def test_process_request_assert_settings(middleware_patch, settings, rf,
setting_name):
delattr(settings, setting_name)
request = rf.get('/')
middleware = TokenCookieMiddleware()
with middleware_patch('get_cookie_user',
side_effect=Exception("This should not be called")):
with pytest.raises(AssertionError, match=setting_name):
middleware.process_request(request)
def test_process_request_get_user_called(middleware_patch, rf):
request = rf.get('/')
middleware = TokenCookieMiddleware()
user = AnonymousUser()
with middleware_patch('get_cookie_user', return_value=user) as mock_fn:
middleware.process_request(request)
assert mock_fn.call_count == 0, (
"request.cookie_user is lazy, and it should not be called.")
request.cookie_user.is_active
assert mock_fn.mock_calls == [mock.call(request)]
assert request.cookie_user == user
def test_middleware_doesnt_update_cookie_for_read_only_methods(
method, middleware_patch, user, settings, rf):
middleware = TokenCookieMiddleware()
rf.cookies = SimpleCookie({
settings.JWT_TOKEN_COOKIE_NAME:
GreenbudgetSlidingToken.for_user(user),
})
request = getattr(rf, method)('/')
response = HttpResponse()
with mock.patch.object(response, 'set_cookie') as set_cookie:
with middleware_patch('get_cookie_user', return_value=user):
middleware.process_request(request)
response = middleware.process_response(request, response)
assert set_cookie.called is False
def test_middleware_updates_cookie_at_refresh_endpoint(middleware_patch, user,
settings, rf):
middleware = TokenCookieMiddleware()
rf.cookies = SimpleCookie({
settings.JWT_TOKEN_COOKIE_NAME:
GreenbudgetSlidingToken.for_user(user),
})
request = rf.get(reverse('jwt:refresh'))
response = HttpResponse()
with mock.patch.object(response, 'set_cookie') as set_cookie:
with middleware_patch('get_cookie_user', return_value=user):
middleware.process_request(request)
response = middleware.process_response(request, response)
assert set_cookie.called is True
def test_middleware_invalid_token_deletes_cookies(settings, rf):
middleware = TokenCookieMiddleware()
rf.cookies = SimpleCookie({
settings.JWT_TOKEN_COOKIE_NAME: 'invalid_token',
})
request = rf.get('/')
middleware.process_request(request)
response = HttpResponse()
response.set_cookie(settings.JWT_TOKEN_COOKIE_NAME, 'invalid_token')
new_response = middleware.process_response(request, response)
assert new_response.cookies[settings.JWT_TOKEN_COOKIE_NAME].value == ''
def test_middleware_expired_token_deletes_cookies(settings, rf):
token = GreenbudgetSlidingToken()
token.set_exp(claim='refresh_exp', from_time=datetime(2010, 1, 1))
middleware = TokenCookieMiddleware()
rf.cookies = SimpleCookie({
settings.JWT_TOKEN_COOKIE_NAME: str(token),
})
request = rf.get('/')
middleware.process_request(request)
response = HttpResponse()
response.set_cookie(settings.JWT_TOKEN_COOKIE_NAME, str(token))
new_response = middleware.process_response(request, response)
assert new_response.cookies[settings.JWT_TOKEN_COOKIE_NAME].value == ''
def test_middleware_doesnt_set_cookie_for_get(settings, rf):
middleware = TokenCookieMiddleware()
request = rf.get("/")
middleware.process_request(request)
response = middleware.process_response(request, HttpResponse())
assert response.cookies.get(settings.JWT_TOKEN_COOKIE_NAME) is None