4120103744

Build # 4120103744

Build Type

github

Committed by GitHub

Commit Message

Merge 35e258ac2 into 1a507ba87

Pull Request Pull Request #47: Bump cryptography from 35.0.0 to 39.0.1

Run Details

278 of 291 relevant lines covered (95.53%)

26.75 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0

/django_session_jwt/tests.py

import time
from unittest import mock

from os.path import dirname, normpath
from os.path import join as pathjoin

from datetime import datetime

from django.conf import settings
from django.test import override_settings
from django.test import TestCase
from django.contrib.auth import get_user_model
from django.test.client import Client as BaseClient

from django_session_jwt.middleware import session
from django_session_jwt.test import Client

from freezegun import freeze_time

User = get_user_model()


class BaseTestCase(TestCase):
    """
    Make a user and test client available.
    """

    def setUp(self):
        self.user = User.objects.create_user('john', 'john@domain.com', 'password')
        self.client = Client()


class JWTTestCase(BaseTestCase):
    """
    Test low-level JWT handling.
    """

    def test_create(self):
        "Test JWT creation / verification"
        session_key = '1234abcdef'
        jwt = session.create_jwt(self.user, session_key)
        fields = session.verify_jwt(jwt)
        self.assertEqual(fields['sk'], session_key)

    def test_asymmetrical(self):
        "Test using RSA key"
        key, pubkey, algo = session._parse_key((
            normpath(pathjoin(dirname(__file__), '../keys/rsa')),
            normpath(pathjoin(dirname(__file__), '../keys/rsa.pub'))
        ))

        with mock.patch('django_session_jwt.middleware.session.ALGO', algo), \
             mock.patch('django_session_jwt.middleware.session.KEY', key):
            session_key = '1234abcdef'
            jwt = session.create_jwt(self.user, session_key)
        with mock.patch('django_session_jwt.middleware.session.ALGO', algo), \
             mock.patch('django_session_jwt.middleware.session.PUBKEY', pubkey):
            fields = session.verify_jwt(jwt)
            self.assertEqual(fields['sk'], session_key)


class ViewTestCase(BaseTestCase):
    """
    Test django sessions / views.
    """

    def test_login(self):
        "Test logging in a user via POST"
        r = self.client.post('/login/', {'username': 'john', 'password': 'password'})
        self.assertEqual(r.status_code, 200)
        fields = session.verify_jwt(r.cookies[settings.SESSION_COOKIE_NAME].value)
        self.assertTrue('id' in fields)       # short form
        self.assertTrue('user_id' in fields)  # long form
        self.assertTrue('u' in fields)        # short form
        self.assertTrue('username' in fields) # long form
        self.assertTrue('e' in fields)        # short form
        self.assertTrue('email' in fields)    # long form
        self.assertFalse('i' in fields)       # short form
        self.assertFalse('invalid' in fields) # long form
        self.assertTrue('foo' in fields)      # from callable

    def test_session(self):
        "Test persisting session data"
        r = self.client.post('/login/', {'username': 'john', 'password': 'password'})
        self.assertEqual(r.status_code, 200)
        r = self.client.post('/set/', { 'a': '12345', 'b': 'abcde' })
        self.assertEqual(r.status_code, 200)
        r = self.client.get('/get/')
        self.assertEqual(r.status_code, 200)
        json = r.json()
        self.assertEqual(json['a'], '12345')
        self.assertEqual(json['b'], 'abcde')

    def test_expiration(self):
        "Test JWT exp field handling"
        r = self.client.post('/login/', {'username': 'john', 'password': 'password'})
        self.assertEqual(r.status_code, 200)
        r = self.client.post('/set/', { 'a': '12345', 'b': 'abcde' })
        self.assertEqual(r.status_code, 200)
        fields = session.verify_jwt(r.cookies[settings.SESSION_COOKIE_NAME].value)
        # JWT expiration should exceed cookie expiration.
        expires = r.cookies[settings.SESSION_COOKIE_NAME]['expires']
        # Normalize date format (different Django versions use - or <space>)
        expires = expires.replace('-', ' ')
        # format: "Fri, 14 Aug 2020 19:27:28 GMT"
        expires = int(time.mktime(datetime.strptime(expires, '%a, %d %b %Y %H:%M:%S %Z').timetuple()))
        self.assertGreater(expires, fields['exp'])

    def test_anonymous_session(self):
        "Test anonymous session"
        client = BaseClient()
        r = client.get('/get/')
        self.assertEqual(r.status_code, 200)
        self.assertIsNone(r.cookies.get(settings.SESSION_COOKIE_NAME))

