def test_get_post_token(self): """Test the GET > POST chain.""" token = RequestToken.objects.create_token( scope="bar", login_mode=RequestToken.LOGIN_MODE_NONE, max_uses=100 ) # expiry not set - we will do that explicitly in the POST self.assertTrue(token.expiration_time is None) # this is the output from the {% request_token %} tag html = request_token({"request_token": token.jwt()}) # initial GET - mark token as used, do not expire response = self.client.get(get_url("roundtrip", token)) self.assertContains(response, html, status_code=200) token.refresh_from_db() self.assertTrue(token.expiration_time is None) self.assertEqual(token.used_to_date, 1) # now re-post the token to the same URL - equivalent to POSTing the form response = self.client.post( get_url("roundtrip", None), {JWT_QUERYSTRING_ARG: token.jwt()} ) # 201 is a sentinel status_code so we know that the form has been processed self.assertContains(response, "OK", status_code=201) token.refresh_from_db() # token has been forcibly expired self.assertFalse(token.expiration_time is None) self.assertTrue(token.expiration_time < tz_now()) self.assertEqual(token.used_to_date, 2)
def test_request_token_missing(self): context = {} assert request_token_tags.request_token(context) == ""
def test_request_token(self): context = {"request_token": "foo"} assert request_token_tags.request_token(context) == ( f'<input type="hidden" name="{JWT_QUERYSTRING_ARG}" value="foo">')