test: Add tests for JWT authentication.

RandomProgramm3r · RandomProgramm3r · commit e9267f6fd96e · 2025-03-15T00:17:16.000+03:00
diff --git a/promo_code/user/tests.py b/promo_code/user/tests.py
@@ -3,6 +3,7 @@
 import parameterized
 import rest_framework.status
 import rest_framework.test
+import rest_framework_simplejwt.token_blacklist.models as tb_models
 
 import user.models
 
@@ -386,3 +387,127 @@ def test_signin_success(self):
             response.status_code,
             rest_framework.status.HTTP_200_OK,
         )
+
+
+class JWTTests(rest_framework.test.APITestCase):
+    def setUp(self):
+
+        self.signin_url = django.urls.reverse('api-user:sign-in')
+        self.protected_url = django.urls.reverse('api-core:protected')
+        self.refresh_url = django.urls.reverse('api-user:token_refresh')
+        user.models.User.objects.create_user(
+            name='John',
+            surname='Doe',
+            email='example@example.com',
+            password='SuperStrongPassword2000!',
+            other={'age': 25, 'country': 'us'},
+        )
+        self.user_data = {
+            'email': 'example@example.com',
+            'password': 'SuperStrongPassword2000!',
+        }
+
+        super(JWTTests, self).setUp()
+
+    def tearDown(self):
+        user.models.User.objects.all().delete()
+
+        super(JWTTests, self).tearDown()
+
+    def test_access_protected_view_with_valid_token(self):
+        response = self.client.post(
+            self.signin_url,
+            self.user_data,
+            format='json',
+        )
+
+        token = response.data['access']
+
+        self.client.credentials(HTTP_AUTHORIZATION='Bearer ' + token)
+        response = self.client.get(self.protected_url)
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.data['status'], 'request was permitted')
+
+    def test_refresh_token_invalidation_after_new_login(self):
+
+        first_login_response = self.client.post(
+            self.signin_url,
+            self.user_data,
+            format='json',
+        )
+        refresh_token_v1 = first_login_response.data['refresh']
+
+        second_login_response = self.client.post(
+            self.signin_url,
+            self.user_data,
+            format='json',
+        )
+        refresh_token_v2 = second_login_response.data['refresh']
+
+        refresh_response_v1 = self.client.post(
+            self.refresh_url,
+            {'refresh': refresh_token_v1},
+            format='json',
+        )
+        self.assertEqual(
+            refresh_response_v1.status_code,
+            rest_framework.status.HTTP_401_UNAUTHORIZED,
+        )
+        self.assertEqual(refresh_response_v1.data['code'], 'token_not_valid')
+        self.assertEqual(
+            str(refresh_response_v1.data['detail']),
+            'Token is blacklisted',
+        )
+
+        refresh_response_v2 = self.client.post(
+            self.refresh_url,
+            {'refresh': refresh_token_v2},
+            format='json',
+        )
+        self.assertEqual(
+            refresh_response_v2.status_code,
+            rest_framework.status.HTTP_200_OK,
+        )
+        self.assertIn('access', refresh_response_v2.data)
+
+        self.client.credentials(
+            HTTP_AUTHORIZATION='Bearer ' + first_login_response.data['access'],
+        )
+        protected_response = self.client.get(self.protected_url)
+        self.assertEqual(
+            protected_response.status_code,
+            rest_framework.status.HTTP_401_UNAUTHORIZED,
+        )
+
+    def test_blacklist_storage(self):
+
+        self.client.post(self.signin_url, self.user_data, format='json')
+
+        self.client.post(self.signin_url, self.user_data, format='json')
+
+        self.assertEqual(
+            (tb_models.BlacklistedToken.objects.count()),
+            1,
+        )
+        self.assertEqual(
+            (tb_models.OutstandingToken.objects.count()),
+            2,
+        )
+
+    def test_token_version_increment(self):
+        response1 = self.client.post(
+            self.signin_url,
+            self.user_data,
+            format='json',
+        )
+        self.assertEqual(response1.data['token_version'], 1)
+
+        response2 = self.client.post(
+            self.signin_url,
+            self.user_data,
+            format='json',
+        )
+        self.assertEqual(response2.data['token_version'], 2)
+
+        user_ = user.models.User.objects.get(email=self.user_data['email'])
+        self.assertEqual(user_.token_version, 2)
