[refresh-token] rewrite refresh token tests without utcnow patching

alvinchow86 · alvinchow86 · commit 2488ddbaad56 · 2014-08-18T01:20:59.000-07:00
[refresh-token] cleanup
diff --git a/rest_framework_jwt/serializers.py b/rest_framework_jwt/serializers.py
@@ -3,7 +3,7 @@
 import jwt
 
 from django.contrib.auth import authenticate, get_user_model
-from rest_framework import serializers, exceptions
+from rest_framework import serializers
 
 from rest_framework_jwt.settings import api_settings
 
@@ -103,7 +103,8 @@ def validate(self, attrs):
             # Verify expiration
             renewal_limit = api_settings.JWT_TOKEN_RENEWAL_LIMIT
             if isinstance(renewal_limit, timedelta):
-                renewal_limit = renewal_limit.days * 24 * 3600 + renewal_limit.seconds
+                renewal_limit = (renewal_limit.days * 24 * 3600 +
+                                 renewal_limit.seconds)
             expiration_timestamp = (
                 orig_iat +
                 int(renewal_limit)
diff --git a/rest_framework_jwt/tests/simtime.py b/rest_framework_jwt/tests/simtime.py
diff --git a/rest_framework_jwt/tests/test_views.py b/rest_framework_jwt/tests/test_views.py
@@ -1,20 +1,18 @@
 from calendar import timegm
 from datetime import datetime, timedelta
+import time
 
 from django.test import TestCase
 from django.conf import settings
 from django.contrib.auth.models import User
-import jwt
+
 from rest_framework import status
 from rest_framework.compat import patterns
 from rest_framework.test import APIClient
 
-import rest_framework_jwt.serializers
 from rest_framework_jwt import utils
 from rest_framework_jwt.runtests.models import CustomUser
 from rest_framework_jwt.settings import api_settings, DEFAULTS
-from rest_framework_jwt.tests import simtime
-from rest_framework_jwt.tests.simtime import SimulationDatetime
 
 urlpatterns = patterns(
     '',
@@ -168,36 +166,39 @@ def setUp(self):
         super(RefreshJSONWebTokenTests, self).setUp()
         api_settings.JWT_ALLOW_TOKEN_RENEWAL = True
 
-        # monkey patch datetime objects in places that use datetime.utcnow()
-        jwt.datetime = SimulationDatetime
-        rest_framework_jwt.serializers.datetime = SimulationDatetime
-        utils.datetime = SimulationDatetime
-
     def get_token(self):
         client = APIClient(enforce_csrf_checks=True)
         response = client.post('/auth-token/', self.data, format='json')
         return response.data['token']
 
+    def create_token(self, user, exp=None, orig_iat=None):
+        payload = utils.jwt_payload_handler(self.user)
+        if exp:
+            payload['exp'] = exp
+
+        if orig_iat:
+            payload['orig_iat'] = timegm(orig_iat.utctimetuple())
+
+        token = utils.jwt_encode_handler(payload)
+        return token
+
     def test_refresh_jwt(self):
         """
         Test getting a refreshed token from original token works
         """
         client = APIClient(enforce_csrf_checks=True)
 
-        # Set simulation time to now
-        currtime = datetime.utcnow()
-        simtime.set_simtime(currtime)
-
         orig_token = self.get_token()
         orig_token_decoded = utils.jwt_decode_handler(orig_token)
 
-        # Make sure 'orig_iat' exists and is the current time
+        expected_orig_iat = timegm(datetime.utcnow().utctimetuple())
+
+        # Make sure 'orig_iat' exists and is the current time (give some slack)
         orig_iat = orig_token_decoded['orig_iat']
-        self.assertEquals(orig_iat, timegm(currtime.utctimetuple()))
+        self.assertLessEqual(orig_iat - expected_orig_iat, 1)
 
-        # Fast-forward to later time (but before first token expires)
-        currtime += api_settings.JWT_EXPIRATION_DELTA - timedelta(seconds=30)
-        simtime.set_simtime(currtime)
+        # wait a few seconds, so new token will have different exp
+        time.sleep(2)
 
         # Now try to get a refreshed token
         response = client.post('/auth-token-refresh/', {'token': orig_token},
@@ -207,7 +208,7 @@ def test_refresh_jwt(self):
         new_token = response.data['token']
         new_token_decoded = utils.jwt_decode_handler(new_token)
 
