Skip to content

Fixing the status codes #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Dec 14, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/80.bugfix.md
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Fixed JWT creation status codes from 200 to 201
5 changes: 3 additions & 2 deletions src/rest_framework_jwt/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

from rest_framework.generics import GenericAPIView
from rest_framework.response import Response
from rest_framework import status
from .compat import set_cookie_with_token
from .permissions import IsSuperUser
from .authentication import JSONWebTokenAuthentication
Expand Down Expand Up @@ -32,7 +33,7 @@ def post(self, request, *args, **kwargs):
response_data = JSONWebTokenAuthentication. \
jwt_create_response_payload(token, user, request, issued_at)

response = Response(response_data)
response = Response(response_data, status=status.HTTP_201_CREATED)

if api_settings.JWT_AUTH_COOKIE:
set_cookie_with_token(response, api_settings.JWT_AUTH_COOKIE, token)
Expand Down Expand Up @@ -93,7 +94,7 @@ def post(self, request, *args, **kwargs):
serializer.is_valid(raise_exception=True)

token = serializer.validated_data.get("token")
response = Response({"token": token})
response = Response({"token": token}, status=status.HTTP_201_CREATED)

if api_settings.JWT_IMPERSONATION_COOKIE:
set_cookie_with_token(
Expand Down
31 changes: 17 additions & 14 deletions tests/views/test_authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ def rsa_keys(scope="session"):
rsa_keys = {"secret": secret, "public": public}
return rsa_keys


def test_empty_credentials_returns_validation_error(call_auth_endpoint):
expected_output = {
"password": [_("This field may not be blank.")],
Expand Down Expand Up @@ -77,7 +78,7 @@ def test_valid_credentials_return_jwt(user, call_auth_endpoint):
token = response.json()["token"]
payload = JSONWebTokenAuthentication.jwt_decode_token(token)

assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert payload["user_id"] == user.id
assert payload["username"] == user.get_username()

Expand Down Expand Up @@ -130,7 +131,7 @@ def test_valid_credentials_with_aud_and_iss_settings_return_jwt(
token = response.json()["token"]
payload = JSONWebTokenAuthentication.jwt_decode_token(token)

assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert payload["aud"] == "test-aud"
assert payload["iss"] == "test-iss"
assert payload["user_id"] == user.id
Expand All @@ -152,7 +153,7 @@ def jwt_get_user_secret_key(user):
token = response.json()["token"]
payload = JSONWebTokenAuthentication.jwt_decode_token(token)

assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert payload["user_id"] == user.id
assert payload["username"] == user.get_username()

Expand All @@ -167,7 +168,7 @@ def test_valid_credentials_with_no_user_id_setting_returns_jwt(
token = response.json()["token"]
payload = JSONWebTokenAuthentication.jwt_decode_token(token)

assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert "user_id" not in payload
assert payload["username"] == user.get_username()

Expand Down Expand Up @@ -202,11 +203,11 @@ def test_valid_credentials_with_auth_cookie_enabled_returns_jwt_and_cookie(
assert 'domain' not in setcookie.items()
assert setcookie['path'] == '/'
assert setcookie['secure'] is True
assert setcookie['httponly'] is True # hardcoded
assert setcookie['httponly'] is True # hardcoded
if has_set_cookie_samesite():
assert setcookie['samesite'] == 'Lax'

assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert "token" in force_str(response.content)
assert auth_cookie in response.client.cookies

Expand All @@ -231,7 +232,7 @@ def test_auth_cookie_settings(
assert setcookie['domain'] == '.do.main'
assert setcookie['path'] == '/pa/th'
assert 'secure' not in setcookie.items()
assert setcookie['httponly'] is True # hardcoded
assert setcookie['httponly'] is True # hardcoded
if has_set_cookie_samesite():
assert setcookie['samesite'] == 'Strict'

Expand All @@ -248,7 +249,7 @@ def test_multi_keys_hash_hash(

payload = JSONWebTokenAuthentication.jwt_decode_token(token)

assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert payload["user_id"] == user.id
assert payload["username"] == user.get_username()

Expand All @@ -270,7 +271,7 @@ def test_multi_keys_rsa_rsa(

payload = JSONWebTokenAuthentication.jwt_decode_token(token)

assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert payload["user_id"] == user.id
assert payload["username"] == user.get_username()

Expand All @@ -297,7 +298,7 @@ def test_signing_and_acceptance_of_multiple_algorithms(
monkeypatch.setattr(api_settings, "JWT_ALGORITHM", algo)
payload = JSONWebTokenAuthentication.jwt_decode_token(token)

assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert payload["user_id"] == user.id
assert payload["username"] == user.get_username()

Expand All @@ -307,13 +308,12 @@ def test_signing_and_acceptance_of_multiple_algorithms(
assert JSONWebTokenAuthentication.jwt_decode_token(token) == None



def test_keys_with_key_id(
monkeypatch, user, call_auth_endpoint, rsa_keys
):

monkeypatch.setattr(
api_settings, "JWT_PRIVATE_KEY", { "rsa1": rsa_keys["secret"]["rsa1"] }
api_settings, "JWT_PRIVATE_KEY", {"rsa1": rsa_keys["secret"]["rsa1"]}
)
monkeypatch.setattr(
api_settings, "JWT_PUBLIC_KEY", rsa_keys["public"]
Expand All @@ -335,10 +335,11 @@ def test_keys_with_key_id(
hdr = get_unverified_header(token)

assert hdr["kid"] == kid
assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert payload["user_id"] == user.id
assert payload["username"] == user.get_username()


def test_keys_key_id_not_found(
monkeypatch, user, call_auth_endpoint
):
Expand All @@ -355,6 +356,7 @@ def test_keys_key_id_not_found(
with raises(InvalidKeyError):
assert JSONWebTokenAuthentication.jwt_decode_token(token) == None


def test_insist_on_key_id(
monkeypatch, user, call_auth_endpoint
):
Expand All @@ -364,7 +366,7 @@ def test_insist_on_key_id(
monkeypatch.setattr(api_settings, "JWT_SECRET_KEY", secret)

response = call_auth_endpoint("username", "password")
assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED

token = response.json()["token"]

Expand All @@ -380,6 +382,7 @@ def test_insist_on_key_id(
with raises(InvalidKeyError):
assert JSONWebTokenAuthentication.jwt_decode_token(token) == None


def test_InvalidAlgorithmError():

hdr = '{"alg": "bad", "typ": "JWT"}'
Expand Down
4 changes: 2 additions & 2 deletions tests/views/test_impersonation.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ def test_superuser_can_impersonate(
token = response.json()["token"]
payload = JSONWebTokenAuthentication.jwt_decode_token(token)

assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert "token" in response.json()
assert payload["user_id"] == user.id

Expand Down Expand Up @@ -99,7 +99,7 @@ def test_impersonation_sets_cookie(
cookie_token = response.client.cookies.get(imp_cookie)
cookie_payload = JSONWebTokenAuthentication.jwt_decode_token(cookie_token.value)

assert response.status_code == status.HTTP_200_OK
assert response.status_code == status.HTTP_201_CREATED
assert "token" in response.json()
assert imp_cookie in response.client.cookies
assert payload["user_id"] == user.id
Expand Down