mirror of
https://gitlab.com/bramw/baserow.git
synced 2024-11-21 23:37:55 +00:00
56 lines
1.8 KiB
Python
56 lines
1.8 KiB
Python
from django.shortcuts import reverse
|
|
|
|
import pytest
|
|
from freezegun import freeze_time
|
|
from rest_framework.status import HTTP_200_OK, HTTP_401_UNAUTHORIZED
|
|
|
|
from baserow.core.user.handler import UserHandler
|
|
|
|
|
|
@pytest.mark.django_db
|
|
def test_authenticate(api_client, data_fixture):
|
|
with freeze_time("2020-01-01 12:00"):
|
|
_, token = data_fixture.create_user_and_token()
|
|
|
|
response = api_client.get(
|
|
reverse("api:workspaces:list"),
|
|
format="json",
|
|
HTTP_AUTHORIZATION=f"JWT SOME_WRONG_TOKEN",
|
|
)
|
|
assert response.status_code == HTTP_401_UNAUTHORIZED
|
|
assert response.json()["error"] == "ERROR_INVALID_ACCESS_TOKEN"
|
|
|
|
response = api_client.get(
|
|
reverse("api:workspaces:list"), format="json", HTTP_AUTHORIZATION=f"JWT {token}"
|
|
)
|
|
assert response.status_code == HTTP_401_UNAUTHORIZED
|
|
assert response.json()["error"] == "ERROR_INVALID_ACCESS_TOKEN"
|
|
|
|
|
|
@pytest.mark.django_db
|
|
def test_access_token_is_invalidated_after_password_change(api_client, data_fixture):
|
|
# without password change
|
|
user, token = data_fixture.create_user_and_token(password="test")
|
|
|
|
response = api_client.get(
|
|
reverse("api:workspaces:list"),
|
|
format="json",
|
|
HTTP_AUTHORIZATION=f"JWT {token}",
|
|
)
|
|
assert response.status_code == HTTP_200_OK
|
|
|
|
# with password change
|
|
with freeze_time("2020-01-01 12:01:00"):
|
|
user, token = data_fixture.create_user_and_token(password="test")
|
|
|
|
with freeze_time("2020-01-01 12:01:01"):
|
|
UserHandler().change_password(user, "test", "test1234")
|
|
|
|
response = api_client.get(
|
|
reverse("api:workspaces:list"),
|
|
format="json",
|
|
HTTP_AUTHORIZATION=f"JWT {token}",
|
|
)
|
|
assert response.status_code == HTTP_401_UNAUTHORIZED
|
|
assert response.json()["error"] == "ERROR_INVALID_ACCESS_TOKEN"
|