Tivix/django-rest-auth
1
1
Fork 0
mirror of https://github.com/Tivix/django-rest-auth.git synced 2024-12-02 13:53:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

added rest_framework_simplejwt.token_blacklist to settings for tests, return 500 if error occurs instead of raising, added unit tests for blacklist

Browse Source
This commit is contained in:
Marc LaBelle 2020-04-02 10:01:07 -04:00
parent aaab91f82b
commit 8f97cbc617
4 changed files with 49 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile Normal file
View File

@ -0,0 +1,2 @@
test:
coverage run --source=dj_rest_auth setup.py test

2
dj_rest_auth/tests/settings.py
View File

@ -94,6 +94,8 @@ INSTALLED_APPS = [
'dj_rest_auth', 'dj_rest_auth',
'dj_rest_auth.registration', 'dj_rest_auth.registration',
'rest_framework_simplejwt.token_blacklist'
] ]
SECRET_KEY = "38dh*skf8sjfhs287dh&^hd8&3hdg*j2&sd" SECRET_KEY = "38dh*skf8sjfhs287dh&^hd8&3hdg*j2&sd"

34
dj_rest_auth/tests/test_api.py
View File

@ -1,6 +1,7 @@
import json
from unittest.mock import patch
from allauth.account import app_settings as account_app_settings from allauth.account import app_settings as account_app_settings
from dj_rest_auth.registration.app_settings import register_permission_classes
from dj_rest_auth.registration.views import RegisterView
from django.conf import settings from django.conf import settings
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
from django.core import mail from django.core import mail
@ -9,6 +10,8 @@ from django.utils.encoding import force_text
from rest_framework import status from rest_framework import status
from rest_framework.test import APIRequestFactory from rest_framework.test import APIRequestFactory
from dj_rest_auth.registration.app_settings import register_permission_classes
from dj_rest_auth.registration.views import RegisterView
from .mixins import CustomPermissionClass, TestsMixin from .mixins import CustomPermissionClass, TestsMixin
try: try:
@ -556,6 +559,20 @@ class APIBasicTests(TestsMixin, TestCase):
resp = self.get('/protected-view/') resp = self.get('/protected-view/')
self.assertEquals(resp.status_code, 200) self.assertEquals(resp.status_code, 200)
@override_settings(REST_USE_JWT=True)
@patch('rest_framework_simplejwt.tokens.BlacklistMixin.blacklist')
def test_blacklisting_not_installed(self, mocked_blacklist):
mocked_blacklist.side_effect = AttributeError(f"'RefreshToken' object has no attribute 'blacklist'")
payload = {
"username": self.USERNAME,
"password": self.PASS
}
get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
resp = self.post(self.login_url, data=payload, status_code=200)
token = resp.data['refresh_token']
resp = self.post(self.logout_url, status=200, data={'refresh': token})
self.assertEqual(resp.status_code, 501)
@override_settings(REST_USE_JWT=True) @override_settings(REST_USE_JWT=True)
def test_blacklisting(self): def test_blacklisting(self):
payload = { payload = {
@ -563,6 +580,15 @@ class APIBasicTests(TestsMixin, TestCase):
"password": self.PASS "password": self.PASS
} }
get_user_model().objects.create_user(self.USERNAME, '', self.PASS) get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
self.post(self.login_url, data=payload, status_code=200) resp = self.post(self.login_url, data=payload, status_code=200)
token = resp.data['refresh_token']
resp = self.post(self.logout_url, status=200) resp = self.post(self.logout_url, status=200)
pass self.assertEqual(resp.status_code, 401)
resp = self.post(self.logout_url, status=200, data={'refresh': '1'})
self.assertEqual(resp.status_code, 404)
resp = self.post(self.logout_url, status=200, data={'refresh': token})
self.assertEqual(resp.status_code, 200)
resp = self.post(self.logout_url, status=200, data={'refresh': token})
self.assertEqual(resp.status_code, 404)
resp = self.post(self.logout_url, status=200, data=json.dumps({'refresh': token}))
self.assertEqual(resp.status_code, 500)

28
dj_rest_auth/views.py
View File

@ -147,25 +147,27 @@ class LogoutView(APIView):
try: try:
token = RefreshToken(request.data['refresh']) token = RefreshToken(request.data['refresh'])
token.blacklist() token.blacklist()
except KeyError: except KeyError:
response = Response({"detail": _("Refresh token was not included in request data.")}, response = Response({"detail": _("Refresh token was not included in request data.")},
status=status.HTTP_401_UNAUTHORIZED) status=status.HTTP_401_UNAUTHORIZED)
except TokenError as e: except (TokenError, AttributeError, TypeError) as error:
if hasattr(e, 'args') and 'Token is blacklisted' in e.args: if hasattr(error, 'args'):
response = Response({"detail": _("Token is already blacklisted.")}, if 'Token is blacklisted' in error.args or 'Token is invalid or expired' in error.args:
status=status.HTTP_404_NOT_FOUND) response = Response({"detail": _(error.args[0])},
else: status=status.HTTP_404_NOT_FOUND)
raise
# warn user blacklist is not enabled
elif "'RefreshToken' object has no attribute 'blacklist'" in error.args:
response = Response({"detail": _("Blacklist is not enabled in INSTALLED_APPS.")},
status=status.HTTP_501_NOT_IMPLEMENTED)
else:
response = Response({"detail": _("An error has occurred.")},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
except AttributeError as e:
# warn user blacklist is not enabled
if hasattr(e, 'args') and "'RefreshToken' object has no attribute 'blacklist'" in e.args:
response = Response({"detail": _("Blacklist is not enabled in INSTALLED_APPS.")},
status=status.HTTP_501_NOT_IMPLEMENTED)
else: else:
raise response = Response({"detail": _("No attr error has occurred.")},
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
return response return response