-
Notifications
You must be signed in to change notification settings - Fork 45
/
test_mixins.py
137 lines (107 loc) · 4.54 KB
/
test_mixins.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
import pytest
from django.test import TestCase
from django.test.client import Client
from jwt_auth import utils
from jwt_auth.compat import User, json, smart_text
@pytest.mark.django_db
class JSONWebTokenAuthMixinTestCase(TestCase):
def setUp(self):
self.email = 'jpueblo@example.com'
self.username = 'jpueblo'
self.password = 'password'
self.user = User.objects.create_user(
self.username, self.email, self.password)
self.data = {
'username': self.username,
'password': self.password
}
self.client = Client()
def test_post_json_passing_jwt_auth(self):
"""
Ensure POSTing form over JWT auth with correct credentials
passes and does not require CSRF
"""
payload = utils.jwt_payload_handler(self.user)
token = utils.jwt_encode_handler(payload)
auth = 'Bearer {0}'.format(token)
response = self.client.post(
'/jwt/',
content_type='application/json',
HTTP_AUTHORIZATION=auth
)
response_content = json.loads(smart_text(response.content))
self.assertEqual(response.status_code, 200)
self.assertEqual(response_content['username'], self.username)
def test_post_json_failing_jwt_auth(self):
"""
Ensure POSTing json over JWT auth without correct credentials fails
"""
response = self.client.post('/jwt/', content_type='application/json')
response_content = json.loads(smart_text(response.content))
self.assertEqual(response.status_code, 401)
self.assertEqual(response['WWW-Authenticate'], 'JWT realm="api"')
expected_error = ['Incorrect authentication credentials.']
self.assertEqual(response_content['errors'], expected_error)
def test_post_no_jwt_header_failing_jwt_auth(self):
"""
Ensure POSTing over JWT auth without credentials fails
"""
auth = 'Bearer'
response = self.client.post(
'/jwt/',
content_type='application/json',
HTTP_AUTHORIZATION=auth,
)
response_content = json.loads(smart_text(response.content))
self.assertEqual(response.status_code, 401)
self.assertEqual(response['WWW-Authenticate'], 'JWT realm="api"')
expected_error = ['Invalid Authorization header. No credentials provided.']
self.assertEqual(response_content['errors'], expected_error)
def test_post_invalid_jwt_header_failing_jwt_auth(self):
"""
Ensure POSTing over JWT auth without correct credentials fails
"""
auth = 'Bearer abc abc'
response = self.client.post(
'/jwt/',
content_type='application/json',
HTTP_AUTHORIZATION=auth
)
response_content = json.loads(smart_text(response.content))
self.assertEqual(response.status_code, 401)
self.assertEqual(response['WWW-Authenticate'], 'JWT realm="api"')
expected_error = ['Invalid Authorization header. Credentials string should not contain spaces.']
self.assertEqual(response_content['errors'], expected_error)
def test_post_expired_token_failing_jwt_auth(self):
"""
Ensure POSTing over JWT auth with expired token fails
"""
payload = utils.jwt_payload_handler(self.user)
payload['exp'] = 1
token = utils.jwt_encode_handler(payload)
auth = 'Bearer {0}'.format(token)
response = self.client.post(
'/jwt/',
content_type='application/json',
HTTP_AUTHORIZATION=auth
)
response_content = json.loads(smart_text(response.content))
self.assertEqual(response.status_code, 401)
self.assertEqual(response['WWW-Authenticate'], 'JWT realm="api"')
expected_error = ['Signature has expired.']
self.assertEqual(response_content['errors'], expected_error)
def test_post_invalid_token_failing_jwt_auth(self):
"""
Ensure POSTing over JWT auth with invalid token fails
"""
auth = 'Bearer abc123'
response = self.client.post(
'/jwt/',
content_type='application/json',
HTTP_AUTHORIZATION=auth
)
response_content = json.loads(smart_text(response.content))
self.assertEqual(response.status_code, 401)
self.assertEqual(response['WWW-Authenticate'], 'JWT realm="api"')
expected_error = ['Error decoding signature.']
self.assertEqual(response_content['errors'], expected_error)