def test_token_with_max_age_override(self): token = create_token(self.user) user = ModelBackend().authenticate(request=None, sesame=token, max_age=-300) self.assertIsNone(user) self.assertLogsContain("Expired token")
def test_inactive_user(self): self.user.is_active = False self.user.save() token = create_token(self.user) user = ModelBackend().authenticate(request=None, sesame=token) self.assertIsNone(user) self.assertLogsContain("Unknown or inactive user")
def test_scoped_token(self): token = create_token(self.user, scope="test") user = ModelBackend().authenticate(request=None, sesame=token, scope="test") self.assertEqual(user, self.user) self.assertLogsContain("Valid token for user john in scope test")
def show_form(request): form = SignInForm(request.POST or None) template = "accounts/form_signin.html" if form.is_valid(): username = form.cleaned_data["username"] user, _ = User.objects.get_or_create(username=username) if user.is_staff: raise PermissionDenied token = create_token(user) # Send token by email or phone, dependent on ! reverse("accounts:token", kwargs={"token": token}) return render(request, "accounts/form_token.html", {"token": token}) return render(request, template, {"form": form})
def test_bad_token(client): client.get(f"/a/badtoken") # And a token that is valid but for a user that does not exist user = User(id=1, username="******") token = create_token(user) client.get(f"/a/{token}")
def test_token(self): token = create_token(self.user) user = ModelBackend().authenticate(request=None, sesame=token) self.assertEqual(user, self.user) self.assertLogsContain("Valid token for user john in default scope")
def test_parse_token_force_v1(self): with override_settings(SESAME_TOKENS=["sesame.tokens_v2"]): token = create_token(self.user) user = parse_token(token, self.get_user) self.assertEqual(user, None) self.assertLogsContain("Bad token: doesn't match a supported format")
def test_parse_token_accepts_v1(self): with override_settings(SESAME_TOKENS=["sesame.tokens_v1"]): token = create_token(self.user) user = parse_token(token, self.get_user) self.assertEqual(user, self.user) self.assertLogsContain("Valid token for user john")
def test_parse_token_accepts_v2(self): token = create_token(self.user) user = parse_token(token, self.get_user) self.assertEqual(user, self.user) self.assertLogsContain("Valid token for user john")
def test_create_token_use_first_choice(self): token = create_token(self.user) self.assertTrue(tokens_v1.detect_token(token)) self.assertFalse(tokens_v2.detect_token(token))
def test_create_token_force_v1(self): token = create_token(self.user) self.assertTrue(tokens_v1.detect_token(token)) self.assertFalse(tokens_v2.detect_token(token))