def test_signature_mismatch_wrong_content(self): """ Token with wrong signature should not pass """ token, _ = generate_auth_token(self.DummyUser(), 30) token = token.replace('john', 'jane') username = validate_auth_token(token) self.assertIsNone(username)
def test_custom_id_field(self): """ We should be able to use any other then username field to store in token """ token, _ = generate_auth_token(self.DummyUser(), 30, 'username2') username = validate_auth_token(token) self.assertEqual(username, 'johny')
def test_correct_token(self): """ Generate a token and then validate it. Assume it must be valid. """ token, _ = generate_auth_token(self.DummyUser(), 30) username = validate_auth_token(token) self.assertEqual(username, 'john')
def test_signature_mismatch_wrong_public_key(self): """ We should not validate a token if our public key does not match the private one used to sign """ token, _ = generate_auth_token(self.DummyUser(), 30) with self.settings(TOKEN_AUTH_PUBLIC_KEY=settings.TOKEN_AUTH_PUBLIC_KEY.replace('public.pub', 'wrong.pub')): with mock.patch('django_token_auth._cached_public_key', None): username = validate_auth_token(token) self.assertIsNone(username)
def test_expired_token(self): """ Expired token should not be validated """ token, _ = generate_auth_token(self.DummyUser(), 1) username = validate_auth_token(token) self.assertEqual(username, 'john') time.sleep(2) username = validate_auth_token(token) self.assertIsNone(username)
def test_authenticate_correct_token(self): token, _ = generate_auth_token(self.DummyUser(), 30) user = authenticate(token=token) self.assertTrue(user.is_authenticated()) self.assertEqual(user.username, 'john')
def get_token(): return generate_auth_token(self.DummyUser(), 30)[0]
def test_authenticated(self): token, _ = generate_auth_token(self.DummyUser(), 30) response = self.client.get('/tests/protected_url/', HTTP_AUTHORIZATION=token) self.assertEquals(response.status_code, 200) self.assertIn('john', response.content)