Adds option to use token multiple times

SebastianKapunkt · SebastianKapunkt · commit 3669ffa4b805 · 2019-09-13T09:29:04.000+02:00
diff --git a/mailauth/signing.py b/mailauth/signing.py
@@ -1,5 +1,6 @@
 from django.contrib.auth import get_user_model
 from django.core import signing
+from django.core.signing import SignatureExpired
 from django.utils import baseconv
 
 __all__ = (
@@ -52,13 +53,14 @@ def _make_hash_value(self, user):
         user_pk = baseconv.base62.encode(user.pk)
         return self.sep.join((user_pk, last_login))
 
-    def unsign(self, value, max_age=None):
+    def unsign(self, value, max_age=None, allow_multi_use=False):
         """
         Verify access token and return user, if the token is valid.
 
         Args:
             value (str): URL safe base64 encoded access token.
             max_age (datetime.timedelta): Maximum age an access token to be valid.
+            allow_multi_use: If True allows the token to be used more than once
 
         Returns:
             django.contrib.user.models.BaseUser: Return user object for given
@@ -85,7 +87,10 @@ def unsign(self, value, max_age=None):
             raise UserDoesNotExist("User with pk=%s does not exist" % user_pk) from e
         else:
             if last_login != '' and self.to_timestamp(user.last_login) != last_login:
-                raise signing.SignatureExpired(
-                    "The access token for %r seems used" % user
-                )
+                if allow_multi_use:
+                    return user
+                else:
+                    raise SignatureExpired(
+                        "The access token for %r seems used" % user
+                    )
             return user
diff --git a/tests/test_signing.py b/tests/test_signing.py
@@ -39,6 +39,21 @@ def test_unsign__last_login(self, db, signer, signature):
         ):
             signer.unsign(signature)
 
+    def test_unsing__allow_multiple_use(self, db, signer, signature):
+        user = get_user_model().objects.create_user(
+            pk=1337,
+            email='spiderman@avengers.com',
+            # later date, that does not match the signature (token was used)
+            last_login=timezone.datetime(2012, 7, 3, tzinfo=timezone.utc),
+        )
+        assert user == signer.unsign(signature, allow_multi_use=True)
+        assert user == signer.unsign(signature, allow_multi_use=True)
+        with pytest.raises(
+            SignatureExpired,
+            match="The access token for <EmailUser: spiderman@avengers.com> seems used"
+        ):
+            signer.unsign(signature, allow_multi_use=False)
+
     def test_to_timestamp(self):
         value = timezone.datetime(2002, 5, 3, tzinfo=timezone.utc)
         base62_value = signing.UserSigner.to_timestamp(value=value)
