def test_create_access_token():
username = "******"
token = create_access_token(username)
payload = jwt.decode(token,
settings.SECRET_KEY,
algorithms=[settings.JWT_ALGORITHM])
assert isinstance(token, str)
assert payload["sub"] == username
expected_expiration = int(time.time() + settings.SESSION_EXPIRATION)
assert expected_expiration <= payload["exp"] <= expected_expiration + 1
def test_unknown_user(client, snapshot):
token = create_access_token('unknown')
auth_header = 'Bearer {}'.format(token)
res = client.post('/graphql', {'query': """
query {
viewer {
id
}
}
"""}, HTTP_AUTHORIZATION=auth_header)
snapshot.assert_match(res.json())
def test_unknown_user(snapshot):
request = Mock()
request.user = None
request.META.get.return_value = 'Bearer {}'.format(create_access_token('unknown'))
middleware = TokenAuthMiddleware(lambda r: r)
response = middleware(request)
request.META.get.assert_called_once_with('HTTP_AUTHORIZATION')
assert response == request
assert response.user is None
def _call_api(query, input=None, user=None):
variables = json.dumps({"input": input or {}})
payload = {"query": query, "variables": variables}
if user is None:
res = client.post("/graphql", payload)
else:
token = create_access_token(user.username)
auth_header = "Bearer {}".format(token)
res = client.post("/graphql",
payload,
HTTP_AUTHORIZATION=auth_header)
return res.json()
def test_invalid_token(snapshot):
request = Mock()
request.user = None
request.META.get.return_value = 'Bearer XXX{}'.format(create_access_token('unknown'))
middleware = TokenAuthMiddleware(lambda r: r)
response = middleware(request)
request.META.get.assert_called_once_with('HTTP_AUTHORIZATION')
assert response.status_code == 401
as_str = response.content.decode() if hasattr(response.content,'decode') else response.content
snapshot.assert_match(json.loads(as_str))
def call_api(client, query, input=None, username=None):
variables = json.dumps({'input': input or {}})
if username is None:
res = client.post('/graphql', {'query': query, 'variables': variables})
else:
token = create_access_token(username)
auth_header = 'Bearer {}'.format(token)
res = client.post('/graphql', {
'query': query,
'variables': variables
},
HTTP_AUTHORIZATION=auth_header)
return res.json()
def test_authorized_user():
user = User.objects.create(username='******', first_name='Winston',
last_name='Wolfe', email='*****@*****.**')
request = Mock()
request.user = None
request.META.get.return_value = 'Bearer {}'.format(create_access_token('wolfe'))
middleware = TokenAuthMiddleware(lambda r: r)
response = middleware(request)
request.META.get.assert_called_once_with('HTTP_AUTHORIZATION')
assert response == request
assert response.user == user
def test_wrong_header(snapshot):
request = Mock()
request.user = None
request.META.get.return_value = "WRONG {}".format(
create_access_token("unknown"))
middleware = TokenAuthMiddleware(lambda r: r)
response = middleware(request)
request.META.get.assert_called_once_with("HTTP_AUTHORIZATION")
assert response.status_code == 400
as_str = (response.content.decode()
if hasattr(response.content, "decode") else response.content)
snapshot.assert_match(json.loads(as_str))
def test_unknown_user(client, snapshot):
token = create_access_token("unknown")
auth_header = "Bearer {}".format(token)
res = client.post(
"/graphql",
{
"query":
"""
query {
viewer {
id
}
}
"""
},
HTTP_AUTHORIZATION=auth_header,
)
snapshot.assert_match(res.json())
def test_wrong_token(client, snapshot, author_fix):
token = create_access_token(author_fix.username)
auth_header = "Bearer XXX{}".format(token)
res = client.post(
"/graphql",
{
"query":
"""
query {
viewer {
id
}
}
"""
},
HTTP_AUTHORIZATION=auth_header,
)
snapshot.assert_match(res.json())
def test_authorized_user():
user = User.objects.create(
username="******",
first_name="Winston",
last_name="Wolfe",
email="*****@*****.**",
)
request = Mock()
request.user = None
request.META.get.return_value = "Bearer {}".format(
create_access_token("wolfe"))
middleware = TokenAuthMiddleware(lambda r: r)
response = middleware(request)
request.META.get.assert_called_once_with("HTTP_AUTHORIZATION")
assert response == request
assert response.user == user
def test_parse_access_token__expired():
username = "******"
expiration = int(time.time() - 1)
token = create_access_token(username, expiration)
with pytest.raises(jwt.ExpiredSignatureError):
parse_access_token(token)
def test_parse_access_token():
username = "******"
token = create_access_token(username)
result = parse_access_token(token)
assert result == username