taiga
/
taiga-back
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #134 from taigaio/bug/1393/failing-token-for-logged-users 

Fixing error when recovering the user token and the key doesn't exist
remotes/origin/enhancement/email-actions
David Barragán Merino 2014-10-20 12:28:01 +02:00
parent 8614a49d0d 2cc65a17cb
commit 184f97dde1
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
taiga/auth/tokens.py
View File

@ -48,7 +48,7 @@ def get_user_for_token(token, scope, max_age=None):
try: try:
user = model_cls.objects.get(pk=data["user_%s_id"%(scope)]) user = model_cls.objects.get(pk=data["user_%s_id"%(scope)])
except model_cls.DoesNotExist: except (model_cls.DoesNotExist, KeyError):
raise exc.NotAuthenticated("Invalid token") raise exc.NotAuthenticated("Invalid token")
else: else:
return user return user

52
tests/unit/test_tokens.py Normal file
View File

@ -0,0 +1,52 @@
# Copyright (C) 2014 Andrey Antukh <niwi@niwi.be>
# Copyright (C) 2014 Jesús Espino <jespinog@gmail.com>
# Copyright (C) 2014 David Barragán <bameda@dbarragan.com>
# Copyright (C) 2014 Anler Hernández <hello@anler.me>
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
import pytest
from .. import factories as f
from taiga.base import exceptions as exc
from taiga.auth.tokens import get_token_for_user, get_user_for_token
pytestmark = pytest.mark.django_db
def test_valid_token():
user = f.UserFactory.create(email="old@email.com")
token = get_token_for_user(user, "testing_scope")
user_from_token = get_user_for_token(token, "testing_scope")
assert user.id == user_from_token.id
@pytest.mark.xfail(raises=exc.NotAuthenticated)
def test_invalid_token():
user = f.UserFactory.create(email="old@email.com")
user_from_token = get_user_for_token("testing_invalid_token", "testing_scope")
@pytest.mark.xfail(raises=exc.NotAuthenticated)
def test_invalid_token_expiration():
user = f.UserFactory.create(email="old@email.com")
token = get_token_for_user(user, "testing_scope")
user_from_token = get_user_for_token(token, "testing_scope", max_age=1)
@pytest.mark.xfail(raises=exc.NotAuthenticated)
def test_invalid_token_scope():
user = f.UserFactory.create(email="old@email.com")
token = get_token_for_user(user, "testing_scope")
user_from_token = get_user_for_token(token, "testing_invalid_scope")