def test_update_token_actually_saved(self, api, client):
update_token = TokenRegistry('jti', 'access', 'tokenreader', False,
dt.datetime(2001, 1, 2, 12, 11, 10, 9))
update_token.save()
token, _ = register_and_login_confirmed_user(api, client,
"tokenreader",
"*****@*****.**",
"passwd")
url = api.url_for(Token, token_id=update_token.id)
response = client.put(url,
data={
'revoked':
'True',
'jti':
'newjti',
'tokenType':
'refresh',
'username':
'******',
'expires':
str(dt.datetime(2002, 2, 3, 16, 15, 14, 13))
},
headers=get_authorization_header(token))
response_json = get_response_json(response.data)
assert (update_token.jti == 'jti')
assert (update_token.token_type == 'access')
assert (update_token.username == 'tokenreader')
assert (update_token.revoked == True)
assert (update_token.expires == dt.datetime(2001, 1, 2, 12, 11, 10, 9))
def post(self): username = get_jwt_identity() user = User.find_by_username(username) if user is None: report_error_and_abort(401, "refresh", "Login refresh failed") user.access_token = create_access_token(identity=user.username, fresh=False) TokenRegistry.add_token(user.access_token) return user, 200
def test_find_by_jti(self):
token1 = TokenRegistry('jti_1', 'type_1', 'username', True,
dt.datetime.utcnow())
token2 = TokenRegistry('jti_2', 'type_2', 'username', False,
dt.datetime.utcnow() + dt.timedelta(hours=1))
token1.save(False)
token2.save()
retrieved = TokenRegistry.find_by_jti('jti_1')
jti_none = TokenRegistry.find_by_jti('jti_dontexist')
assert (retrieved.jti == 'jti_1')
assert (jti_none is None)
def test_delete_token_logged_in(self, api, client):
token, _ = register_and_login_confirmed_user(api, client,
"tokenreader",
"*****@*****.**",
"passwd")
url = api.url_for(Token, token_id=2)
response = client.delete(url, headers=get_authorization_header(token))
response_json = get_response_json(response.data)
assert (response.status_code == 200)
assert (response_json["messages"]["token"] is not None)
assert (TokenRegistry.get_by_id(1) is not None)
assert (TokenRegistry.get_by_id(2) is None) # should have been deleted
def test_get_other_user_token(self, api, client):
new_token = TokenRegistry('12345', 'access', 'another_user', False,
dt.datetime.now() + dt.timedelta(hours=1))
new_token.save()
token, _ = register_and_login_confirmed_user(api, client,
"tokenreader",
"*****@*****.**",
"passwd")
url = api.url_for(Token, token_id=new_token.id)
response = client.get(url, headers=get_authorization_header(token))
response_json = get_response_json(response.data)
assert (response.status_code == 403)
assert (response_json["errors"]["token"] is not None)
def test_another_user_tokens_not_included(self, api, client):
new_token = TokenRegistry('12345', 'access', 'another_user', False,
dt.datetime.now() + dt.timedelta(hours=1))
new_token.save()
token, _ = register_and_login_confirmed_user(api, client,
"tokenreader",
"*****@*****.**",
"passwd")
url = api.url_for(TokenList)
response = client.get(url, headers=get_authorization_header(token))
response_json = get_response_json(response.data)
assert (response.status_code == 200)
assert (len(response_json) == 2)
def post(self, email, password, **kwargs): user = User.find_by_email(email) if user is None: report_error_and_abort(401, "login", "Login failed") if not user.confirmed: report_error_and_abort(401, "login", "Login failed") if not user.check_password(password): report_error_and_abort(401, "login", "Login failed") user.access_token = create_access_token(identity=user.username, fresh=True) TokenRegistry.add_token(user.access_token) return user, 200
def test_no_unique_constraints(self, db):
token1 = TokenRegistry('jti', 'type', 'username', True,
dt.datetime.utcnow())
token2 = TokenRegistry('jti', 'type', 'username', True,
dt.datetime.utcnow())
token1.save()
token2.save()
num_users = db.session.query(TokenRegistry).count()
assert (num_users == 2)
def delete(self): jti = get_raw_jwt()["jti"] token = TokenRegistry.find_by_jti(jti) if token is not None: try: token.revoked = False token.save() except: db.session.rollback() report_error_and_abort(500, "logout", "Logout failed(2).") return generate_message_response(200, "logout", "Logged out.")
def test_update_token_unrevoke(self, api, client):
token, _ = register_and_login_confirmed_user(api, client,
"tokenreader",
"*****@*****.**",
"passwd")
update_token = TokenRegistry.get_by_id(2)
update_token.revoked = True
url = api.url_for(Token, token_id=2)
response = client.put(url,
data={'revoked': 'False'},
headers=get_authorization_header(token))
response_json = get_response_json(response.data)
assert (response.status_code == 200)
assert (response_json["revoked"] == False)
def jwt_check_if_token_is_blacklisted(decoded_token):
jti = decoded_token["jti"]
return TokenRegistry.is_token_revoked(jti)
def test_get_by_id(self):
new_token = TokenRegistry('jti', 'type', 'username', True,
dt.datetime.utcnow())
new_token.save()
retrieved_token = TokenRegistry.get_by_id(new_token.id)
assert (retrieved_token == new_token)
def test_find_by_username(self):
token1 = TokenRegistry('jti_1', 'type_1', 'username', True,
dt.datetime.utcnow())
token2 = TokenRegistry('jti_2', 'type_2', 'username', False,
dt.datetime.utcnow() + dt.timedelta(hours=1))
token3 = TokenRegistry('jti_1', 'type_1', 'different', True,
dt.datetime.utcnow())
token1.save(False)
token2.save(False)
token3.save()
user_tokens = TokenRegistry.find_by_username('username')
assert (len(user_tokens) == 2)
