def test_decode_token_expired(self):
""" Token decoder returns None when it's been tampered with. """
current_app.config['TOKEN_EXPIRATION_SECONDS'] = -1
token = create_token()
payload = User.decode_auth_token(token)
self.assertFalse(isinstance(payload, User))
self.assertIn('Signature expired', payload)
def test_decode_token_invalid(self):
""" Token decoder returns 'Invalid token' when
it's been tampered with."""
token = create_token()
payload = User.decode_auth_token(f'{token}1337')
self.assertFalse(isinstance(payload, User))
self.assertIn('Invalid token', payload)
def test_decode_token(self):
""" Token decoder decodes a JWT correctly. """
token = create_token()
payload = User.decode_auth_token(token)
user = User.find_by_id(payload.get('id'))
self.assertTrue(isinstance(user, User))
self.assertEqual(user.email, '*****@*****.**')
def wrapper(*args, **kwargs):
auth_header = request.headers.get('Authorization')
if not auth_header:
return error_response(403, message='No authorization.')
token = auth_header.split(" ")[1]
payload = User.decode_auth_token(token)
if not isinstance(payload, dict):
return error_response(401, message=payload)
user = User.find_by_id(payload.get('id'))
if user is None or user.is_active is not True:
return error_response(401, message='Invalid token.')
return func(payload.get('id'), *args, **kwargs)
def test_decode_token_invalid(token):
""" Token decoder returns 'Invalid token' when
it's been tampered with."""
payload = User.decode_auth_token(f'{token}1337')
assert isinstance(payload, User) is False
assert 'Invalid token' in payload
def test_decode_token(token):
""" Token decoder decodes a JWT correctly. """
payload = User.decode_auth_token(token)
user = User.find_by_id(payload.get('id'))
assert isinstance(user, User) is True
assert user.email == '*****@*****.**'