def validate(self, attrs):
"""
2019/08/30
:param attrs:
:return:
"""
requested_cookies = self.context['request'].COOKIES
try:
token = SlidingToken(requested_cookies['JWT'])
except Exception:
raise exceptions.APIException("Invalid token")
# Check that the timestamp in the "refresh_exp" claim has not
# passed
token.check_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM)
# Update the "exp" claim
token.set_exp()
refreshed_token = jwt.decode(
str(token).encode('utf-8'), settings.SECRET_KEY)
requested_refresh_token = jwt.decode(
requested_cookies['SESSION'].encode('utf-8'), settings.SECRET_KEY)
return {
'token':
str(token),
'session_token':
str(
_session_token_generator(user_info=requested_refresh_token,
exp=refreshed_token['exp']))
}
def test_it_should_return_401_if_token_has_refresh_period_expired(self):
token = SlidingToken()
token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM, lifetime=-timedelta(seconds=1))
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data['code'], 'token_not_valid')
def test_it_should_raise_token_error_if_token_has_refresh_period_expired(self):
token = SlidingToken()
token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM, lifetime=-timedelta(days=1))
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
with self.assertRaises(TokenError) as e:
s.is_valid()
self.assertIn("'{}' claim has expired".format(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM), e.exception.args[0])
def validate(self, attrs):
token = SlidingToken(attrs['token'], verify=False)
# Check that the timestamp in the "refresh_exp" claim has not
# passed
token.check_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM)
# Update the "exp" claim
token.set_exp()
return {'token': text_type(token)}
def test_it_should_return_400_if_token_has_refresh_period_expired(self):
token = SlidingToken()
token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM,
lifetime=-timedelta(seconds=1))
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 400)
self.assertIn('non_field_errors', res.data)
self.assertIn(
"'{}' claim has expired".format(
api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM),
res.data['non_field_errors'][0])
def test_it_should_not_validate_if_token_has_refresh_period_expired(self):
token = SlidingToken()
token.set_exp(api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM,
lifetime=-timedelta(days=1))
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
self.assertFalse(s.is_valid())
self.assertIn('non_field_errors', s.errors)
self.assertIn(
"'{}' claim has expired".format(
api_settings.SLIDING_TOKEN_REFRESH_EXP_CLAIM),
s.errors['non_field_errors'][0])
def test_it_should_return_401_if_token_invalid(self):
token = SlidingToken()
del token['exp']
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data['code'], 'token_not_valid')
token.set_exp(lifetime=-timedelta(seconds=1))
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data['code'], 'token_not_valid')
def test_it_should_return_401_if_token_invalid(self):
token = SlidingToken()
del token["exp"]
res = self.view_post(data={"token": str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data["code"], "token_not_valid")
token.set_exp(lifetime=-timedelta(seconds=1))
res = self.view_post(data={"token": str(token)})
self.assertEqual(res.status_code, 401)
self.assertEqual(res.data["code"], "token_not_valid")
def test_it_should_return_400_if_token_invalid(self):
token = SlidingToken()
del token['exp']
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 400)
self.assertIn('non_field_errors', res.data)
self.assertIn("has no 'exp' claim", res.data['non_field_errors'][0])
token.set_exp(lifetime=-timedelta(seconds=1))
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 400)
self.assertIn('non_field_errors', res.data)
self.assertIn('invalid or expired', res.data['non_field_errors'][0])
def test_it_should_not_validate_if_token_invalid(self):
token = SlidingToken()
del token['exp']
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
self.assertFalse(s.is_valid())
self.assertIn('non_field_errors', s.errors)
self.assertIn("has no 'exp' claim", s.errors['non_field_errors'][0])
token.set_exp(lifetime=-timedelta(days=1))
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
self.assertFalse(s.is_valid())
self.assertIn('non_field_errors', s.errors)
self.assertIn('invalid or expired', s.errors['non_field_errors'][0])
def test_it_should_update_token_exp_claim_if_everything_ok(self):
now = aware_utcnow()
token = SlidingToken()
exp = now + api_settings.SLIDING_TOKEN_LIFETIME - timedelta(seconds=1)
token.set_exp(from_time=now, lifetime=api_settings.SLIDING_TOKEN_LIFETIME - timedelta(seconds=1))
# View returns 200
res = self.view_post(data={'token': str(token)})
self.assertEqual(res.status_code, 200)
# Expiration claim has moved into future
new_token = SlidingToken(res.data['token'])
new_exp = datetime_from_epoch(new_token['exp'])
self.assertTrue(exp < new_exp)
def test_it_should_update_token_exp_claim_if_everything_ok(self):
old_token = SlidingToken()
lifetime = api_settings.SLIDING_TOKEN_LIFETIME - timedelta(seconds=1)
old_exp = old_token.current_time + lifetime
old_token.set_exp(lifetime=lifetime)
# Serializer validates
s = TokenRefreshSlidingSerializer(data={'token': str(old_token)})
self.assertTrue(s.is_valid())
# Expiration claim has moved into future
new_token = SlidingToken(s.validated_data['token'])
new_exp = datetime_from_epoch(new_token['exp'])
self.assertTrue(old_exp < new_exp)
def test_it_should_not_validate_if_token_invalid(self):
token = SlidingToken()
del token['exp']
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
with self.assertRaises(TokenError) as e:
s.is_valid()
self.assertIn("has no 'exp' claim", e.exception.args[0])
token.set_exp(lifetime=-timedelta(days=1))
s = TokenRefreshSlidingSerializer(data={'token': str(token)})
with self.assertRaises(TokenError) as e:
s.is_valid()
self.assertIn('invalid or expired', e.exception.args[0])