def test_refresh_jwt(self):
"""
Test getting a refreshed token from original token works
No date/time modifications are neccessary because it is assumed
that this operation will take less than 300 seconds.
"""
client = APIClient(enforce_csrf_checks=True)
orig_token = self.get_token()
orig_token_decoded = utils.jwt_decode_handler(orig_token)
expected_orig_iat = timegm(datetime.utcnow().utctimetuple())
# Make sure 'orig_iat' exists and is the current time (give some slack)
orig_iat = orig_token_decoded['orig_iat']
self.assertLessEqual(orig_iat - expected_orig_iat, 1)
time.sleep(1)
# Now try to get a refreshed token
response = client.post('/auth-token-refresh/', {'token': orig_token},
format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
new_token = response.data['token']
new_token_decoded = utils.jwt_decode_handler(new_token)
# Make sure 'orig_iat' on the new token is same as original
self.assertEquals(new_token_decoded['orig_iat'], orig_iat)
self.assertGreater(new_token_decoded['exp'], orig_token_decoded['exp'])
def test_jwt_decode_verify_exp(self):
api_settings.JWT_VERIFY_EXPIRATION = False
payload = utils.jwt_payload_handler(self.user)
payload['exp'] = 1
token = utils.jwt_encode_handler(payload)
utils.jwt_decode_handler(token)
api_settings.JWT_VERIFY_EXPIRATION = True
def test_create(self):
serializer = JSONWebTokenSerializer(data=self.data)
is_valid = serializer.is_valid()
token = serializer.object['token']
decoded_payload = utils.jwt_decode_handler(token)
self.assertTrue(is_valid)
self.assertEqual(decoded_payload['username'], self.username)
def test_jwt_login_json(self):
"""
Ensure JWT login view using JSON POST works.
"""
client = APIClient(enforce_csrf_checks=True)
response = client.post('/auth-token/', self.data, format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
decoded_payload = utils.jwt_decode_handler(response.data['token'])
self.assertEqual(decoded_payload['user_id'], str(self.user.id))
def test_jwt_login_with_expired_token(self):
"""
Ensure JWT login view works even if expired token is provided
"""
payload = utils.jwt_payload_handler(self.user)
payload['exp'] = 1
token = utils.jwt_encode_handler(payload)
auth = 'JWT {0}'.format(token)
client = APIClient(enforce_csrf_checks=True)
response = client.post('/auth-token/',
self.data,
HTTP_AUTHORIZATION=auth,
format='json')
decoded_payload = utils.jwt_decode_handler(response.data['token'])
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(decoded_payload['username'], self.username)
def test_fail_audience_missing(self):
payload = utils.jwt_payload_handler(self.user)
del payload['aud']
token = utils.jwt_encode_handler(payload)
with self.assertRaises(jwt.exceptions.MissingRequiredClaimError):
utils.jwt_decode_handler(token)
def test_jwt_decode(self):
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
decoded_payload = utils.jwt_decode_handler(token)
self.assertEqual(decoded_payload, payload)
def test_fail_issuer_wrong(self):
payload = utils.jwt_payload_handler(self.user)
payload['iss'] = 'example2.com'
token = utils.jwt_encode_handler(payload)
with self.assertRaises(jwt.exceptions.InvalidIssuerError):
utils.jwt_decode_handler(token)
def test_fail_audience_wrong(self):
payload = utils.jwt_payload_handler(self.user)
payload['aud'] = 'my_aud2'
token = utils.jwt_encode_handler(payload)
with self.assertRaises(jwt.exceptions.InvalidAudienceError):
utils.jwt_decode_handler(token)