Skip to content
Snippets Groups Projects
Normal view Permalink
test_jwt.py 797 B
Newer Older
  • Learn to ignore specific revisions
    • Eliot Berriot's avatar
    Fixed #56: invalidate tokens on password change, also added change password form
    Eliot Berriot committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 
    import pytest
import uuid

from jwt.exceptions import DecodeError
from rest_framework_jwt.settings import api_settings

from funkwhale_api.users.models import User

def test_can_invalidate_token_when_changing_user_secret_key(factories):
    user = factories['users.User']()
    u1 = user.secret_key
    jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER
    jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER
    payload = jwt_payload_handler(user)
    payload = jwt_encode_handler(payload)

    # this should work
    api_settings.JWT_DECODE_HANDLER(payload)

    # now we update the secret key
    user.update_secret_key()
    user.save()
    assert user.secret_key != u1

    # token should be invalid
    with pytest.raises(DecodeError):
        api_settings.JWT_DECODE_HANDLER(payload)