def test_fail_401_sig_check_failure(self): # Return 401 if doesn't pass jwt signature check resp = self.client.get('/api/accounts/%s/sources?language_tag=en-US' % ACCT_ID, headers={"Authorization": MODIFIED_TOKEN}) check_response(resp, 401) self.assertEqual(json.loads(resp.data)['detail'], "Invalid token")
def test_fail_401_unparseable_token(self): # Return 401 if can't parse the jwt resp = self.client.get( '/api/accounts/%s/sources?language_tag=en-US' % ACCT_ID, headers={"Authorization": "Bearer boogaboogaboo"}) check_response(resp, 401) self.assertEqual(json.loads(resp.data)['detail'], "Invalid token")
def test_fail_401_no_headers(self): # Return 401 if no headers provided resp = self.client.get('/api/accounts/%s/sources?language_tag=en-US' % ACCT_ID) check_response(resp, 401) self.assertEqual( json.loads(resp.data)['detail'], "No authorization token provided")
def _help_test_mock_decode_token(self, fake_token, expected_code, expected_error_detail): with patch("jwt.decode") as mock_d: mock_d.side_effect = decode_fake_token resp = self.client.get( '/api/accounts/%s/sources?language_tag=en-US' % ACCT_ID, headers={"Authorization": "Bearer %s" % fake_token}) check_response(resp, expected_code) self.assertEqual( json.loads(resp.data)['detail'], expected_error_detail)
def test_fail_401_expired_token(self): # Return 401 if expired token resp = self.client.get('/api/accounts/%s/sources?language_tag=en-US' % ACCT_ID, headers={"Authorization": REPLAY_TOKEN}) check_response(resp, 401) # TODO: Can replace with Invalid token after 6 hours when token expires self.assertIn( json.loads(resp.data)['detail'], [ # If the token has expired "Invalid token", # Or if the token has not expired, but since it doesn't match # any account: "The server could not verify that you are authorized to access" " the URL requested. You either supplied the wrong credentials" " (e.g. a bad password), or your browser doesn't understand " "how to supply the credentials required." ])