def test_exchange_token_is_same_user(user_api_headers, user, client):
r = client.get(
url_for('api.exchange_token'), headers=user_api_headers
)
assert r.status_code == 200
new_token = r.json['token']
assert User.decode_token(new_token) == user.id
def test_exchange_google_id(google_id_token, user, client):
qs = urlencode(dict(token=google_id_token))
r = client.get(
urljoin(url_for('api.exchange_google_token'), '?'+qs)
)
assert r.status_code == 200
new_token = r.json['token']
assert User.decode_token(new_token) == user.id
def test_encoded_key(user):
# encode the key
k = user.encoded_key
assert k is not None
# get id from key
id_ = User.decode_key(k)
assert id_ == user.id
def set_current_user_with_token(token):
"""Verify token as a token for a user and, if valid, set the current_user in
the request context. If the token is invalid either raise a JWT error or
raise a 404 if the specified user is not found.
"""
# pylint: disable=no-member
g.current_user = User.query.get_or_404(User.decode_token(token))
def test_exchange_google_id(google_id_token, user, client):
# not currently signed in
assert session.get('componentsdb_auth') is None
r = client.get(url_for('ui.signin_with_google_token', token=google_id_token))
assert r.status_code == 302 # should re-direct
assert_path_equals(r.headers['Location'], url_for('ui.index'))
token = session.get(AUTH_TOKEN_SESSION_KEY)
assert token is not None
assert User.decode_token(token) == user.id
def test_user_token(user):
"""Users should be able to create tokens which refer to themselves."""
t = user.token
id_ = User.decode_token(t)
assert id_ == user.id