def handle(self, *args, **options): User = get_user_model() try: user = User.objects.get( **{User.USERNAME_FIELD: options['username']}) except User.DoesNotExist: raise CommandError( _('User with username "%s" does not exist') % options['username']) if not options['keep_existing']: Token.objects.filter(user=user).delete() # If any token = Token(user=user) token.save() self.stdout.write( _("Generated token for user %(user)s: %(token)s.") % { 'user': user, 'token': token.token }) self.stdout.write( _("User now has %(count)d token(s).") % {'count': Token.objects.filter(user=user).count()})
class TokenAuthTest(TestCase): def setUp(self): self.user = User.objects.create_user(username='******', password='******') self.user.save() self.token = Token(user=self.user) self.token.save() self.client = Client(HTTP_AUTHORIZATION='Token ' + self.token.token) def test_token_auth(self): res = self.client.get('/user/identify/') self.assertEqual(res.status_code, 200) res = jsonloads(res.content) self.assertEqual(res, {'username': '******', 'email': ''}) def test_no_token_auth(self): res = Client().get('/user/identify/') self.assertEqual(res.status_code, 403) def test_session_auth(self): client = Client() self.assertTrue(client.login(username='******', password='******')) res = client.get('/user/identify/') self.assertEqual(res.status_code, 200) @override_settings( BINDER_TOKEN_EXPIRE_TIME=timedelta(days=-1), ) def test_token_expired(self): res = self.client.get('/user/identify/') self.assertEqual(res.status_code, 400) res = jsonloads(res.content) assert_json( res, { 'code': 'TokenExpired', 'message': ANY(str), 'token': self.token.token, 'expired_at': ANY(), EXTRA(): None, }) def test_token_not_found(self): old_token = self.token.token self.token.token = 'foo' self.token.save() res = self.client.get('/user/identify/') self.assertEqual(res.status_code, 404) res = jsonloads(res.content) assert_json( res, { 'code': 'TokenNotFound', 'message': ANY(str), 'token': old_token, EXTRA(): None, }) def test_other_auth_type(self): client = Client(HTTP_AUTHORIZATION='Foo ' + self.token.token) res = client.get('/user/identify/') self.assertEqual(res.status_code, 403)
def test_create_user_token_keeps_existing_tokens_when_keep_is_passed(self): user = User(username='******') user.save() token1 = Token(user=user) token1.save() token2 = Token(user=user) token2.save() self.assertEqual(2, Token.objects.count()) out = StringIO() call_command('create_user_token', '-k', '*****@*****.**', stdout=out) self.assertEqual(3, Token.objects.count()) self.assertEqual(3, Token.objects.filter(user=user).count()) self.assertTrue(Token.objects.filter(id=token1.id).exists()) self.assertTrue(Token.objects.filter(id=token2.id).exists()) token3 = Token.objects.exclude(id__in=[token1.id, token2.id]).get() self.assertIn( "Generated token for user [email protected]: %s." % Token.objects.filter(user=user).exclude( id__in=[token1.id, token2.id]).get().token, out.getvalue()) self.assertIn("User now has 3 token(s).", out.getvalue()) out = StringIO() call_command('create_user_token', '--keep-existing', '*****@*****.**', stdout=out) self.assertEqual(4, Token.objects.count()) self.assertEqual(4, Token.objects.filter(user=user).count()) token4 = Token.objects.exclude( id__in=[token1.id, token2.id, token3.id]).get() self.assertNotEqual(token1.token, token4.token) self.assertNotEqual(token2.token, token4.token) self.assertNotEqual(token3.token, token4.token) self.assertIn( "Generated token for user [email protected]: %s." % Token.objects.filter(user=user).exclude( id__in=[token1.id, token2.id, token3.id]).get().token, out.getvalue()) self.assertIn("User now has 4 token(s).", out.getvalue())
