def post(self):
""" Logs the user in, returns an api key. """
# Verify that required fields are present, and data is valid
required_fields = ['email', 'password']
if not self.is_data_valid(required_fields):
self.return_error(self.error_messages)
return
# Verify that the password is correct
email = self.data.get('email').lower()
password = self.data.get('password')
try:
user_info = self.auth.get_user_by_password(email, password)
user = User.get_by_id(user_info['user_id'])
except (webapp2_extras.auth.InvalidAuthIdError,
webapp2_extras.auth.InvalidPasswordError):
# Obscure source of error, for security.
self.return_fail(['Either the email or password was incorrect.'])
return
# Update the user's status to 'online'
user.online = True
user.put()
# Create a Token for this User
token = Token()
token.user = user
token.put()
# Return the auth token and ID to use together
token = token.token
self.return_success(data={'auth_token': token})
def test_creation(self):
""" Should create a token. """
print 'Testing creation'
user_info = User.create_user()
user = User.get_by_id(user_info['user_id'])
token = Token()
token.user = user
token.put()
results = Token.query().fetch(2)
self.assertEqual(1, len(results))
self.assertEqual(user, results[0].user)
def testTokenAuthLogin(self):
client = Client()
settings.MIDDLEWARE_CLASSES = list(settings.MIDDLEWARE_CLASSES) + [
'token_auth.middleware.TokenAuthLoginMiddleware'
]
from django.contrib.auth.models import User
user = User.objects.get(pk=1)
url = '/protected/'
token = Token(url=url, email=user.email)
token.save()
response = client.get(token.use_token())
self.failUnlessEqual(response.status_code, 302)
response = client.get('/protected/')
self.failUnlessEqual(response.status_code, 200)
token.delete()
response = client.get('/protected/')
self.failUnlessEqual(response.status_code, 200)
def testTokenAuthLogin(self):
client = Client()
settings.MIDDLEWARE_CLASSES = list(settings.MIDDLEWARE_CLASSES) + ['token_auth.middleware.TokenAuthLoginMiddleware']
from django.contrib.auth.models import User
user = User.objects.get(pk=1)
url = '/protected/'
token = Token(url=url, email=user.email)
token.save()
response = client.get(token.use_token())
self.failUnlessEqual(response.status_code, 302)
response = client.get('/protected/')
self.failUnlessEqual(response.status_code, 200)
token.delete()
response = client.get('/protected/')
self.failUnlessEqual(response.status_code, 200)
def testVisitURL200Cookie(self):
url = '/protected/'
token = Token(url=url)
token.save()
client = Client()
# test that tokens work
response = client.get(token.use_token())
self.failUnlessEqual(response.status_code, 302)
self.failUnlessEqual(client.cookies[TOKEN_COOKIE].value, token.token)
response = client.get("/protected/")
self.failUnlessEqual(response.status_code, 200)
response = client.get("/protected/sub1/")
self.failUnlessEqual(response.status_code, 200)
response = client.get("/protected/sub1/sub2/")
self.failUnlessEqual(response.status_code, 200)
response = client.get(token.use_token())
self.failUnlessEqual(response.status_code, 302)
# test for two tokens
token2 = Token(url=url)
token2.save()
response = client.get(token2.use_token())
self.failUnlessEqual(response.status_code, 302)
self.failUnless(client.cookies[TOKEN_COOKIE].value, token.token + '|' + token2.token)
token.delete()
token2.delete()
# test for expired tokens
token3 = Token(url=url)
token3.save()
response = client.get(token3.use_token())
self.failUnlessEqual(response.status_code, 302)
response = client.get("/protected/")
self.failUnlessEqual(response.status_code, 200)
token3.valid_until = datetime.datetime.today() - datetime.timedelta(days=2)
token3.save()
response = client.get("/protected/")
self.failUnlessEqual(response.status_code, 302)
def testForwardToken(self):
client = Client()
# test forwarding of token
url = '/protected/'
token = Token(url=url)
token.save()
response = client.get(token.use_token())
self.failUnlessEqual(response.status_code, 302)
response = client.get(token.forward_token())
self.failUnlessEqual(response.status_code, 200)
self.failUnlessEqual(response.context['token'].can_forward, False)
self.failUnlessEqual(force_unicode(response.context['error']), 'Apologies! This token can not be forwarded.')
