test: Add a test to check the token version increase during registration.

Author: RandomProgramm3r

promo_code/user/serializers.py

@@ -66,6 +66,8 @@ def create(self, validated_data):
                 other=validated_data['other'],
                 password=validated_data['password'],
             )
+            user.token_version += 1
+            user.save()
             return user
         except django.core.exceptions.ValidationError as e:
             raise rest_framework.serializers.ValidationError(e.messages)

promo_code/user/tests.py

@@ -324,7 +324,7 @@ def test_valid_registration(self):
             response.status_code,
             rest_framework.status.HTTP_200_OK,
         )
-        self.assertIn('token', response.data)
+        self.assertIn('access', response.data)
         self.assertTrue(
             user.models.User.objects.filter(
                 email='[email protected]',
@@ -391,7 +391,7 @@ def test_signin_success(self):
 
 class JWTTests(rest_framework.test.APITestCase):
     def setUp(self):
-
+        self.signup_url = django.urls.reverse('api-user:sign-up')
         self.signin_url = django.urls.reverse('api-user:sign-in')
         self.protected_url = django.urls.reverse('api-core:protected')
         self.refresh_url = django.urls.reverse('api-user:token_refresh')
@@ -428,6 +428,47 @@ def test_access_protected_view_with_valid_token(self):
         self.assertEqual(response.status_code, 200)
         self.assertEqual(response.data['status'], 'request was permitted')
 
+    def test_registration_token_invalid_after_login(self):
+        data = {
+            'email': '[email protected]',
+            'password': 'StrongPass123!cd',
+            'name': 'John',
+            'surname': 'Doe',
+            'other': {'age': 22, 'country': 'us'},
+        }
+        response = self.client.post(
+            self.signup_url,
+            data,
+            format='json',
+        )
+        reg_access_token = response.data['access']
+
+        self.client.credentials(
+            HTTP_AUTHORIZATION=f'Bearer {reg_access_token}',
+        )
+        response = self.client.get(self.protected_url)
+        self.assertEqual(response.status_code, 200)
+
+        login_data = {'email': data['email'], 'password': data['password']}
+        response = self.client.post(
+            self.signin_url,
+            login_data,
+            format='json',
+        )
+        login_access_token = response.data['access']
+
+        self.client.credentials(
+            HTTP_AUTHORIZATION=f'Bearer {reg_access_token}',
+        )
+        response = self.client.get(self.protected_url)
+        self.assertEqual(response.status_code, 401)
+
+        self.client.credentials(
+            HTTP_AUTHORIZATION=f'Bearer {login_access_token}',
+        )
+        response = self.client.get(self.protected_url)
+        self.assertEqual(response.status_code, 200)
+
     def test_refresh_token_invalidation_after_new_login(self):
 
         first_login_response = self.client.post(

promo_code/user/views.py

@@ -36,8 +36,10 @@ def create(self, request, *args, **kwargs):
 
         user = serializer.save()
         refresh = rest_framework_simplejwt.tokens.RefreshToken.for_user(user)
+        refresh['token_version'] = user.token_version
+        access_token = refresh.access_token
         return rest_framework.response.Response(
-            {'token': str(refresh.access_token)},
+            {'access': str(access_token), 'refresh': str(refresh)},
             status=rest_framework.status.HTTP_200_OK,
         )