Skip to content

Commit 4161f7f

Browse files
author
IndominusByte
committed
add test token in multiple location
1 parent b3b8962 commit 4161f7f

File tree

2 files changed

+79
-4
lines changed

2 files changed

+79
-4
lines changed

tests/test_cookies.py

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -289,12 +289,11 @@ def custom_header_name_cookie_key():
289289

290290
if url != "/jwt-refresh":
291291
response = client.post(url,headers={"X-CSRF-Access": csrf_access})
292-
assert response.status_code == 200
293-
assert response.json() == {'hello': 1}
294292
else:
295293
response = client.post(url,headers={"X-CSRF-Refresh": csrf_refresh})
296-
assert response.status_code == 200
297-
assert response.json() == {'hello': 1}
294+
295+
assert response.status_code == 200
296+
assert response.json() == {'hello': 1}
298297

299298
# missing csrf token
300299
response = client.post(url)
Lines changed: 76 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,76 @@
1+
import pytest
2+
from fastapi_jwt_auth import AuthJWT
3+
from fastapi import FastAPI, Depends
4+
from fastapi.testclient import TestClient
5+
6+
@pytest.fixture(scope='function')
7+
def client():
8+
app = FastAPI()
9+
10+
@app.get('/get-token')
11+
def get_token(Authorize: AuthJWT = Depends()):
12+
access_token = Authorize.create_access_token(subject=1,fresh=True)
13+
refresh_token = Authorize.create_refresh_token(subject=1)
14+
15+
Authorize.set_access_cookies(access_token)
16+
Authorize.set_refresh_cookies(refresh_token)
17+
return {"access": access_token, "refresh": refresh_token}
18+
19+
@app.post('/jwt-optional')
20+
def jwt_optional(Authorize: AuthJWT = Depends()):
21+
Authorize.jwt_optional()
22+
return {"hello": Authorize.get_jwt_subject()}
23+
24+
@app.post('/jwt-required')
25+
def jwt_required(Authorize: AuthJWT = Depends()):
26+
Authorize.jwt_required()
27+
return {"hello": Authorize.get_jwt_subject()}
28+
29+
@app.post('/jwt-refresh')
30+
def jwt_refresh(Authorize: AuthJWT = Depends()):
31+
Authorize.jwt_refresh_token_required()
32+
return {"hello": Authorize.get_jwt_subject()}
33+
34+
@app.post('/jwt-fresh')
35+
def jwt_fresh(Authorize: AuthJWT = Depends()):
36+
Authorize.fresh_jwt_required()
37+
return {"hello": Authorize.get_jwt_subject()}
38+
39+
client = TestClient(app)
40+
return client
41+
42+
@pytest.mark.parametrize("url",["/jwt-optional","/jwt-required","/jwt-refresh","/jwt-fresh"])
43+
def test_get_subject_through_cookie_or_headers(url,client):
44+
@AuthJWT.load_config
45+
def get_secret_key():
46+
return [
47+
("authjwt_secret_key","secret"),
48+
("authjwt_token_location", {"headers","cookies"})
49+
]
50+
51+
res = client.get('/get-token')
52+
access_token = res.json()['access']
53+
refresh_token = res.json()['refresh']
54+
55+
access_csrf = res.cookies.get("csrf_access_token")
56+
refresh_csrf = res.cookies.get("csrf_refresh_token")
57+
58+
# access through headers
59+
if url != "/jwt-refresh":
60+
response = client.post(url,headers={"Authorization":f"Bearer {access_token}"})
61+
else:
62+
response = client.post(url,headers={"Authorization":f"Bearer {refresh_token}"})
63+
64+
assert response.status_code == 200
65+
assert response.json() == {'hello': 1}
66+
67+
# access through cookies
68+
if url != "/jwt-refresh":
69+
response = client.post(url,headers={"X-CSRF-Token": access_csrf})
70+
else:
71+
response = client.post(url,headers={"X-CSRF-Token": refresh_csrf})
72+
73+
assert response.status_code == 200
74+
assert response.json() == {'hello': 1}
75+
76+
AuthJWT._token_location = {"headers"}

0 commit comments

Comments
 (0)