token.delete()
token = Token(url=url, forward_count=None)
token.save()
response = client.get(token.use_token())
self.failUnlessEqual(response.status_code, 302)
response = client.get(token.forward_token())
self.failUnlessEqual(response.context['token'].can_forward, True)
self.failUnlessEqual(force_unicode(response.context['error'], strings_only=True), None)
response = client.post(token.forward_token(), FORM_DATA_FORWARD_1)
self.failUnlessEqual(response.status_code, 302)
token.delete()
# test max number of forwards
url = '/protected/'
token = Token(url=url, forward_count=3)
token.save()
response = client.get(token.use_token())
response = client.get(token.forward_token())
self.failUnlessEqual(force_unicode(response.context['error'], strings_only=True), None)
response = client.post(token.forward_token(), FORM_DATA_FORWARD_1)
self.failUnlessEqual(response.status_code, 302)
# grab token from db
token = Token.objects.get(pk=token.pk)
self.failUnlessEqual(token.forward_count, 1)
response = client.post(token.forward_token(), FORM_DATA_FORWARD_1)
self.failUnlessEqual(response.status_code, 200)
# grab token from db
token = Token.objects.get(pk=token.pk)
self.failUnlessEqual(token.forward_count, 1)
response = client.post(token.forward_token(), FORM_DATA_FORWARD_2)
self.failUnlessEqual(response.status_code, 302)
# grab token from db
token = Token.objects.get(pk=token.pk)
self.failUnlessEqual(token.forward_count, 0)
def testVisitURL200Cookie(self):
url = '/protected/'
token = Token(url=url)
token.save()
client = Client()
# test that tokens work
response = client.get(token.use_token())
self.failUnlessEqual(response.status_code, 302)
self.failUnlessEqual(client.cookies[TOKEN_COOKIE].value, token.token)
response = client.get("/protected/")
self.failUnlessEqual(response.status_code, 200)
response = client.get("/protected/sub1/")
self.failUnlessEqual(response.status_code, 200)
response = client.get("/protected/sub1/sub2/")
self.failUnlessEqual(response.status_code, 200)
response = client.get(token.use_token())
self.failUnlessEqual(response.status_code, 302)
# test for two tokens
token2 = Token(url=url)
token2.save()
response = client.get(token2.use_token())
self.failUnlessEqual(response.status_code, 302)
self.failUnless(client.cookies[TOKEN_COOKIE].value,
token.token + '|' + token2.token)
token.delete()
token2.delete()
# test for expired tokens
token3 = Token(url=url)
token3.save()
response = client.get(token3.use_token())
self.failUnlessEqual(response.status_code, 302)
response = client.get("/protected/")
self.failUnlessEqual(response.status_code, 200)
token3.valid_until = datetime.datetime.today() - datetime.timedelta(
days=2)
token3.save()
response = client.get("/protected/")
self.failUnlessEqual(response.status_code, 302)
def testForwardToken(self):
client = Client()
# test forwarding of token
url = '/protected/'
token = Token(url=url)
token.save()
response = client.get(token.use_token())
self.failUnlessEqual(response.status_code, 302)
response = client.get(token.forward_token())
self.failUnlessEqual(response.status_code, 200)
self.failUnlessEqual(response.context['token'].can_forward, False)
self.failUnlessEqual(force_unicode(response.context['error']),
'Apologies! This token can not be forwarded.')
token.delete()
token = Token(url=url, forward_count=None)
token.save()
response = client.get(token.use_token())
self.failUnlessEqual(response.status_code, 302)
response = client.get(token.forward_token())
self.failUnlessEqual(response.context['token'].can_forward, True)
self.failUnlessEqual(
force_unicode(response.context['error'], strings_only=True), None)
response = client.post(token.forward_token(), FORM_DATA_FORWARD_1)
self.failUnlessEqual(response.status_code, 302)
token.delete()
# test max number of forwards
url = '/protected/'
token = Token(url=url, forward_count=3)
token.save()
response = client.get(token.use_token())
response = client.get(token.forward_token())
self.failUnlessEqual(
force_unicode(response.context['error'], strings_only=True), None)
response = client.post(token.forward_token(), FORM_DATA_FORWARD_1)
self.failUnlessEqual(response.status_code, 302)
# grab token from db
token = Token.objects.get(pk=token.pk)
self.failUnlessEqual(token.forward_count, 1)
response = client.post(token.forward_token(), FORM_DATA_FORWARD_1)
self.failUnlessEqual(response.status_code, 200)
# grab token from db
token = Token.objects.get(pk=token.pk)
self.failUnlessEqual(token.forward_count, 1)
response = client.post(token.forward_token(), FORM_DATA_FORWARD_2)
self.failUnlessEqual(response.status_code, 302)
# grab token from db
token = Token.objects.get(pk=token.pk)
self.failUnlessEqual(token.forward_count, 0)