|
8 | 8 | :license: MIT, see LICENSE for more details. |
9 | 9 | """ |
10 | 10 |
|
11 | | -from datetime import datetime, timedelta |
| 11 | +from datetime import datetime, timedelta, timezone |
12 | 12 | import math |
13 | 13 |
|
14 | 14 | import pytest |
| 15 | +from freezegun import freeze_time |
| 16 | +from itsdangerous import SignatureExpired |
15 | 17 | from sqlalchemy import Column, String |
16 | 18 |
|
17 | 19 | from flask_security.datastore import PeeweeDatastore |
18 | 20 | from flask_security.tokens import RefreshTokenErrors |
| 21 | +from flask_security.utils import parse_auth_token |
19 | 22 | from tests.test_csrf import _get_csrf_token |
20 | 23 | from tests.test_utils import ( |
21 | 24 | check_signals, |
@@ -371,3 +374,33 @@ def test_refresh_token_csrf(app, client, get_message): |
371 | 374 | user = app.security.datastore.find_user(email="matt@lp.com") |
372 | 375 | assert len(user.refresh_trackers) == 1 |
373 | 376 | assert user.refresh_trackers[0].revoked_at is not None |
| 377 | + |
| 378 | + |
| 379 | +@pytest.mark.settings(token_max_age=60) |
| 380 | +def test_auth_token_max_age_int(app, client_nc): |
| 381 | + with app.app_context(): |
| 382 | + with freeze_time(datetime.now(timezone.utc) + timedelta(minutes=-3)): |
| 383 | + response = json_authenticate(client_nc) |
| 384 | + token = response.json["response"]["user"]["authentication_token"] |
| 385 | + with pytest.raises(SignatureExpired): |
| 386 | + parse_auth_token(token) |
| 387 | + |
| 388 | + |
| 389 | +@pytest.mark.settings(token_max_age=timedelta(days=3)) |
| 390 | +def test_auth_token_max_age_delta(app, client_nc): |
| 391 | + with app.app_context(): |
| 392 | + with freeze_time(datetime.now(timezone.utc) + timedelta(days=-5)): |
| 393 | + response = json_authenticate(client_nc) |
| 394 | + token = response.json["response"]["user"]["authentication_token"] |
| 395 | + with pytest.raises(SignatureExpired): |
| 396 | + parse_auth_token(token) |
| 397 | + |
| 398 | + |
| 399 | +@pytest.mark.settings(token_max_age=0) |
| 400 | +def test_auth_token_max_age_0(app, client_nc): |
| 401 | + with app.app_context(): |
| 402 | + with freeze_time(datetime.now(timezone.utc) + timedelta(weeks=-1000)): |
| 403 | + response = json_authenticate(client_nc) |
| 404 | + token = response.json["response"]["user"]["authentication_token"] |
| 405 | + with pytest.raises(SignatureExpired): |
| 406 | + parse_auth_token(token) |
0 commit comments