def test_expired_tokens(self): """Ensure expired token is removed from db while valid one remains.""" now = timezone.now() tomorrow = now + datetime.timedelta(days=1) valid_token = AuthTokenFactory.create(expires=tomorrow) # this token is expired long_ago = now - datetime.timedelta(days=33) AuthTokenFactory.create(expires=long_ago) self.command.handle() expected = AuthToken.objects.all() self.assertCountEqual(expected, [valid_token])
def _create_token(self, when): token = AuthTokenFactory.create( key=self.key, user=self.user, expires=when, ) return token
def test_valid_token(self): token = AuthTokenFactory.create() data = QueryDict('', mutable=True) data.update({'token': token.key}) request = mock.Mock(data=data) response = FormTokenAuthentication().authenticate(request) expected = (token.user, token) self.assertEqual(response, expected)
def test_no_tokens_removed(self): """Tests that non-expired tokens are not removed.""" tomorrow = timezone.now() + datetime.timedelta(days=1) token = AuthTokenFactory.create(expires=tomorrow) self.command.handle() expected = AuthToken.objects.all() self.assertCountEqual(expected, [token])
def test_delete(self): someday = timezone.now() + datetime.timedelta(days=1) user = UserFactory.create() token = AuthTokenFactory.create(user=user, expires=someday) # Custom auth header containing token auth = 'Token ' + token.key request = self.create_request( 'delete', user=user, HTTP_AUTHORIZATION=auth, ) response = self.view_class.as_view()(request) self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT) with self.assertRaises(self.model.DoesNotExist): self.model.objects.get(pk=token.pk)
def test_send_without_token_header(self): """Test support for legacy browsers that cannot support AJAX uploads. This shows three things: - users can authenticate by submitting the token in the form data. - users can use a POST fallback. - csrf is not required (the token is equivalent). """ client = Client(enforce_csrf_checks=True) user = UserFactory.create() token = AuthTokenFactory(user=user) data = {'avatar': SIMPLE_PNG, 'token': token.key} url = reverse('user_management_api:profile_avatar') response = client.post(url, data=data) self.assertEqual(response.status_code, status.HTTP_200_OK) self.assertIn('avatar', response.data)
def test_delete_user_logged_out_signal(self): """Send the user_logged_out signal if a user deletes their Auth Token.""" handler = MagicMock() signals.user_logged_out.connect(handler) someday = timezone.now() + datetime.timedelta(days=1) user = UserFactory.create() token = AuthTokenFactory.create(user=user, expires=someday) # Custom auth header containing token auth = 'Token ' + token.key request = self.create_request( 'delete', user=user, HTTP_AUTHORIZATION=auth, ) response = self.view_class.as_view()(request) handler.assert_called_once_with( signal=signals.user_logged_out, sender=views.GetAuthToken, request=response.renderer_context['request'], user=user, )