def test_my_last_login_authenticated(self):
core.set_remote_addr('255.255.255.255')
self.login(self.user)
res = self.client.get(self.url)
assert res.status_code == 200
doc = pq(res.content)
assert doc('.last-login-time td').text()
assert doc('.last-login-ip td').text() == '255.255.255.255'
def test_my_last_login_authenticated(self):
core.set_remote_addr('255.255.255.255')
self.login(self.user)
res = self.client.get(self.url)
assert res.status_code == 200
doc = pq(res.content)
assert doc('.last-login-time td').text()
assert doc('.last-login-ip td').text() == '255.255.255.255'
def process_request(self, request):
"""Attach authentication/permission helpers to request, and persist
user and remote addr in current thread."""
request.check_ownership = partial(acl.check_ownership, request)
# Persist the user and remote addr in the thread to make it accessible
# in log() statements etc.
if request.user.is_authenticated():
core.set_user(request.user)
core.set_remote_addr(request.META.get('REMOTE_ADDR'))
def test_wrong_type_for_iat(self):
api_key = self.create_api_key(self.user)
# Manually create a broken payload where 'iat' is a string containing
# a timestamp..
issued_at = int(time.mktime(datetime.utcnow().timetuple()))
payload = {
'iss': api_key.key,
'iat': str(issued_at),
'exp': str(issued_at + settings.MAX_APIKEY_JWT_AUTH_TOKEN_LIFETIME),
}
token = self.encode_token_payload(payload, api_key.secret)
core.set_remote_addr('1.2.3.4')
with self.assertRaises(AuthenticationFailed) as ctx:
self.auth.authenticate(self.request(token))
assert ctx.exception.detail == ('Wrong type for one or more keys in payload')
def test_wrong_type_for_iat(self):
api_key = self.create_api_key(self.user)
# Manually create a broken payload where 'iat' is a string containing
# a timestamp..
issued_at = int(time.mktime(datetime.utcnow().timetuple()))
payload = {
'iss': api_key.key,
'iat': unicode(issued_at),
'exp': unicode(
issued_at + settings.MAX_APIKEY_JWT_AUTH_TOKEN_LIFETIME),
}
token = self.encode_token_payload(payload, api_key.secret)
core.set_remote_addr('1.2.3.4')
with self.assertRaises(AuthenticationFailed) as ctx:
self.auth.authenticate(self.request(token))
assert ctx.exception.detail == (
'Wrong type for one or more keys in payload')
def test_get_user(self):
core.set_remote_addr('15.16.23.42')
user, _ = self.auth.authenticate(self.request(self._create_token()))
assert user == self.user
assert user.last_login_ip == '15.16.23.42'
self.assertCloseToNow(user.last_login)
def process_exception(self, request, exception):
core.set_user(None)
core.set_remote_addr(None)
def process_response(self, request, response):
core.set_user(None)
core.set_remote_addr(None)
return response
def test_get_user(self):
core.set_remote_addr('15.16.23.42')
user, _ = self.auth.authenticate(self.request(self._create_token()))
assert user == self.user
assert user.last_login_ip == '15.16.23.42'
self.assertCloseToNow(user.last_login)
def process_request(self, request):
# Persist the user and remote addr in the thread to make it accessible
# in log() statements etc. `user` could be anonymous here, it's kept
# lazy to avoid early database queries.
core.set_user(request.user)
core.set_remote_addr(request.META.get('REMOTE_ADDR'))
