Fix (and test) user_identity_loader with refresh tokens

vimalloc · vimalloc · commit e105c6caabc1 · 2017-02-01T13:31:29.000-07:00
refs #27
diff --git a/flask_jwt_extended/utils.py b/flask_jwt_extended/utils.py
@@ -333,6 +333,7 @@ def create_refresh_token(identity):
     refresh_expire_delta = get_refresh_expires()
     algorithm = get_algorithm()
     secret = _get_secret_key()
+    identity = current_app.jwt_manager._user_identity_callback(identity)
 
     # Actually make the tokens
     refresh_token = _encode_refresh_token(identity, secret, algorithm,
diff --git a/tests/test_jwt_encode_decode.py b/tests/test_jwt_encode_decode.py
@@ -6,7 +6,7 @@
 from flask import Flask
 from flask_jwt_extended.exceptions import JWTEncodeError, JWTDecodeError
 from flask_jwt_extended.utils import _encode_access_token, _encode_refresh_token, \
-    _decode_jwt, create_access_token
+    _decode_jwt, create_access_token, create_refresh_token
 from flask_jwt_extended.jwt_manager import JWTManager
 
 
@@ -302,7 +302,7 @@ def test_decode_invalid_jwt(self):
                 encoded_token = jwt.encode(token_data, 'secret', 'HS256').decode('utf-8')
                 _decode_jwt(encoded_token, 'secret', 'HS256')
 
-    def test_create_access_token_with_object(self):
+    def test_create_jwt_with_object(self):
         # Complex object to test building a JWT from. Normally if you are using
         # this functionality, this is something that would be retrieved from
         # disk somewhere (think sqlalchemy)
@@ -330,9 +330,14 @@ def user_identity_lookup(user):
         # Create the token using the complex object
         with app.test_request_context():
             user = TestUser(username='foo', roles=['bar', 'baz'])
-            token = create_access_token(identity=user)
-
-            # Decode the token and make sure the values are set properly
-            token_data = _decode_jwt(token, app.secret_key, app.config['JWT_ALGORITHM'])
-            self.assertEqual(token_data['identity'], 'foo')
-            self.assertEqual(token_data['user_claims']['roles'], ['bar', 'baz'])
+            access_token = create_access_token(identity=user)
+            refresh_token = create_refresh_token(identity=user)
+
+            # Decode the tokens and make sure the values are set properly
+            access_token_data = _decode_jwt(access_token, app.secret_key,
+                                            app.config['JWT_ALGORITHM'])
+            refresh_token_data = _decode_jwt(refresh_token, app.secret_key,
+                                             app.config['JWT_ALGORITHM'])
+            self.assertEqual(access_token_data['identity'], 'foo')
+            self.assertEqual(access_token_data['user_claims']['roles'], ['bar', 'baz'])
+            self.assertEqual(refresh_token_data['identity'], 'foo')
