def test_session_access_token_expiry_okay(self):
tomorrow = (datetime.now() + timedelta(days=1)).timestamp()
request = self.get_request(tomorrow)
verify.check_and_update_fxa_access_token(request)
self.get_fxa_token_mock.assert_not_called()
assert request.session['fxa_access_token_expiry'] == tomorrow
def test_refresh_token_missing(self):
request = self.get_request()
del request.session['fxa_refresh_token']
with self.assertRaises(verify.IdentificationError):
verify.check_and_update_fxa_access_token(request)
self.get_fxa_token_mock.assert_not_called()
def test_verify_access_token_setting_false(self):
request = self.get_request()
with override_settings(VERIFY_FXA_ACCESS_TOKEN=False):
verify.check_and_update_fxa_access_token(request)
self.get_fxa_token_mock.assert_not_called()
verify.check_and_update_fxa_access_token(request)
self.get_fxa_token_mock.assert_called()
def test_use_fake_fxa_auth(self):
request = self.get_request()
with override_settings(USE_FAKE_FXA_AUTH=True):
verify.check_and_update_fxa_access_token(request)
self.get_fxa_token_mock.assert_not_called()
verify.check_and_update_fxa_access_token(request)
self.get_fxa_token_mock.assert_called()
def test_refresh_fail(self):
yesterday = (datetime.now() - timedelta(days=1)).timestamp()
request = self.get_request(yesterday)
self.get_fxa_token_mock.side_effect = verify.IdentificationError()
with self.assertRaises(verify.IdentificationError):
verify.check_and_update_fxa_access_token(request)
self.get_fxa_token_mock.assert_called_with(
refresh_token='refreshing!', config=settings.FXA_CONFIG['default'])
# i.e. it's still expired
assert request.session['fxa_access_token_expiry'] == yesterday
def __call__(self, request):
# API requests are validated in SessionIDAuthentication
if not getattr(request, 'is_api', False):
if SESSION_KEY not in request.session:
# Without SESSION_KEY the session is definately anonymous so assume that
request.user = AnonymousUser()
else:
try:
check_and_update_fxa_access_token(request)
except IdentificationError:
log.info(
f'Failed refreshing access_token for {request.user.id}'
)
return redirect_for_login(request)
return self.get_response(request)
def test_refresh_success(self):
request = self.get_request()
# successfull refresh:
self.get_fxa_token_mock.return_value = {
'id_token': 'someopenidtoken',
'access_token': 'someaccesstoken',
'expires_in': 123,
'access_token_expiry': time.time() + 123,
}
verify.check_and_update_fxa_access_token(request)
self.get_fxa_token_mock.assert_called_with(
refresh_token='refreshing!', config=settings.FXA_CONFIG['default'])
assert request.session['fxa_access_token_expiry'] == (
self.get_fxa_token_mock.return_value['access_token_expiry'])
def authenticate_credentials(self, request, token):
# initialize session with the key from the token rather than the cookie like
# SessionMiddleware does.
del request.session._session_cache
request.session._session_key = token
# call get_user to validate the session information is good - it returns safely
user = get_user(request)
if not user or user.is_anonymous or user.deleted:
log.info('User or session not found.')
msg = {
'detail':
gettext(
'Valid user session not found matching the provided session key.'
),
'code':
'ERROR_AUTHENTICATION_EXPIRED',
}
raise exceptions.AuthenticationFailed(msg)
try:
check_and_update_fxa_access_token(request)
except IdentificationError:
log.info(
'User access token refresh failed; user needs to login to FxA again'
)
msg = {
'detail':
gettext(
'Access token refresh failed; user needs to login to FxA again.'
),
'code':
'ERROR_AUTHENTICATION_EXPIRED',
}
raise exceptions.AuthenticationFailed(msg)
# Set user in thread like UserAndAddrMiddleware does.
core.set_user(user)
return (user, token)