tests(test_views_token): add test cases

Signed-off-by: Thibault Camalon <[email protected]>
Substra · Aug 29, 2024 · 716c064 · 716c064
1 parent ad4ef44
commit 716c064
Showing 1 changed file with 26 additions and 26 deletions.
diff --git a/backend/api/tests/views/test_views_token.py b/backend/api/tests/views/test_views_token.py
@@ -2,17 +2,27 @@
 
 import pytest
 from django.contrib.auth.models import User
+from django.db.utils import IntegrityError
 from django.utils import timezone
 from rest_framework import status
 
 from users.models.token import BearerToken
 
 
+@pytest.mark.django_db
+def test_cannot_create_non_expiring_token(authenticated_client):
+    authenticated_client.create_user()
+    user = authenticated_client.user
+    # create a token without expiration date
+    with pytest.raises(IntegrityError):
+        BearerToken.objects.create(user=user)
+
+
 @pytest.mark.django_db
 def test_delete_token(authenticated_client):
     authenticated_client.create_user()
     user = authenticated_client.user
-    token = BearerToken.objects.create(user=user)
+    token = BearerToken.objects.create(user=user, expires_at=timezone.now() + timedelta(days=1))
 
     tokens_count = BearerToken.objects.count()
     assert tokens_count == 1
@@ -83,36 +93,12 @@ def test_expired_token(authenticated_client, api_client):
     assert tokens_count == 1
 
 
-@pytest.mark.django_db
-def test_token_instant_expires(authenticated_client, api_client):
-    authenticated_client.create_user()
-    user = authenticated_client.user
-    # create a token that expired a day ago
-    token = BearerToken.objects.create(user=user)
-
-    tokens_count = BearerToken.objects.count()
-    assert tokens_count == 1
-
-    valid_auth_token_header = f"Token {token}"
-    api_client.credentials(HTTP_AUTHORIZATION=valid_auth_token_header)
-
-    response = api_client.get("/active-api-tokens/")
-    assert response.status_code == status.HTTP_401_UNAUTHORIZED
-
-    url = f"/active-api-tokens/?id={token.id}"
-    response = api_client.delete(url)
-    assert response.status_code == status.HTTP_401_UNAUTHORIZED
-
-    tokens_count = BearerToken.objects.count()
-    assert tokens_count == 1
-
-
 @pytest.mark.django_db
 def test_delete_token_other_user(authenticated_client):
     other_user = User.objects.create(username="user-2")
     other_user.set_password("p@sswr0d44")
     other_user.save()
-    token = BearerToken.objects.create(user=other_user)
+    token = BearerToken.objects.create(user=other_user, expires_at=timezone.now() + timedelta(days=1))
 
     tokens_count = BearerToken.objects.count()
     assert tokens_count == 1
@@ -135,3 +121,17 @@ def test_token_creation_post(authenticated_client):
 
     tokens_count = BearerToken.objects.count()
     assert tokens_count == 1
+
+
+@pytest.mark.django_db
+def test_cannot_post_token_wo_expires_at(authenticated_client):
+    authenticated_client.create_user()
+    payload = {}
+    url = "/api-token/"
+    response = authenticated_client.post(url, payload)
+
+    assert response.json() == {"expires_at": ["This field is required."]}
+    assert response.status_code == status.HTTP_400_BAD_REQUEST
+
+    tokens_count = BearerToken.objects.count()
+    assert tokens_count == 0