def test_users_immortal_tokens_stay_immortal_when_OVERWRITE_NONE_TTL_setting_is_False(
self):
hash = TOKENS_CACHE.get(self.user.pk)[0]
MultiToken.reset_tokens_ttl(self.user.pk)
self.assertIsNone(TOKENS_CACHE.ttl(self.user.pk))
self.assertIsNone(TOKENS_CACHE.ttl(hash))
def test_other_users_tokens_are_not_affected(self):
second_user = create_test_user('tester2')
second_token, _ = MultiToken.create_token(second_user)
MultiToken.expire_token(self.token)
self.assertIsNotNone(TOKENS_CACHE.get(second_user.pk))
self.assertIsNotNone(
TOKENS_CACHE.get(parse_full_token(second_token.key)[1]))
def test_immortal_tokens_stay_immortal_when_user_provided_timeout_is_None(
self):
hash = TOKENS_CACHE.get(self.user.pk)[0]
self.assertIsNone(TOKENS_CACHE.ttl(self.user.pk))
self.assertIsNone(TOKENS_CACHE.ttl(hash))
MultiToken.reset_tokens_ttl(self.user.pk)
self.assertIsNone(TOKENS_CACHE.ttl(self.user.pk))
self.assertIsNone(TOKENS_CACHE.ttl(hash))
def test_users_immortal_tokens_get_limited_ttl_when_OVERWRITE_NONE_TTL_setting_is_True(
self):
hash = TOKENS_CACHE.get(self.user.pk)[0]
self.assertIsNone(TOKENS_CACHE.ttl(self.user.pk))
self.assertIsNone(TOKENS_CACHE.ttl(hash))
MultiToken.reset_tokens_ttl(self.user.pk)
self.assertIsNotNone(TOKENS_CACHE.ttl(self.user.pk))
self.assertIsNotNone(TOKENS_CACHE.ttl(hash))
def test_other_users_tokens_are_not_affected(self):
second_user = create_test_user('tester2')
second_token, _ = MultiToken.create_token(second_user)
import time
time.sleep(1)
MultiToken.reset_tokens_ttl(self.user.pk)
self.assertEqual(TOKENS_CACHE.ttl(self.user.pk), 1000)
self.assertNotEqual(TOKENS_CACHE.ttl(second_user.pk), 1000)
hash = TOKENS_CACHE.get(second_user.pk)[0]
self.assertNotEqual(hash, 1000)
def test_token_with_ttl_becomes_immortal_when_user_changes_timeout_to_None(
self, mocked_settings):
hash = TOKENS_CACHE.get(self.user.pk)[0]
TOKENS_CACHE.expire(self.user.pk, 1000)
TOKENS_CACHE.expire(TOKENS_CACHE.ttl(hash), 1000)
settings = MockedSettings(timeout=None)
mocked_settings.CACHES.__getitem__.return_value = settings.CACHES[
'default']
MultiToken.reset_tokens_ttl(self.user.pk)
self.assertIsNone(TOKENS_CACHE.ttl(self.user.pk))
self.assertIsNone(TOKENS_CACHE.ttl(hash))
def test_token_is_removed_from_redis_when_user_has_multiple_tokens(self):
second_token, first_device = MultiToken.create_token(self.user)
MultiToken.expire_token(self.token)
self.assertEqual(len(TOKENS_CACHE.get(self.user.pk)), 1)
_, hash = parse_full_token(self.token.key)
self.assertIsNone(TOKENS_CACHE.get(hash))
self.assertEqual(
TOKENS_CACHE.get(self.user.pk)[0],
parse_full_token(second_token.key)[1])
self.assertIsNotNone(
TOKENS_CACHE.get(parse_full_token(second_token.key)[1]))
def test_token_with_ttl_gets_new_ttl_when_user_changes_timeout_to_2000(
self, mocked_settings):
hash = TOKENS_CACHE.get(self.user.pk)[0]
TOKENS_CACHE.expire(self.user.pk, 1000)
TOKENS_CACHE.expire(TOKENS_CACHE.ttl(hash), 1000)
settings = MockedSettings(timeout=2000)
mocked_settings.CACHES.__getitem__.return_value = settings.CACHES[
'default']
MultiToken.reset_tokens_ttl(self.user.pk)
self.assertEqual(TOKENS_CACHE.ttl(self.user.pk), 2000)
self.assertEqual(TOKENS_CACHE.ttl(hash), 2000)
def post(self, request):
try:
_username = request._json_body['phoneNo']
_password = request._json_body['password']
except KeyError as e:
raise Response(str(e) + ' is required in request body.', 400)
_user = User.objects.get(phoneNo=_username)
if not _user:
raise Response('username or password seems incorrect.')
