Fix login with expired permanent token

HealthByRo · Aug 3, 2017 · 3d19d8f · 3d19d8f
1 parent 298ad91
commit 3d19d8f
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 1 deletion.
diff --git a/jwt_devices/utils.py b/jwt_devices/utils.py
@@ -1,4 +1,6 @@
 import jwt
+from django.utils.translation import ugettext_lazy as _
+from rest_framework.exceptions import NotFound
 from rest_framework_jwt.settings import api_settings as rfj_settings
 
 from jwt_devices.models import Device
@@ -8,7 +10,10 @@
 
 
 def jwt_devices_get_secret_key(payload=None):
-    return Device.objects.get(pk=payload.get("device_id")).jwt_secret.hex
+    try:
+        return Device.objects.get(pk=payload.get("device_id")).jwt_secret.hex
+    except Device.DoesNotExist:
+        raise NotFound(_("Permanent token has expired."))
 
 
 def jwt_devices_payload_handler(user, device=None):

diff --git a/tests/test_views.py b/tests/test_views.py
@@ -44,6 +44,13 @@ def test_jwt_permanent_token_auth(self):
         response = client.get("/devices/", format="json")
         self.assertEqual(response.status_code, 200)
 
+        device.delete()
+        # test login with unknown device
+        client.credentials(HTTP_AUTHORIZATION="JWT {}".format(token))
+        client.login(**self.data)
+        response = client.get("/devices/", format="json")
+        self.assertEqual(response.status_code, 404)
+
     def test_default_auth(self):
         # the app should allow using the old-style authentication
         api_settings.JWT_PERMANENT_TOKEN_AUTH = False