def handle(self, *args, **options):
User = get_user_model()
try:
user = User.objects.get(
**{User.USERNAME_FIELD: options['username']})
except User.DoesNotExist:
raise CommandError(
_('User with username "%s" does not exist') %
options['username'])
if not options['keep_existing']:
Token.objects.filter(user=user).delete() # If any
token = Token(user=user)
token.save()
self.stdout.write(
_("Generated token for user %(user)s: %(token)s.") % {
'user': user,
'token': token.token
})
self.stdout.write(
_("User now has %(count)d token(s).") %
{'count': Token.objects.filter(user=user).count()})
class TokenAuthTest(TestCase):
def setUp(self):
self.user = User.objects.create_user(username='******', password='******')
self.user.save()
self.token = Token(user=self.user)
self.token.save()
self.client = Client(HTTP_AUTHORIZATION='Token ' + self.token.token)
def test_token_auth(self):
res = self.client.get('/user/identify/')
self.assertEqual(res.status_code, 200)
res = jsonloads(res.content)
self.assertEqual(res, {'username': '******', 'email': ''})
def test_no_token_auth(self):
res = Client().get('/user/identify/')
self.assertEqual(res.status_code, 403)
def test_session_auth(self):
client = Client()
self.assertTrue(client.login(username='******', password='******'))
res = client.get('/user/identify/')
self.assertEqual(res.status_code, 200)
@override_settings(
BINDER_TOKEN_EXPIRE_TIME=timedelta(days=-1), )
def test_token_expired(self):
res = self.client.get('/user/identify/')
self.assertEqual(res.status_code, 400)
res = jsonloads(res.content)
assert_json(
res, {
'code': 'TokenExpired',
'message': ANY(str),
'token': self.token.token,
'expired_at': ANY(),
EXTRA(): None,
})
def test_token_not_found(self):
old_token = self.token.token
self.token.token = 'foo'
self.token.save()
res = self.client.get('/user/identify/')
self.assertEqual(res.status_code, 404)
res = jsonloads(res.content)
assert_json(
res, {
'code': 'TokenNotFound',
'message': ANY(str),
'token': old_token,
EXTRA(): None,
})
def test_other_auth_type(self):
client = Client(HTTP_AUTHORIZATION='Foo ' + self.token.token)
res = client.get('/user/identify/')
self.assertEqual(res.status_code, 403)
def test_create_user_token_keeps_existing_tokens_when_keep_is_passed(self):
user = User(username='******')
user.save()
token1 = Token(user=user)
token1.save()
token2 = Token(user=user)
token2.save()
self.assertEqual(2, Token.objects.count())
out = StringIO()
call_command('create_user_token',
'-k',
'*****@*****.**',
stdout=out)
self.assertEqual(3, Token.objects.count())
self.assertEqual(3, Token.objects.filter(user=user).count())
self.assertTrue(Token.objects.filter(id=token1.id).exists())
self.assertTrue(Token.objects.filter(id=token2.id).exists())
token3 = Token.objects.exclude(id__in=[token1.id, token2.id]).get()
self.assertIn(
"Generated token for user [email protected]: %s." %
Token.objects.filter(user=user).exclude(
id__in=[token1.id, token2.id]).get().token, out.getvalue())
self.assertIn("User now has 3 token(s).", out.getvalue())
out = StringIO()
call_command('create_user_token',
'--keep-existing',
'*****@*****.**',
stdout=out)
self.assertEqual(4, Token.objects.count())
self.assertEqual(4, Token.objects.filter(user=user).count())
token4 = Token.objects.exclude(
id__in=[token1.id, token2.id, token3.id]).get()
self.assertNotEqual(token1.token, token4.token)
self.assertNotEqual(token2.token, token4.token)
self.assertNotEqual(token3.token, token4.token)
self.assertIn(
"Generated token for user [email protected]: %s." %
Token.objects.filter(user=user).exclude(
id__in=[token1.id, token2.id, token3.id]).get().token,
out.getvalue())
self.assertIn("User now has 4 token(s).", out.getvalue())
def test_delete_user_token_deletes_existing_tokens_but_only_for_passed_user(
self):
user1 = User(username='******'
) # Ensure we don't destroy other users tokens
user1.save()
token1 = Token(user=user1)
token1.save()
user2 = User(username='******')
user2.save()
token2 = Token(user=user2)
token2.save()
token3 = Token(user=user2)
