def test_update_token_actually_saved(self, api, client): update_token = TokenRegistry('jti', 'access', 'tokenreader', False, dt.datetime(2001, 1, 2, 12, 11, 10, 9)) update_token.save() token, _ = register_and_login_confirmed_user(api, client, "tokenreader", "*****@*****.**", "passwd") url = api.url_for(Token, token_id=update_token.id) response = client.put(url, data={ 'revoked': 'True', 'jti': 'newjti', 'tokenType': 'refresh', 'username': '******', 'expires': str(dt.datetime(2002, 2, 3, 16, 15, 14, 13)) }, headers=get_authorization_header(token)) response_json = get_response_json(response.data) assert (update_token.jti == 'jti') assert (update_token.token_type == 'access') assert (update_token.username == 'tokenreader') assert (update_token.revoked == True) assert (update_token.expires == dt.datetime(2001, 1, 2, 12, 11, 10, 9))
def post(self): username = get_jwt_identity() user = User.find_by_username(username) if user is None: report_error_and_abort(401, "refresh", "Login refresh failed") user.access_token = create_access_token(identity=user.username, fresh=False) TokenRegistry.add_token(user.access_token) return user, 200
def test_find_by_jti(self): token1 = TokenRegistry('jti_1', 'type_1', 'username', True, dt.datetime.utcnow()) token2 = TokenRegistry('jti_2', 'type_2', 'username', False, dt.datetime.utcnow() + dt.timedelta(hours=1)) token1.save(False) token2.save() retrieved = TokenRegistry.find_by_jti('jti_1') jti_none = TokenRegistry.find_by_jti('jti_dontexist') assert (retrieved.jti == 'jti_1') assert (jti_none is None)
def test_delete_token_logged_in(self, api, client): token, _ = register_and_login_confirmed_user(api, client, "tokenreader", "*****@*****.**", "passwd") url = api.url_for(Token, token_id=2) response = client.delete(url, headers=get_authorization_header(token)) response_json = get_response_json(response.data) assert (response.status_code == 200) assert (response_json["messages"]["token"] is not None) assert (TokenRegistry.get_by_id(1) is not None) assert (TokenRegistry.get_by_id(2) is None) # should have been deleted
def test_get_other_user_token(self, api, client): new_token = TokenRegistry('12345', 'access', 'another_user', False, dt.datetime.now() + dt.timedelta(hours=1)) new_token.save() token, _ = register_and_login_confirmed_user(api, client, "tokenreader", "*****@*****.**", "passwd") url = api.url_for(Token, token_id=new_token.id) response = client.get(url, headers=get_authorization_header(token)) response_json = get_response_json(response.data) assert (response.status_code == 403) assert (response_json["errors"]["token"] is not None)
def test_another_user_tokens_not_included(self, api, client): new_token = TokenRegistry('12345', 'access', 'another_user', False, dt.datetime.now() + dt.timedelta(hours=1)) new_token.save() token, _ = register_and_login_confirmed_user(api, client, "tokenreader", "*****@*****.**", "passwd") url = api.url_for(TokenList) response = client.get(url, headers=get_authorization_header(token)) response_json = get_response_json(response.data) assert (response.status_code == 200) assert (len(response_json) == 2)
def post(self, email, password, **kwargs): user = User.find_by_email(email) if user is None: report_error_and_abort(401, "login", "Login failed") if not user.confirmed: report_error_and_abort(401, "login", "Login failed") if not user.check_password(password): report_error_and_abort(401, "login", "Login failed") user.access_token = create_access_token(identity=user.username, fresh=True) TokenRegistry.add_token(user.access_token) return user, 200
def test_no_unique_constraints(self, db): token1 = TokenRegistry('jti', 'type', 'username', True, dt.datetime.utcnow()) token2 = TokenRegistry('jti', 'type', 'username', True, dt.datetime.utcnow()) token1.save() token2.save() num_users = db.session.query(TokenRegistry).count() assert (num_users == 2)
def delete(self): jti = get_raw_jwt()["jti"] token = TokenRegistry.find_by_jti(jti) if token is not None: try: token.revoked = False token.save() except: db.session.rollback() report_error_and_abort(500, "logout", "Logout failed(2).") return generate_message_response(200, "logout", "Logged out.")
def test_update_token_unrevoke(self, api, client): token, _ = register_and_login_confirmed_user(api, client, "tokenreader", "*****@*****.**", "passwd") update_token = TokenRegistry.get_by_id(2) update_token.revoked = True url = api.url_for(Token, token_id=2) response = client.put(url, data={'revoked': 'False'}, headers=get_authorization_header(token)) response_json = get_response_json(response.data) assert (response.status_code == 200) assert (response_json["revoked"] == False)
def jwt_check_if_token_is_blacklisted(decoded_token): jti = decoded_token["jti"] return TokenRegistry.is_token_revoked(jti)
def test_get_by_id(self): new_token = TokenRegistry('jti', 'type', 'username', True, dt.datetime.utcnow()) new_token.save() retrieved_token = TokenRegistry.get_by_id(new_token.id) assert (retrieved_token == new_token)
def test_find_by_username(self): token1 = TokenRegistry('jti_1', 'type_1', 'username', True, dt.datetime.utcnow()) token2 = TokenRegistry('jti_2', 'type_2', 'username', False, dt.datetime.utcnow() + dt.timedelta(hours=1)) token3 = TokenRegistry('jti_1', 'type_1', 'different', True, dt.datetime.utcnow()) token1.save(False) token2.save(False) token3.save() user_tokens = TokenRegistry.find_by_username('username') assert (len(user_tokens) == 2)