    @override_settings(SESSION_SAVE_EVERY_REQUEST=True)
    def test_unauthenicated_view(self):
        "Test valid JWT with unauthenticated view"
        client = BaseClient()
        with freeze_time('2020-01-01T09:00:00'):
            client.cookies[settings.SESSION_COOKIE_NAME] = session.create_jwt(
                self.user,
                self.client.session.session_key,
            )
            jwt1 = session.verify_jwt(
                client.cookies[settings.SESSION_COOKIE_NAME].value)

        with freeze_time('2020-01-01T09:05:00'):
            r = client.get('/get/')

            self.assertEqual(r.status_code, 200)
            jwt2 = session.verify_jwt(
                r.cookies.get(settings.SESSION_COOKIE_NAME).value)
        self.assertNotEqual(jwt1['iat'], jwt2['iat'])


class TestClientTestCase(BaseTestCase):
    def test_login(self):
        "Test logging in a user using Client.login()"
        ret = self.client.login(username='john', password='password')
        self.assertTrue(ret)
        fields = session.verify_jwt(self.client.cookies[settings.SESSION_COOKIE_NAME].value)
        self.assertTrue('id' in fields)       # short form
        self.assertTrue('user_id' in fields)  # long form
        self.assertTrue('u' in fields)        # short form
        self.assertTrue('username' in fields) # long form
        self.assertTrue('e' in fields)        # short form
        self.assertTrue('email' in fields)    # long form
        self.assertTrue('foo' in fields)      # from callable

