def post(self, request, token):
try:
a = SlidingToken(token)
a.blacklist()
return redirect("https://www.w3schools.com")
except TokenError:
return HttpResponse("Token has been blacklisted")
def test_get_validated_token(self):
# Should raise AuthenticationFailed if token not valid
token = AuthToken()
token.set_exp(lifetime=-timedelta(days=1))
with self.assertRaises(AuthenticationFailed):
self.backend.get_validated_token(str(token))
# Otherwise, should return validated token
token.set_exp()
self.assertEqual(
self.backend.get_validated_token(str(token)).payload,
token.payload)
# Should not accept tokens not included in AUTH_TOKEN_CLASSES
sliding_token = SlidingToken()
with override_api_settings(AUTH_TOKEN_CLASSES=(
'rest_framework_simplejwt.tokens.AccessToken', )):
with self.assertRaises(AuthenticationFailed) as e:
self.backend.get_validated_token(str(sliding_token))
self.assertIn('AccessToken: Token has wrong type',
e.exception.detail)
# Should accept tokens included in AUTH_TOKEN_CLASSES
access_token = AccessToken()
sliding_token = SlidingToken()
with override_api_settings(AUTH_TOKEN_CLASSES=(
'rest_framework_simplejwt.tokens.AccessToken',
'rest_framework_simplejwt.tokens.SlidingToken',
)):
self.backend.get_validated_token(str(access_token))
self.backend.get_validated_token(str(sliding_token))
def test_it_should_return_401_if_token_has_refresh_period_expired(self):
token = SlidingToken()
token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM, lifetime=-timedelta(seconds=1))
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data['code'], 'token_not_valid')
def post(self, request):
token = request.META.get("HTTP_AUTHORIZATION", '').split()[1]
try:
tokens = SlidingToken(token)
tokens.check_blacklist()
return HttpResponse('the token is blackListed')
except TokenError:
return HttpResponse('the token is already blacklisted')
def test_it_should_raise_token_error_if_token_has_refresh_period_expired(self):
token = SlidingToken()
token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM, lifetime=-timedelta(days=1))
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
with self.assertRaises(TokenError) as e:
s.is_valid()
self.assertIn("'{}' claim has expired".format(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM), e.exception.args[0])
def test_it_should_return_400_if_token_has_refresh_period_expired(self):
token = SlidingToken()
token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM,
lifetime=-timedelta(seconds=1))
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 400)
self.assertIn('non_field_errors', res.data)
self.assertIn(
"'{}' claim has expired".format(
api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM),
res.data['non_field_errors'][0])
def test_it_should_not_validate_if_token_has_refresh_period_expired(self):
token = SlidingToken()
token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM,
lifetime=-timedelta(days=1))
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
self.assertFalse(s.is_valid())
self.assertIn('non_field_errors', s.errors)
self.assertIn(
"'{}' claim has expired".format(
api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM),
s.errors['non_field_errors'][0])
def test_it_should_return_401_if_token_invalid(self):
token = SlidingToken()
del token['exp']
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data['code'], 'token_not_valid')
token.set_exp(lifetime=-timedelta(seconds=1))
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data['code'], 'token_not_valid')
def test_it_should_return_401_if_token_invalid(self):
token = SlidingToken()
del token["exp"]
res = self.view_post(data={"token": str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data["code"], "token_not_valid")
token.set_exp(lifetime=-timedelta(seconds=1))
res = self.view_post(data={"token": str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data["code"], "token_not_valid")
def test_it_should_return_400_if_token_invalid(self):
token = SlidingToken()
del token['exp']
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 400)
self.assertIn('non_field_errors', res.data)
self.assertIn("has no 'exp' claim", res.data['non_field_errors'][0])
token.set_exp(lifetime=-timedelta(seconds=1))
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 400)
self.assertIn('non_field_errors', res.data)
self.assertIn('invalid or expired', res.data['non_field_errors'][0])
def test_it_should_not_validate_if_token_invalid(self):
token = SlidingToken()
del token['exp']