-        # Make sure 'orig_iat' on the new token is same as origina
+        # Make sure 'orig_iat' on the new token is same as original
         self.assertEquals(new_token_decoded['orig_iat'], orig_iat)
         self.assertGreater(new_token_decoded['exp'], orig_token_decoded['exp'])
 
@@ -216,14 +217,13 @@ def test_refresh_jwt_fails_with_expired_token(self):
         Test that using an expired token to refresh won't work
         """
         client = APIClient(enforce_csrf_checks=True)
-        token = self.get_token()
 
-        # Fast-forward to after token expires
-        after_expire = (
-            datetime.utcnow() + api_settings.JWT_EXPIRATION_DELTA +
-            timedelta(seconds=10)
+        # Make an expired token..
+        token = self.create_token(
+            self.user,
+            exp=datetime.utcnow() - timedelta(seconds=5),
+            orig_iat=datetime.utcnow() - timedelta(hours=1)
         )
-        simtime.set_simtime(after_expire)
 
         response = client.post('/auth-token-refresh/', {'token': token},
                                format='json')
@@ -235,36 +235,17 @@ def test_refresh_jwt_after_renewal_expiration(self):
         """
         Test that token can't be refreshed after token renewal limit
         """
-        # For simpler test, make the RENEWAL_LIMIT just a bit larger than
-        # EXPIRATION_DELTA
-        api_settings.JWT_TOKEN_RENEWAL_LIMIT = (
-            api_settings.JWT_EXPIRATION_DELTA +
-            api_settings.JWT_EXPIRATION_DELTA / 2
-        )
-
         client = APIClient(enforce_csrf_checks=True)
 
-        initial_time = datetime.utcnow()
-
-        token1 = self.get_token()
-
-        # Token1 refresh to Token2, just before it expires
-        currtime = (initial_time + api_settings.JWT_EXPIRATION_DELTA -
+        orig_iat = (datetime.utcnow() - api_settings.JWT_TOKEN_RENEWAL_LIMIT -
                     timedelta(seconds=5))
+        token = self.create_token(
+            self.user,
+            exp=datetime.utcnow() + timedelta(hours=1),
+            orig_iat=orig_iat
+        )
 
-        simtime.set_simtime(currtime)
-
-        response = client.post('/auth-token-refresh/', {'token': token1},
-                               format='json')
-        token2 = response.data['token']
-
-        # Fast-forward to after token renewal expiration
-        # Token2 hasn't expired yet, but it can't be used to renew anymore!
-        currtime = (initial_time + api_settings.JWT_TOKEN_RENEWAL_LIMIT +
-                    timedelta(minutes=1))
-        simtime.set_simtime(currtime)
-
-        response = client.post('/auth-token-refresh/', {'token': token2},
+        response = client.post('/auth-token-refresh/', {'token': token},
                                format='json')
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
         self.assertEqual(response.data['non_field_errors'][0],
@@ -274,13 +255,3 @@ def tearDown(self):
         # Restore original settings
         api_settings.JWT_ALLOW_TOKEN_RENEWAL = \
             DEFAULTS['JWT_ALLOW_TOKEN_RENEWAL']
-
-        api_settings.JWT_TOKEN_RENEWAL_LIMIT = \
-            DEFAULTS['JWT_TOKEN_RENEWAL_LIMIT']
-
-        # Undo datetime monkeypatching
-        jwt.datetime = orig_datetime
-        rest_framework_jwt.serializers.datetime = orig_datetime
-        utils.datetime = orig_datetime
-
-        simtime.clear_simtime()
diff --git a/rest_framework_jwt/utils.py b/rest_framework_jwt/utils.py
@@ -5,15 +5,11 @@
 
 
 def jwt_payload_handler(user):
-    delta_timestamp = (datetime.utcnow() + api_settings.JWT_EXPIRATION_DELTA) - datetime(1970,1,1)
-    # total seconds
-    exp = delta_timestamp.seconds + delta_timestamp.days * 24 * 3600
-
     return {
         'user_id': user.pk,
         'email': user.email,
         'username': user.get_username(),
-        'exp': exp
+        'exp': datetime.utcnow() + api_settings.JWT_EXPIRATION_DELTA
     }
 
 