1	import time	28✔
2	from unittest import mock	28✔
3
4	from os.path import dirname, normpath	28✔
5	from os.path import join as pathjoin	28✔
6
7	from datetime import datetime	28✔
8
9	from django.conf import settings	28✔
10	from django.test import override_settings	28✔
11	from django.test import TestCase	28✔
12	from django.contrib.auth import get_user_model	28✔
13	from django.test.client import Client as BaseClient	28✔
14
15	from django_session_jwt.middleware import session	28✔
16	from django_session_jwt.test import Client	28✔
17
18	from freezegun import freeze_time	28✔
19
20	User = get_user_model()	28✔
21
22
23	class BaseTestCase(TestCase):	28✔
24	"""
25	Make a user and test client available.
26	"""
27
28	def setUp(self):	28✔
29	self.user = User.objects.create_user('john', 'john@domain.com', 'password')	28✔
30	self.client = Client()	28✔
31
32
33	class JWTTestCase(BaseTestCase):	28✔
34	"""
35	Test low-level JWT handling.
36	"""
37
38	def test_create(self):	28✔
39	"Test JWT creation / verification"
40	session_key = '1234abcdef'	28✔
41	jwt = session.create_jwt(self.user, session_key)	28✔
42	fields = session.verify_jwt(jwt)	28✔
43	self.assertEqual(fields['sk'], session_key)	28✔
44
45	def test_asymmetrical(self):	28✔
46	"Test using RSA key"
47	key, pubkey, algo = session._parse_key((	28✔
48	normpath(pathjoin(dirname(__file__), '../keys/rsa')),
49	normpath(pathjoin(dirname(__file__), '../keys/rsa.pub'))
50	))
51
52	with mock.patch('django_session_jwt.middleware.session.ALGO', algo), \	28✔
53	mock.patch('django_session_jwt.middleware.session.KEY', key):
54	session_key = '1234abcdef'	28✔
55	jwt = session.create_jwt(self.user, session_key)	28✔
56	with mock.patch('django_session_jwt.middleware.session.ALGO', algo), \	28✔
57	mock.patch('django_session_jwt.middleware.session.PUBKEY', pubkey):
58	fields = session.verify_jwt(jwt)	28✔
59	self.assertEqual(fields['sk'], session_key)	28✔
60
61
62	class ViewTestCase(BaseTestCase):	28✔
63	"""
64	Test django sessions / views.
65	"""
66
67	def test_login(self):	28✔
68	"Test logging in a user via POST"
69	r = self.client.post('/login/', {'username': 'john', 'password': 'password'})	28✔
70	self.assertEqual(r.status_code, 200)	28✔
71	fields = session.verify_jwt(r.cookies[settings.SESSION_COOKIE_NAME].value)	28✔
72	self.assertTrue('id' in fields) # short form	28✔
73	self.assertTrue('user_id' in fields) # long form	28✔
74	self.assertTrue('u' in fields) # short form	28✔
75	self.assertTrue('username' in fields) # long form	28✔
76	self.assertTrue('e' in fields) # short form	28✔
77	self.assertTrue('email' in fields) # long form	28✔
78	self.assertFalse('i' in fields) # short form	28✔
79	self.assertFalse('invalid' in fields) # long form	28✔
80	self.assertTrue('foo' in fields) # from callable	28✔
81
82	def test_session(self):	28✔
83	"Test persisting session data"
84	r = self.client.post('/login/', {'username': 'john', 'password': 'password'})	28✔
85	self.assertEqual(r.status_code, 200)	28✔
86	r = self.client.post('/set/', { 'a': '12345', 'b': 'abcde' })	28✔
87	self.assertEqual(r.status_code, 200)	28✔
88	r = self.client.get('/get/')	28✔
89	self.assertEqual(r.status_code, 200)	28✔
90	json = r.json()	28✔
91	self.assertEqual(json['a'], '12345')	28✔
92	self.assertEqual(json['b'], 'abcde')	28✔
93
94	def test_expiration(self):	28✔
95	"Test JWT exp field handling"
96	r = self.client.post('/login/', {'username': 'john', 'password': 'password'})	28✔
97	self.assertEqual(r.status_code, 200)	28✔
98	r = self.client.post('/set/', { 'a': '12345', 'b': 'abcde' })	28✔
99	self.assertEqual(r.status_code, 200)	28✔
100	fields = session.verify_jwt(r.cookies[settings.SESSION_COOKIE_NAME].value)	28✔
101	# JWT expiration should exceed cookie expiration.
102	expires = r.cookies[settings.SESSION_COOKIE_NAME]['expires']	28✔
103	# Normalize date format (different Django versions use - or <space>)
104	expires = expires.replace('-', ' ')	28✔
105	# format: "Fri, 14 Aug 2020 19:27:28 GMT"
106	expires = int(time.mktime(datetime.strptime(expires, '%a, %d %b %Y %H:%M:%S %Z').timetuple()))	28✔
107	self.assertGreater(expires, fields['exp'])	28✔
108
109	def test_anonymous_session(self):	28✔
110	"Test anonymous session"
111	client = BaseClient()	28✔
112	r = client.get('/get/')	28✔
113	self.assertEqual(r.status_code, 200)	28✔
114	self.assertIsNone(r.cookies.get(settings.SESSION_COOKIE_NAME))	28✔
115
116	@override_settings(SESSION_SAVE_EVERY_REQUEST=True)	28✔
117	def test_unauthenicated_view(self):	28✔
118	"Test valid JWT with unauthenticated view"
119	client = BaseClient()	28✔
120	with freeze_time('2020-01-01T09:00:00'):	28✔
121	client.cookies[settings.SESSION_COOKIE_NAME] = session.create_jwt(	28✔
122	self.user,
123	self.client.session.session_key,
124	)
125	jwt1 = session.verify_jwt(	28✔
126	client.cookies[settings.SESSION_COOKIE_NAME].value)
127
128	with freeze_time('2020-01-01T09:05:00'):	28✔
129	r = client.get('/get/')	28✔
130
131	self.assertEqual(r.status_code, 200)	28✔
132	jwt2 = session.verify_jwt(	28✔
133	r.cookies.get(settings.SESSION_COOKIE_NAME).value)
134	self.assertNotEqual(jwt1['iat'], jwt2['iat'])	28✔
135
136
137	class TestClientTestCase(BaseTestCase):	28✔
138	def test_login(self):	28✔
139	"Test logging in a user using Client.login()"
140	ret = self.client.login(username='john', password='password')	28✔
141	self.assertTrue(ret)	28✔
142	fields = session.verify_jwt(self.client.cookies[settings.SESSION_COOKIE_NAME].value)	28✔
143	self.assertTrue('id' in fields) # short form	28✔
144	self.assertTrue('user_id' in fields) # long form	28✔
145	self.assertTrue('u' in fields) # short form	28✔
146	self.assertTrue('username' in fields) # long form	28✔
147	self.assertTrue('e' in fields) # short form	28✔
148	self.assertTrue('email' in fields) # long form	28✔
149	self.assertTrue('foo' in fields) # from callable	28✔

smartfile / django-session-jwt / 4120103744

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous