def test_update_token_actually_saved(self, api, client):
update_token = TokenRegistry('jti', 'access', 'tokenreader', False,
dt.datetime(2001, 1, 2, 12, 11, 10, 9))
update_token.save()
token, _ = register_and_login_confirmed_user(api, client,
"tokenreader",
"*****@*****.**",
"passwd")
url = api.url_for(Token, token_id=update_token.id)
response = client.put(url,
data={
'revoked':
'True',
'jti':
'newjti',
'tokenType':
'refresh',
'username':
'******',
'expires':
str(dt.datetime(2002, 2, 3, 16, 15, 14, 13))
},
headers=get_authorization_header(token))
response_json = get_response_json(response.data)
assert (update_token.jti == 'jti')
assert (update_token.token_type == 'access')
assert (update_token.username == 'tokenreader')
assert (update_token.revoked == True)
assert (update_token.expires == dt.datetime(2001, 1, 2, 12, 11, 10, 9))
def test_no_unique_constraints(self, db):
token1 = TokenRegistry('jti', 'type', 'username', True,
dt.datetime.utcnow())
token2 = TokenRegistry('jti', 'type', 'username', True,
dt.datetime.utcnow())
token1.save()
token2.save()
num_users = db.session.query(TokenRegistry).count()
assert (num_users == 2)
def test_find_by_jti(self):
token1 = TokenRegistry('jti_1', 'type_1', 'username', True,
dt.datetime.utcnow())
token2 = TokenRegistry('jti_2', 'type_2', 'username', False,
dt.datetime.utcnow() + dt.timedelta(hours=1))
token1.save(False)
token2.save()
retrieved = TokenRegistry.find_by_jti('jti_1')
jti_none = TokenRegistry.find_by_jti('jti_dontexist')
assert (retrieved.jti == 'jti_1')
assert (jti_none is None)
def test_get_other_user_token(self, api, client):
new_token = TokenRegistry('12345', 'access', 'another_user', False,
dt.datetime.now() + dt.timedelta(hours=1))
new_token.save()
token, _ = register_and_login_confirmed_user(api, client,
"tokenreader",
"*****@*****.**",
"passwd")
url = api.url_for(Token, token_id=new_token.id)
response = client.get(url, headers=get_authorization_header(token))
response_json = get_response_json(response.data)
assert (response.status_code == 403)
assert (response_json["errors"]["token"] is not None)
def test_another_user_tokens_not_included(self, api, client):
new_token = TokenRegistry('12345', 'access', 'another_user', False,
dt.datetime.now() + dt.timedelta(hours=1))
new_token.save()
token, _ = register_and_login_confirmed_user(api, client,
"tokenreader",
"*****@*****.**",
"passwd")
url = api.url_for(TokenList)
response = client.get(url, headers=get_authorization_header(token))
response_json = get_response_json(response.data)
assert (response.status_code == 200)
assert (len(response_json) == 2)
def test_find_by_username(self):
token1 = TokenRegistry('jti_1', 'type_1', 'username', True,
dt.datetime.utcnow())
token2 = TokenRegistry('jti_2', 'type_2', 'username', False,
dt.datetime.utcnow() + dt.timedelta(hours=1))
token3 = TokenRegistry('jti_1', 'type_1', 'different', True,
dt.datetime.utcnow())
token1.save(False)
token2.save(False)
token3.save()
user_tokens = TokenRegistry.find_by_username('username')
assert (len(user_tokens) == 2)
def test_get_by_id(self):
new_token = TokenRegistry('jti', 'type', 'username', True,
dt.datetime.utcnow())
new_token.save()
retrieved_token = TokenRegistry.get_by_id(new_token.id)
assert (retrieved_token == new_token)