def test_authenticated_userid_passes_token_to_extractor_functions(jwt, api_token):
api_token.return_value = None
jwt.return_value = None
request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})
tokens.authenticated_userid(request)
api_token.assert_called_once_with('f00ba12')
jwt.assert_called_once_with('f00ba12', request)
def unauthenticated_userid(self, request):
if _is_api_request(request):
# We can't really get an "unauthenticated" userid for an API
# request. We have to actually go and decode/look up the tokens and
# get what is effectively an authenticated userid.
return tokens.authenticated_userid(request)
return self.session_policy.unauthenticated_userid(request)
def test_authenticated_userid_returns_none_if_neither_token_valid(jwt, api_token):
api_token.return_value = None
jwt.return_value = None
request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})
result = tokens.authenticated_userid(request)
assert result is None
def test_authenticated_userid_returns_userid_from_jwt_as_fallback(jwt, api_token):
api_token.return_value = None
jwt.return_value = 'acct:[email protected]'
request = DummyRequest(headers={'Authorization': 'Bearer f00ba12'})
result = tokens.authenticated_userid(request)
assert result == 'acct:[email protected]'
def test_authenticated_userid_is_none_if_header_incorrectly_formatted(value):
request = DummyRequest(headers={'Authorization': value})
assert tokens.authenticated_userid(request) is None
def test_authenticated_userid_is_none_if_header_missing():
request = DummyRequest()
assert tokens.authenticated_userid(request) is None
def authenticated_userid(self, request):
if _is_api_request(request):
return tokens.authenticated_userid(request)
return self.session_policy.authenticated_userid(request)