if not _user.check_password(_password):
locked_response = Response(
{
"error": {
"message": "Account Locked.",
"code": -1
},
"statusCode": 400,
},
400,
)
return locked_response
token, _ = MultiToken.create_token(_user)
response_data = {
'loggedInAlready': _,
'token': token.key,
}
return Response(response_data)
def authenticate_credentials(self, key):
try:
user = MultiToken.get_user_from_token(key)
if user._type == 'DOC':
user.lastseen = time.time()
user.save()
if settings.DJFORGE_REDIS_MULTITOKENS.get(
'RESET_TOKEN_TTL_ON_USER_LOG_IN'):
MultiToken.reset_tokens_ttl(user.pk)
except get_user_model().DoesNotExist:
raise exceptions.AuthenticationFailed('Invalid token.')
if not user.is_active:
raise exceptions.AuthenticationFailed('User inactive or deleted.')
return (user, MultiToken(key, user))
def post(self, request):
body = request._json_body
u = User.objects.get(phoneNo=body['phoneNo'])
if str(u.otp) != str(body['otp']):
return Response({'error': 'otp not valid'}, 400)
u.status = 2
u.save()
token, _ = MultiToken.create_token(u)
return Response({'token': token.key})
def test_second_hash_is_saved_in_redis_alongside_the_first_one(self):
first_hash = TOKENS_CACHE.get(self.user.pk)[0]
second_token, first_device = MultiToken.create_token(self.user)
second_hash = TOKENS_CACHE.get(self.user.pk)[1]
self.assertEqual(len(TOKENS_CACHE.get(self.user.pk)), 2)
self.assertIn(first_hash, TOKENS_CACHE.get(self.user.pk))
self.assertIn(second_hash, TOKENS_CACHE.get(self.user.pk))
self.assertIsNotNone(TOKENS_CACHE.get(first_hash))
self.assertIsNotNone(TOKENS_CACHE.get(second_hash))
def test_correct_ttl_is_set_for_renewed_tokens(self):
hash = TOKENS_CACHE.get(self.user.pk)[0]
MultiToken.reset_tokens_ttl(self.user.pk)
self.assertAlmostEquals(TOKENS_CACHE.ttl(self.user.pk), 1000)
self.assertAlmostEquals(TOKENS_CACHE.ttl(hash), 1000)
def setUp(self):
TOKENS_CACHE.clear()
self.user = create_test_user()
self.token, self.first_device = MultiToken.create_token(self.user)
def test_token_ttl_is_correct_when_user_provides_cache_db_timeout_parameter(
self):
MultiToken._set_key_value('key', 'value')
self.assertIsNotNone(TOKENS_CACHE.ttl('key'))
self.assertAlmostEquals(TOKENS_CACHE.ttl('key'), 1000)
def test_token_is_removed_from_redis_when_user_has_only_one_token(self):
self.assertIsNone(MultiToken.expire_token(self.token))
self.assertEqual(len(TOKENS_CACHE.get(self.user.pk)), 0)
_, hash = parse_full_token(self.token.key)
self.assertIsNone(TOKENS_CACHE.get(hash))
def test_correct_user_is_found_for_correct_token(self):
user = MultiToken.get_user_from_token(self.token.key)
self.assertEqual(user.pk, self.user.pk)
def test_second_token_for_user_is_flagged_correctly_as_not_the_first_device_getting_a_token(
self):
second_token, first_device = MultiToken.create_token(self.user)
self.assertFalse(first_device)
def test_default_timeout_for_cache_db_is_used_when_timeout_is_not_provided_provided(
self):
MultiToken._set_key_value('key', 'value')
self.assertIsNone(TOKENS_CACHE.ttl('key'))