Merge pull request #115 from James1345/develop

Develop

knox/auth.py

@@ -31,7 +31,7 @@ class TokenAuthentication(BaseAuthentication):
     authentication scheme to cope with the fact that Tokens are not stored
     in plaintext in the database
 
-    If succesful
+    If sucessful
     - `request.user` will be a django `User` instance
     - `request.auth` will be an `AuthToken` instance
     '''
@@ -72,7 +72,7 @@ def authenticate_credentials(self, token):
             except (TypeError, binascii.Error):
                 raise exceptions.AuthenticationFailed(msg)
             if compare_digest(digest, auth_token.digest):
-                if settings.REST_KNOX["AUTO_REFRESH"]:
+                if knox_settings.AUTO_REFRESH:
                     self.renew_token(auth_token)
                 return self.validate_user(auth_token)
         raise exceptions.AuthenticationFailed(msg)

knox_project/settings.py

@@ -57,7 +57,3 @@
 STATIC_URL = '/static/'
 
 TEST_RUNNER = 'django_nose.NoseTestSuiteRunner'
-
-REST_KNOX = {
-    'AUTO_REFRESH': True
-}

tests/tests.py

@@ -1,9 +1,10 @@
 import base64
 from datetime import datetime, timedelta
 
-from django.conf import settings
+from django.utils.six.moves import reload_module
 from django.contrib.auth import get_user_model
 from django.test import override_settings
+from knox import auth
 
 try:
     # For django >= 2.0
@@ -31,8 +32,9 @@ def get_basic_auth_header(username, password):
     return 'Basic %s' % base64.b64encode(
         ('%s:%s' % (username, password)).encode('ascii')).decode()
 
-no_auto_refresh_knox = settings.REST_KNOX.copy()
-no_auto_refresh_knox["AUTO_REFRESH"] = False
+
+auto_refresh_knox = knox_settings.defaults.copy()
+auto_refresh_knox["AUTO_REFRESH"] = True
 
 
 class AuthTestCase(TestCase):
@@ -107,7 +109,6 @@ def test_expired_tokens_deleted(self):
         self.assertEqual(AuthToken.objects.count(), 10)
 
         # Attempting a single logout should delete all tokens
-
         url = reverse('knox_logout')
         self.client.credentials(HTTP_AUTHORIZATION=('Token %s' % token))
         self.client.post(url, {}, format='json')
@@ -140,8 +141,6 @@ def test_invalid_odd_length_token_returns_401_code(self):
         self.assertEqual(response.data, {"detail": "Invalid token."})
 
     def test_token_expiry_is_extended_with_auto_refresh_activated(self):
-        self.assertEqual(settings.REST_KNOX["AUTO_REFRESH"], True)
-        self.assertEqual(knox_settings.TOKEN_TTL, timedelta(hours=10))
         ttl = knox_settings.TOKEN_TTL
         original_time = datetime(2018, 7, 25, 0, 0, 0, 0)
 
@@ -150,16 +149,21 @@ def test_token_expiry_is_extended_with_auto_refresh_activated(self):
 
         self.client.credentials(HTTP_AUTHORIZATION=('Token %s' % token_key))
         five_hours_later = original_time + timedelta(hours=5)
-        with freeze_time(five_hours_later):
-            response = self.client.get(root_url, {}, format='json')
+        with override_settings(REST_KNOX=auto_refresh_knox):
+            reload_module(auth)  # necessary to reload settings in core code
+            with freeze_time(five_hours_later):
+                response = self.client.get(root_url, {}, format='json')
+        reload_module(auth)
         self.assertEqual(response.status_code, 200)
 
         # original expiry date was extended:
         new_expiry = AuthToken.objects.get().expires
-        self.assertEqual(new_expiry.replace(tzinfo=None),
-                         original_time + ttl + timedelta(hours=5))
+        expected_expiry = original_time + ttl + timedelta(hours=5)
+        self.assertEqual(new_expiry.replace(tzinfo=None), expected_expiry,
+                         "Expiry time should have been extended to {} but is {}."
+                         .format(expected_expiry, new_expiry))
 
-        # token works after orignal expiry:
+        # token works after original expiry:
         after_original_expiry = original_time + ttl + timedelta(hours=1)
         with freeze_time(after_original_expiry):
             response = self.client.get(root_url, {}, format='json')
@@ -171,8 +175,8 @@ def test_token_expiry_is_extended_with_auto_refresh_activated(self):
             response = self.client.get(root_url, {}, format='json')
             self.assertEqual(response.status_code, 401)
 
-    @override_settings(REST_KNOX=no_auto_refresh_knox)
     def test_token_expiry_is_not_extended_with_auto_refresh_deativated(self):
+        self.assertEqual(knox_settings.AUTO_REFRESH, False)
         self.assertEqual(knox_settings.TOKEN_TTL, timedelta(hours=10))
 
         now = datetime.now()
@@ -189,8 +193,6 @@ def test_token_expiry_is_not_extended_with_auto_refresh_deativated(self):
         self.assertEqual(original_expiry, AuthToken.objects.get().expires)
 
     def test_token_expiry_is_not_extended_within_MIN_REFRESH_INTERVAL(self):
-        self.assertEqual(settings.REST_KNOX["AUTO_REFRESH"], True)
-
         now = datetime.now()
         with freeze_time(now):
             token_key = AuthToken.objects.create(user=self.user)
@@ -199,8 +201,11 @@ def test_token_expiry_is_not_extended_within_MIN_REFRESH_INTERVAL(self):
 
         self.client.credentials(HTTP_AUTHORIZATION=('Token %s' % token_key))
         in_min_interval = now + timedelta(seconds=CONSTANTS.MIN_REFRESH_INTERVAL - 10)
-        with freeze_time(in_min_interval):
-            response = self.client.get(root_url, {}, format='json')
+        with override_settings(REST_KNOX=auto_refresh_knox):
+            reload_module(auth)  # necessary to reload settings in core code
+            with freeze_time(in_min_interval):
+                response = self.client.get(root_url, {}, format='json')
+        reload_module(auth)  # necessary to reload settings in core code
 
         self.assertEqual(response.status_code, 200)
         self.assertEqual(original_expiry, AuthToken.objects.get().expires)