import logging
|
|
import pytest
|
from jwt_auth.models import LSAPIToken
|
from rest_framework import status
|
from rest_framework.authtoken.models import Token
|
from rest_framework.test import APIClient
|
|
from ..utils import mock_feature_flag
|
from .utils import create_user_with_token_settings
|
|
|
@mock_feature_flag(flag_name='fflag__feature_develop__prompts__dia_1829_jwt_token_auth', value=True)
|
@pytest.mark.django_db
|
def test_logging_when_legacy_token_auth_enabled(caplog):
|
user = create_user_with_token_settings(api_tokens_enabled=False, legacy_api_tokens_enabled=True)
|
token, _ = Token.objects.get_or_create(user=user)
|
client = APIClient()
|
client.credentials(HTTP_AUTHORIZATION=f'Token {token.key}')
|
caplog.set_level(logging.INFO)
|
|
client.get('/api/projects/')
|
basic_auth_logs = [record for record in caplog.records if record.message == 'Legacy token authentication used']
|
|
assert len(basic_auth_logs) == 1
|
record = basic_auth_logs[0]
|
assert record.user_id == user.id
|
assert record.organization_id == user.active_organization.id
|
assert record.endpoint == '/api/projects/'
|
|
|
@mock_feature_flag(flag_name='fflag__feature_develop__prompts__dia_1829_jwt_token_auth', value=True)
|
@pytest.mark.django_db
|
def test_no_logging_when_legacy_token_auth_disabled(caplog):
|
user = create_user_with_token_settings(api_tokens_enabled=True, legacy_api_tokens_enabled=False)
|
refresh = LSAPIToken.for_user(user)
|
client = APIClient()
|
client.credentials(HTTP_AUTHORIZATION=f'Bearer {refresh.access_token}')
|
caplog.set_level(logging.INFO)
|
|
client.get('/api/projects/')
|
|
basic_auth_logs = [record for record in caplog.records if record.message == 'Basic token authentication used']
|
assert len(basic_auth_logs) == 0
|
|
|
@mock_feature_flag(flag_name='fflag__feature_develop__prompts__dia_1829_jwt_token_auth', value=True)
|
@pytest.mark.django_db
|
def test_legacy_api_token_disabled_user_cannot_use_legacy_token():
|
user = create_user_with_token_settings(api_tokens_enabled=True, legacy_api_tokens_enabled=False)
|
token, _ = Token.objects.get_or_create(user=user)
|
client = APIClient()
|
client.credentials(HTTP_AUTHORIZATION=f'Token {token.key}')
|
|
response = client.get('/api/projects/')
|
|
assert response.status_code == status.HTTP_401_UNAUTHORIZED
|
