def test_get_post_token(self):
"""Test the GET > POST chain."""
token = RequestToken.objects.create_token(
scope="bar", login_mode=RequestToken.LOGIN_MODE_NONE, max_uses=100
)
# expiry not set - we will do that explicitly in the POST
self.assertTrue(token.expiration_time is None)
# this is the output from the {% request_token %} tag
html = request_token({"request_token": token.jwt()})
# initial GET - mark token as used, do not expire
response = self.client.get(get_url("roundtrip", token))
self.assertContains(response, html, status_code=200)
token.refresh_from_db()
self.assertTrue(token.expiration_time is None)
self.assertEqual(token.used_to_date, 1)
# now re-post the token to the same URL - equivalent to POSTing the form
response = self.client.post(
get_url("roundtrip", None), {JWT_QUERYSTRING_ARG: token.jwt()}
)
# 201 is a sentinel status_code so we know that the form has been processed
self.assertContains(response, "OK", status_code=201)
token.refresh_from_db()
# token has been forcibly expired
self.assertFalse(token.expiration_time is None)
self.assertTrue(token.expiration_time < tz_now())
self.assertEqual(token.used_to_date, 2)
def test_request_token_missing(self):
context = {}
assert request_token_tags.request_token(context) == ""
def test_request_token(self):
context = {"request_token": "foo"}
assert request_token_tags.request_token(context) == (
f'<input type="hidden" name="{JWT_QUERYSTRING_ARG}" value="foo">')