def test_delete_user_token_deletes_existing_tokens_but_only_for_passed_user( self): user1 = User(username='******' ) # Ensure we don't destroy other users tokens user1.save() token1 = Token(user=user1) token1.save() user2 = User(username='******') user2.save() token2 = Token(user=user2) token2.save() token3 = Token(user=user2) token3.save() self.assertEqual(3, Token.objects.count()) out = StringIO() call_command('delete_user_token', '*****@*****.**', stdout=out) self.assertEqual(1, Token.objects.count()) self.assertEqual(0, Token.objects.filter(user=user2).count()) self.assertTrue(Token.objects.filter(id=token1.id).exists()) self.assertFalse(Token.objects.filter(id=token2.id).exists()) self.assertFalse(Token.objects.filter(id=token3.id).exists()) self.assertIn("Deleted 2 token(s) for user [email protected].", out.getvalue())
def setUp(self): self.user = User.objects.create_user(username='******', password='******') self.user.save() self.token = Token(user=self.user) self.token.save() self.client = Client(HTTP_AUTHORIZATION='Token ' + self.token.token)
def test_create_user_token_replaces_existing_tokens_for_passed_user_when_keep_is_omitted( self): user1 = User(username='******' ) # Ensure we don't destroy other users tokens user1.save() token1 = Token(user=user1) token1.save() user2 = User(username='******') user2.save() token2 = Token(user=user2) token2.save() token3 = Token(user=user2) token3.save() self.assertEqual(3, Token.objects.count()) out = StringIO() call_command('create_user_token', '*****@*****.**', stdout=out) self.assertEqual(2, Token.objects.count()) self.assertEqual(1, Token.objects.filter(user=user2).count()) self.assertTrue(Token.objects.filter(id=token1.id).exists()) self.assertFalse(Token.objects.filter(id=token2.id).exists()) self.assertFalse(Token.objects.filter(id=token3.id).exists()) token4 = Token.objects.exclude( id__in=[token1.id, token2.id, token3.id]).get() self.assertNotEqual(token1.token, token4.token) self.assertNotEqual(token2.token, token4.token) self.assertNotEqual(token3.token, token4.token) self.assertIn( "Generated token for user [email protected]: %s." % Token.objects.filter(user=user2).exclude( id__in=[token2.id, token3.id]).get().token, out.getvalue()) self.assertIn("User now has 1 token(s).", out.getvalue())
class TokenAuthTest(TestCase): def setUp(self): self.user = User.objects.create_user(username='******', password='******', is_superuser=True) self.user.save() self.token = Token(user=self.user) self.token.save() self.client = Client(HTTP_AUTHORIZATION='Token ' + self.token.token) def test_token_auth(self): res = self.client.get('/user/identify/') self.assertEqual(res.status_code, 200) res = jsonloads(res.content) self.assertEqual(res, {'username': '******', 'email': ''}) def test_no_token_auth(self): res = Client().get('/user/identify/') self.assertEqual(res.status_code, 403) def test_session_auth(self): client = Client() self.assertTrue(client.login(username='******', password='******')) res = client.get('/user/identify/') self.assertEqual(res.status_code, 200) @override_settings( BINDER_TOKEN_EXPIRE_TIME=timedelta(days=-1), ) def test_token_expired(self): res = self.client.get('/user/identify/') self.assertEqual(res.status_code, 400) res = jsonloads(res.content) assert_json(res, { 'code': 'TokenExpired', 'message': ANY(str), 'token': self.token.token, 'expired_at': ANY(), EXTRA(): None, }) def test_token_not_found(self): old_token = self.token.token self.token.token = 'foo' self.token.save() res = self.client.get('/user/identify/') self.assertEqual(res.status_code, 404) res = jsonloads(res.content) assert_json(res, { 'code': 'TokenNotFound', 'message': ANY(str), 'token': old_token, EXTRA(): None, }) def test_other_auth_type(self): client = Client(HTTP_AUTHORIZATION='Foo ' + self.token.token) res = client.get('/user/identify/') self.assertEqual(res.status_code, 403) def test_post_using_token_bypasses_csrf_checks(self): client = Client(HTTP_AUTHORIZATION='Token ' + self.token.token, enforce_csrf_checks=True) model_data = { 'name': 'Apenheul', } response = client.post('/zoo/', data=json.dumps(model_data), content_type='application/json') self.assertEqual(response.status_code, 200) returned_data = jsonloads(response.content) self.assertIsNotNone(returned_data.get('id')) self.assertEqual(returned_data.get('name'), 'Apenheul')