def test_signature_mismatch_wrong_content(self):
"""
Token with wrong signature should not pass
"""
token, _ = generate_auth_token(self.DummyUser(), 30)
token = token.replace('john', 'jane')
username = validate_auth_token(token)
self.assertIsNone(username)
def test_custom_id_field(self):
"""
We should be able to use any other then username field to store in token
"""
token, _ = generate_auth_token(self.DummyUser(), 30, 'username2')
username = validate_auth_token(token)
self.assertEqual(username, 'johny')
def test_correct_token(self):
"""
Generate a token and then validate it. Assume it must be valid.
"""
token, _ = generate_auth_token(self.DummyUser(), 30)
username = validate_auth_token(token)
self.assertEqual(username, 'john')
def test_signature_mismatch_wrong_public_key(self):
"""
We should not validate a token if our public key does not match the private one used to sign
"""
token, _ = generate_auth_token(self.DummyUser(), 30)
with self.settings(TOKEN_AUTH_PUBLIC_KEY=settings.TOKEN_AUTH_PUBLIC_KEY.replace('public.pub', 'wrong.pub')):
with mock.patch('django_token_auth._cached_public_key', None):
username = validate_auth_token(token)
self.assertIsNone(username)
def test_expired_token(self):
"""
Expired token should not be validated
"""
token, _ = generate_auth_token(self.DummyUser(), 1)
username = validate_auth_token(token)
self.assertEqual(username, 'john')
time.sleep(2)
username = validate_auth_token(token)
self.assertIsNone(username)
def test_authenticate_correct_token(self):
token, _ = generate_auth_token(self.DummyUser(), 30)
user = authenticate(token=token)
self.assertTrue(user.is_authenticated())
self.assertEqual(user.username, 'john')
def get_token():
return generate_auth_token(self.DummyUser(), 30)[0]
def test_authenticated(self):
token, _ = generate_auth_token(self.DummyUser(), 30)
response = self.client.get('/tests/protected_url/', HTTP_AUTHORIZATION=token)
self.assertEquals(response.status_code, 200)
self.assertIn('john', response.content)