token3.save()
self.assertEqual(3, Token.objects.count())
out = StringIO()
call_command('delete_user_token', '*****@*****.**', stdout=out)
self.assertEqual(1, Token.objects.count())
self.assertEqual(0, Token.objects.filter(user=user2).count())
self.assertTrue(Token.objects.filter(id=token1.id).exists())
self.assertFalse(Token.objects.filter(id=token2.id).exists())
self.assertFalse(Token.objects.filter(id=token3.id).exists())
self.assertIn("Deleted 2 token(s) for user [email protected].",
out.getvalue())
def setUp(self):
self.user = User.objects.create_user(username='******', password='******')
self.user.save()
self.token = Token(user=self.user)
self.token.save()
self.client = Client(HTTP_AUTHORIZATION='Token ' + self.token.token)
def test_create_user_token_replaces_existing_tokens_for_passed_user_when_keep_is_omitted(
self):
user1 = User(username='******'
) # Ensure we don't destroy other users tokens
user1.save()
token1 = Token(user=user1)
token1.save()
user2 = User(username='******')
user2.save()
token2 = Token(user=user2)
token2.save()
token3 = Token(user=user2)
token3.save()
self.assertEqual(3, Token.objects.count())
out = StringIO()
call_command('create_user_token', '*****@*****.**', stdout=out)
self.assertEqual(2, Token.objects.count())
self.assertEqual(1, Token.objects.filter(user=user2).count())
self.assertTrue(Token.objects.filter(id=token1.id).exists())
self.assertFalse(Token.objects.filter(id=token2.id).exists())
self.assertFalse(Token.objects.filter(id=token3.id).exists())
token4 = Token.objects.exclude(
id__in=[token1.id, token2.id, token3.id]).get()
self.assertNotEqual(token1.token, token4.token)
self.assertNotEqual(token2.token, token4.token)
self.assertNotEqual(token3.token, token4.token)
self.assertIn(
"Generated token for user [email protected]: %s." %
Token.objects.filter(user=user2).exclude(
id__in=[token2.id, token3.id]).get().token, out.getvalue())
self.assertIn("User now has 1 token(s).", out.getvalue())
class TokenAuthTest(TestCase):
def setUp(self):
self.user = User.objects.create_user(username='******', password='******', is_superuser=True)
self.user.save()
self.token = Token(user=self.user)
self.token.save()
self.client = Client(HTTP_AUTHORIZATION='Token ' + self.token.token)
def test_token_auth(self):
res = self.client.get('/user/identify/')
self.assertEqual(res.status_code, 200)
res = jsonloads(res.content)
self.assertEqual(res, {'username': '******', 'email': ''})
def test_no_token_auth(self):
res = Client().get('/user/identify/')
self.assertEqual(res.status_code, 403)
def test_session_auth(self):
client = Client()
self.assertTrue(client.login(username='******', password='******'))
res = client.get('/user/identify/')
self.assertEqual(res.status_code, 200)
@override_settings(
BINDER_TOKEN_EXPIRE_TIME=timedelta(days=-1),
)
def test_token_expired(self):
res = self.client.get('/user/identify/')
self.assertEqual(res.status_code, 400)
res = jsonloads(res.content)
assert_json(res, {
'code': 'TokenExpired',
'message': ANY(str),
'token': self.token.token,
'expired_at': ANY(),
EXTRA(): None,
})
def test_token_not_found(self):
old_token = self.token.token
self.token.token = 'foo'
self.token.save()
res = self.client.get('/user/identify/')
self.assertEqual(res.status_code, 404)
res = jsonloads(res.content)
assert_json(res, {
'code': 'TokenNotFound',
'message': ANY(str),
'token': old_token,
EXTRA(): None,
})
def test_other_auth_type(self):
client = Client(HTTP_AUTHORIZATION='Foo ' + self.token.token)
res = client.get('/user/identify/')
self.assertEqual(res.status_code, 403)
def test_post_using_token_bypasses_csrf_checks(self):
client = Client(HTTP_AUTHORIZATION='Token ' + self.token.token, enforce_csrf_checks=True)
model_data = {
'name': 'Apenheul',
}
response = client.post('/zoo/', data=json.dumps(model_data), content_type='application/json')
self.assertEqual(response.status_code, 200)
returned_data = jsonloads(response.content)
self.assertIsNotNone(returned_data.get('id'))
self.assertEqual(returned_data.get('name'), 'Apenheul')