def test_bad_token_request(self):
""" Ensure that invalid tokens throws exception """
request = self.factory.get('/foo/bar',
HTTP_AUTHORIZATION="TmpToken badtoken")
with self.assertRaises(AuthenticationFailed) as e:
TokenAuth().authenticate(request)
self.assertEqual(e, "Bad API token")
def test_token_with_encoded_iri(self):
"""
Ensure tokens created with Uniform Resource Identifiers properly
authenticate.
"""
t = TokenManager(user=self.user,
endpoints=dict(GET=['/t%C3%A9st']),
max_age=10,
recipient='my-new-microservice')
request = self.factory.get(u'/tést/some-éndpoint/',
HTTP_AUTHORIZATION="TmpToken {}".format(
t.generate_token()))
self.assertEqual(TokenAuth().authenticate(request), (self.user, t))
request = self.factory.get('/t%C3%A9st/some-%C3%A9ndpoint/',
HTTP_AUTHORIZATION="TmpToken {}".format(
t.generate_token()))
self.assertEqual(TokenAuth().authenticate(request), (self.user, t))
def test_valid_request(self):
t = TokenManager(user=self.user,
endpoints=dict(GET=['/bar'], POST=['/foo']),
max_age=10,
recipient='my-new-microservice')
request = self.factory.post('/foo/some-nested-endpoint/',
HTTP_AUTHORIZATION="TmpToken {}".format(
t.generate_token()))
self.assertEqual(TokenAuth().authenticate(request), (self.user, t))
def test_api_recipient_header(self):
t = TokenManager(user=self.user,
endpoints=dict(GET=['/bar'], POST=['/foo']),
max_age=10,
recipient='my-new-microservice')
request = self.factory.post('/foo/some-nested-endpoint/',
HTTP_AUTHORIZATION="TmpToken {}".format(
t.generate_token()))
TokenAuth().authenticate(request)
self.assertEqual(request.META.get('X-API-Token-Recipient'),
"my-new-microservice")
def test_invalid_path_request(self):
""" Ensure that not-permitted paths throws exception """
t = TokenManager(user=self.user,
endpoints=dict(GET=['/foo', '/bar'], POST=['/foo']),
max_age=10,
recipient='my-new-microservice')
request = self.factory.get('/secret',
HTTP_AUTHORIZATION="TmpToken " +
t.generate_token())
with self.assertRaises(AuthenticationFailed) as e:
TokenAuth().authenticate(request)
self.assertEqual(e, "Endpoint interaction not permitted by token")
def test_valid_request_query_arg(self):
""" Ensure that auth token can be encloded as GET parameter """
t = TokenManager(user=self.user,
endpoints={
u'GET': [u'/foo', u'/bar'],
u'POST': [u'/foo']
},
max_age=10,
recipient='my-new-microservice')
request = self.factory.get('/foo/some-nested-endpoint/',
data={"TOKEN": t.generate_token()})
self.assertEqual(TokenAuth().authenticate(request), (self.user, t))
def test_bad_user_request(self):
""" Ensure that missing user throws exception """
self.user.id = -1
t = TokenManager(
user=self.user,
endpoints=dict(GET=['/foo']),
)
request = self.factory.get('/foo/bar',
HTTP_AUTHORIZATION="TmpToken " +
t.generate_token())
with self.assertRaises(AuthenticationFailed) as e:
TokenAuth().authenticate(request)
self.assertEqual(e, "No such user")
def test_expired_token_request(self):
""" Ensure that expired tokens throws exception """
t = TokenManager(
user=self.user,
endpoints=dict(GET=['/foo']),
max_age=0 # Immediately expired
)
request = self.factory.get('/foo/bar',
HTTP_AUTHORIZATION="TmpToken " +
t.generate_token())
with self.assertRaises(AuthenticationFailed) as e:
TokenAuth().authenticate(request)
self.assertEqual(e, "Token has expired")
def test_different_auth_request(self):
"""
Ensure that tokens without proper beginning string won't be caught
"""
request = self.factory.get('/foo/bar', HTTP_AUTHORIZATION="asdf")
self.assertIsNone(TokenAuth().authenticate(request))