我只是想了解djangorestframework-simplejwt到期,并想知道令牌到期时返回的内容。
为了探索这一点,我在django项目中编写了一个简单的测试用例,但似乎无法使到期发生。
views.py
import json
from http import HTTPStatus
from django.http import JsonResponse
from rest_framework.decorators import api_view
from .models import Visitor
@api_view(["POST"])
def visitor_post(request):
body_unicode = request.body.decode("utf-8")
if not body_unicode.strip():
return JsonResponse({"status": HTTPStatus.BAD_REQUEST}, status=HTTPStatus.BAD_REQUEST)
body = json.loads(body_unicode)
submitted_datetime = body["submitted_datetime"]
visitor = Visitor(
representative_name=body["representative_name"],
visitor_type=body["visitor_type"],
visitor_count=body["visitor_count"],
submitted_datetime=submitted_datetime,
)
visitor.save()
return JsonResponse({"status": HTTPStatus.CREATED}, status=HTTPStatus.CREATED)
当前我的测试用例如下:
tests.py
import datetime
import json
from time import sleep
from http import HTTPStatus
from typing import Optional, Tuple
from accounts.models import CustomUser
from django.urls import reverse
from django.utils import timezone
from django.test import override_settings
from rest_framework.test import APIClient, APITestCase
EXPIRE_WAIT_SECONDS = 5
SIMPLE_JWT_EXPIRE_TEST_SETTINGS = {
"ACCESS_TOKEN_LIFETIME": datetime.timedelta(seconds=EXPIRE_WAIT_SECONDS),
"REFRESH_TOKEN_LIFETIME": datetime.timedelta(days=14),
"ROTATE_REFRESH_TOKENS": True,
"BLACKLIST_AFTER_ROTATION": False,
"ALGORITHM": "HS256",
"SIGNING_KEY": 'kkdkasjf;a',
"VERIFYING_KEY": None,
"AUTH_HEADER_TYPES": ("JWT",),
"USER_ID_FIELD": "id",
"USER_ID_CLAIM": "user_id",
"AUTH_TOKEN_CLASSES": ("rest_framework_simplejwt.tokens.AccessToken",),
"TOKEN_TYPE_CLAIM": "token_type",
}
class ViewsTestCase(APITestCase):
def setUp(self):
self.valid_user = CustomUser(last_name="user", first_name="valid", username="validuser", email="[email protected]")
self.valid_user_password = "mysecretpassword"
self.valid_user.set_password(self.valid_user_password)
self.valid_user.save()
self.apiclient = APIClient()
def _get_jwt_token(self, username: Optional[str] = None, password: Optional[str] = None) -> Tuple[str, str]:
if not username:
username = self.valid_user.username
if not password:
password = self.valid_user_password
body = {"username": username, "password": password}
url = reverse("token_obtain_pair")
response = self.apiclient.post(url, data=body, format="json")
self.assertEqual(response.status_code, 200)
token_data = json.loads(response.content)
return token_data["access"], token_data["refresh"]
@override_settings(SIMPLE_JWT=SIMPLE_JWT_EXPIRE_TEST_SETTINGS)
def test_visitor_post_token_expire(self):
access_token, _ = self._get_jwt_token()
now = timezone.now()
data = {
"representative_name": "Somename",
"visitor_count": 1,
"submitted_datetime": now.isoformat(),
}
sleep(EXPIRE_WAIT_SECONDS + 1)
self.apiclient.credentials(HTTP_AUTHORIZATION=f"JWT {access_token}")
url = "/visitors/"
response = self.apiclient.post(url, data=data, format="json")
self.assertEqual(response.status_code, HTTPStatus.UNAUTHORIZED)
我希望这会导致某种授权错误,例如401之类的东西,但它似乎仍会创建受保护的视图。
self.assertEqual(response.status_code,HTTPStatus.UNAUTHORIZED)AssertionError:201!= HTTPStatus.UNAUTHORIZED:401
为什么令牌不过期?或者,如何使令牌过期?
也许我不太了解。
我的理解是,当ACCESS_TOKEN_LIFETIME过期时,您将无法再使用access_token,而需要使用refresh令牌获取新令牌。正确吗?
插件必须在启动时进行设置并实例化其对象。在运行时,它不会再次读取设置,因此覆盖它们是无用的。
正如您所做的那样,测试此功能的正确方法是使用单独的设置模块进行测试,并将插件配置放在此处。