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
self.assertFalse(s.is_valid())
self.assertIn('non_field_errors', s.errors)
self.assertIn("has no 'exp' claim", s.errors['non_field_errors'][0])
token.set_exp(lifetime=-timedelta(days=1))
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
self.assertFalse(s.is_valid())
self.assertIn('non_field_errors', s.errors)
self.assertIn('invalid or expired', s.errors['non_field_errors'][0])
def test_it_should_return_401_if_token_has_no_refresh_exp_claim(self):
token = SlidingToken()
del token[api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM]
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data['code'], 'token_not_valid')
def get_token(self, obj):
request = self.context.get('request')
if request:
auth_login(request, obj) # 主要为了记录last_login的, 其他的作用待研究
else:
print('request is None, 请在代码手动传入, 否则无法自动登录')
return str(SlidingToken.for_user(request.user))
def get(self, request, format=None):
#print(dir(request))
#Token.for_user(request.user)
#print(self.serializer_class.get_token(request.user))
#print(SlidingToken.for_user(request.user))
return Response({'token': str(SlidingToken.for_user(request.user))})
def test_it_should_update_token_exp_claim_if_everything_ok(self):
now = aware_utcnow()
token = SlidingToken()
exp = now + api_settings.SLIDING_TOKEN_LIFETIME - timedelta(seconds=1)
token.set_exp(from_time=now, lifetime=api_settings.SLIDING_TOKEN_LIFETIME - timedelta(seconds=1))
# View returns 200
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 200)
# Expiration claim has moved into future
new_token = SlidingToken(res.data['token'])
new_exp = datetime_from_epoch(new_token['exp'])
self.assertTrue(exp < new_exp)
def patch(self, request, email):
data = JSONParser().parse(request)
try:
if email == getEmail(request) and getEmail(
request) == data['email']:
print('yes')
password = make_password(data['password'])
user = UserAccounts.objects.filter(email=data['email'])
user.update(password=password)
token = request.META.get('HTTP_AUTHORIZATION', '').split()[1]
a = SlidingToken(token)
a.blacklist()
return JsonResponse({'msg': 'success'})
else:
return JsonResponse({'msg': 'Fail'})
except TokenError:
return JsonResponse({'msg': 'error'})
def test_it_should_not_validate_if_token_has_wrong_type(self):
token = SlidingToken()
token[api_settings.TOKEN_TYPE_CLAIM] = 'wrong_type'
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
self.assertFalse(s.is_valid())
self.assertIn('non_field_errors', s.errors)
self.assertIn("wrong type", s.errors['non_field_errors'][0])
def test_it_should_update_token_exp_claim_if_everything_ok(self):
old_token = SlidingToken()
lifetime = api_settings.SLIDING_TOKEN_LIFETIME - timedelta(seconds=1)
old_exp = old_token.current_time + lifetime
old_token.set_exp(lifetime=lifetime)
# Serializer validates
s = TokenRefreshSlidingSerializer(data={'token': str(old_token)})
self.assertTrue(s.is_valid())
# Expiration claim has moved into future
new_token = SlidingToken(s.validated_data['token'])
new_exp = datetime_from_epoch(new_token['exp'])
self.assertTrue(old_exp < new_exp)
def test_init(self):
# Should set sliding refresh claim and token type claim
token = SlidingToken()
self.assertEqual(
token[api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM],
datetime_to_epoch(token.current_time + api_settings.SLIDING_TOKEN_REFRESH_LIFETIME),
)
self.assertEqual(token[api_settings.TOKEN_TYPE_CLAIM], 'sliding')
def test_it_should_raise_token_error_if_token_has_wrong_type(self):
token = SlidingToken()
token[api_settings.TOKEN_TYPE_CLAIM] = 'wrong_type'
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
with self.assertRaises(TokenError) as e:
s.is_valid()
self.assertIn("wrong type", e.exception.args[0])
def test_it_should_raise_token_error_if_token_has_no_refresh_exp_claim(self):
token = SlidingToken()
del token[api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM]
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
with self.assertRaises(TokenError) as e:
s.is_valid()
self.assertIn("has no '{}' claim".format(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM), e.exception.args[0])
def test_it_should_not_validate_if_token_invalid(self):
token = SlidingToken()
del token['exp']
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
with self.assertRaises(TokenError) as e:
s.is_valid()
self.assertIn("has no 'exp' claim", e.exception.args[0])
token.set_exp(lifetime=-timedelta(days=1))
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
with self.assertRaises(TokenError) as e:
s.is_valid()
self.assertIn('invalid or expired', e.exception.args[0])
def test_get_validated_token(self):
# Should raise InvalidToken if token not valid
token = AuthToken()
token.set_exp(lifetime=-timedelta(days=1))
with self.assertRaises(InvalidToken):
self.backend.get_validated_token(str(token))
# Otherwise, should return validated token
token.set_exp()
self.assertEqual(
self.backend.get_validated_token(str(token)).payload, token.payload
)
# Should not accept tokens not included in AUTH_TOKEN_CLASSES
sliding_token = SlidingToken()
with override_api_settings(
AUTH_TOKEN_CLASSES=("rest_framework_simplejwt.tokens.AccessToken",)
):
with self.assertRaises(InvalidToken) as e:
self.backend.get_validated_token(str(sliding_token))
messages = e.exception.detail["messages"]
self.assertEqual(1, len(messages))
self.assertEqual(
{
"token_class": "AccessToken",
"token_type": "access",
"message": "Token has wrong type",
},
messages[0],
)
# Should accept tokens included in AUTH_TOKEN_CLASSES
access_token = AccessToken()
sliding_token = SlidingToken()
with override_api_settings(
AUTH_TOKEN_CLASSES=(
"rest_framework_simplejwt.tokens.AccessToken",
"rest_framework_simplejwt.tokens.SlidingToken",
)
):
self.backend.get_validated_token(str(access_token))
self.backend.get_validated_token(str(sliding_token))
def test_it_should_not_validate_if_token_has_no_refresh_exp_claim(self):
token = SlidingToken()
del token[api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM]
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
self.assertFalse(s.is_valid())
self.assertIn('non_field_errors', s.errors)
self.assertIn(
"has no '{}' claim".format(
api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM),
s.errors['non_field_errors'][0])
def _token_get_user_id(token):
"""
The TokenUser class assumes tokens will have a recognizable user
identifier claim.
"""
try:
Token = SlidingToken(token)
assert api_settings.USER_ID_CLAIM in Token
return TokenUser(Token).id
except:
raise InvalidJwtToken(detail='Token 失效')
def test_it_should_return_400_if_token_has_no_refresh_exp_claim(self):
token = SlidingToken()
del token[api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM]
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 400)
self.assertIn('non_field_errors', res.data)
self.assertIn(
"has no '{}' claim".format(
api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM),
res.data['non_field_errors'][0])
def test_it_should_accept_and_verify_any_type_of_token(self):
access_token = AccessToken()
refresh_token = RefreshToken()
sliding_token = SlidingToken()
for t in (access_token, refresh_token, sliding_token):
untyped_token = UntypedToken(str(t))
self.assertEqual(
t.payload,
untyped_token.payload,
)
def test_sliding_tokens_are_added_to_outstanding_list(self):
token = SlidingToken.for_user(self.user)
qs = OutstandingToken.objects.all()
outstanding_token = qs.first()
self.assertEqual(qs.count(), 1)
self.assertEqual(outstanding_token.user, self.user)
self.assertEqual(outstanding_token.jti, token['jti'])
self.assertEqual(outstanding_token.token, str(token))
self.assertEqual(outstanding_token.created_at, token.current_time)
self.assertEqual(outstanding_token.expires_at, datetime_from_epoch(token['exp']))
def validate(self, attrs):
"""
2019/08/30
:param attrs:
:return:
"""
requested_cookies = self.context['request'].COOKIES
try:
token = SlidingToken(requested_cookies['JWT'])
except Exception:
raise exceptions.APIException("Invalid token")
# Check that the timestamp in the "refresh_exp" claim has not
# passed
token.check_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM)
# Update the "exp" claim
token.set_exp()
refreshed_token = jwt.decode(
str(token).encode('utf-8'), settings.SECRET_KEY)
requested_refresh_token = jwt.decode(
requested_cookies['SESSION'].encode('utf-8'), settings.SECRET_KEY)
return {
'token':
str(token),
'session_token':
str(
_session_token_generator(user_info=requested_refresh_token,
exp=refreshed_token['exp']))
}
def test_it_should_produce_a_json_web_token_when_valid(self):
s = TokenObtainSlidingSerializer(context=MagicMock(), data={
TokenObtainSlidingSerializer.username_field: self.username,
'password': self.password,
})
self.assertTrue(s.is_valid())
self.assertIn('token', s.validated_data)
# Expecting token type claim to be correct for sliding token. If this
# is the case, instantiating a `SlidingToken` instance with encoded
# token should not raise an exception.
SlidingToken(s.validated_data['token'])