test_user_can_get_access_and_refresh_tokens_and_use_them(self):
res = self.client.post(
reverse("token_obtain_pair"),
data={
User.USERNAME_FIELD: self.username,
"password": self.password,
},
)
access = res.data["access"]
refresh = res.data["refresh"]
self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], access)
with override_api_settings(AUTH_TOKEN_CLASSES=(
"rest_framework_simplejwt.tokens.AccessToken", )):
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data["foo"], "bar")
res = self.client.post(
reverse("token_refresh"),
data={"refresh": refresh},
)
access = res.data["access"]
self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], access)
with override_api_settings(AUTH_TOKEN_CLASSES=(
"rest_framework_simplejwt.tokens.AccessToken", )):
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data["foo"], "bar")
def test_wrong_auth_type(self):
res = self.client.post(
reverse('token_obtain_sliding'),
data={
User.USERNAME_FIELD: self.username,
'password': self.password,
},
)
token = res.data['token']
self.authenticate_with_token('Wrong', token)
res = self.view_get()
self.assertEqual(res.status_code, 401)
self.assertIn('credentials were not provided', res.data['detail'])
def test_wrong_auth_type(self):
res = self.client.post(
reverse("token_obtain_sliding"),
data={
User.USERNAME_FIELD: self.username,
"password": self.password,
},
)
token = res.data["token"]
self.authenticate_with_token("Wrong", token)
res = self.view_get()
self.assertEqual(res.status_code, 401)
self.assertIn("credentials were not provided", res.data["detail"])
def test_user_can_get_sliding_token_and_use_it(self):
res = self.client.post(
reverse('token_obtain_sliding'),
data={
User.USERNAME_FIELD: self.username,
'password': self.password,
},
)
token = res.data['token']
self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], token)
with override_api_settings(AUTH_TOKEN_CLASSES=('rest_framework_simplejwt.tokens.SlidingToken',)):
res = self.view_get()
self.assertEqual(res.status_code, 200)
self.assertEqual(res.data['foo'], 'bar')
def test_expired_token(self):
old_lifetime = AccessToken.lifetime
AccessToken.lifetime = timedelta(seconds=0)
try:
res = self.client.post(
reverse('token_obtain_pair'),
data={
User.USERNAME_FIELD: self.username,
'password': self.password,
},
)
finally:
AccessToken.lifetime = old_lifetime
access = res.data['access']
self.authenticate_with_token(api_settings.AUTH_HEADER_TYPES[0], access)
with override_api_settings(AUTH_TOKEN_CLASSES=('rest_framework_simplejwt.tokens.AccessToken',)):
res = self.view_get()
self.assertEqual(res.status_code, 401)
self.assertEqual('token_not_valid', res.data['code'])
