Tivix/django-rest-auth
1
1
Fork 0
mirror of https://github.com/Tivix/django-rest-auth.git synced 2025-11-04 01:27:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update test_api.py

Browse Source 
s'more tests for my sanity
This commit is contained in:
alichass 2020-06-27 14:58:29 -04:00
parent 0bf711166e
commit 909ed75d51
1 changed files with 93 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
dj_rest_auth/tests/test_api.py
View File

@ -671,6 +671,47 @@ class APIBasicTests(TestsMixin, TestCase):
self.assertEquals(resp.status_code, 200) self.assertEquals(resp.status_code, 200)
@override_settings(REST_USE_JWT=True)
@override_settings(JWT_AUTH_COOKIE='jwt-auth')
@override_settings(JWT_AUTH_COOKIE_USE_CSRF=False)
@override_settings(JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED=False)
@override_settings(REST_FRAMEWORK=dict(
DEFAULT_AUTHENTICATION_CLASSES=[
'dj_rest_auth.jwt_auth.JWTCookieAuthentication'
]
))
@override_settings(REST_SESSION_LOGIN=False)
@override_settings(CSRF_COOKIE_SECURE =True)
@override_settings(CSRF_COOKIE_HTTPONLY =True)
def test_wo_csrf_enforcement(self):
from .mixins import APIClient
payload = {
"username": self.USERNAME,
"password": self.PASS
}
client = APIClient(enforce_csrf_checks=True)
get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
resp = client.post(self.login_url, payload)
self.assertTrue('jwt-auth' in list(client.cookies.keys()))
self.assertEquals(resp.status_code, 200)
## TEST WITH JWT AUTH HEADER
jwtclient = APIClient(enforce_csrf_checks=True)
token = resp.data['access_token']
resp = jwtclient.get('/protected-view/', HTTP_AUTHORIZATION='Bearer '+token)
self.assertEquals(resp.status_code, 200)
resp = jwtclient.post('/protected-view/', {}, HTTP_AUTHORIZATION='Bearer '+token)
self.assertEquals(resp.status_code, 200)
## TEST WITH COOKIES
resp = client.get('/protected-view/')
self.assertEquals(resp.status_code, 200)
resp = client.post('/protected-view/', {})
self.assertEquals(resp.status_code, 200)
@override_settings(REST_USE_JWT=True) @override_settings(REST_USE_JWT=True)
@override_settings(JWT_AUTH_COOKIE='jwt-auth') @override_settings(JWT_AUTH_COOKIE='jwt-auth')
@override_settings(JWT_AUTH_COOKIE_USE_CSRF=True) @override_settings(JWT_AUTH_COOKIE_USE_CSRF=True)
@ -713,6 +754,8 @@ class APIBasicTests(TestsMixin, TestCase):
self.assertEquals(resp.status_code, 200) self.assertEquals(resp.status_code, 200)
## TEST WITH COOKIES ## TEST WITH COOKIES
resp = client.get('/protected-view/')
self.assertEquals(resp.status_code, 200)
#fail w/o csrftoken in payload #fail w/o csrftoken in payload
resp = client.post('/protected-view/', {}) resp = client.post('/protected-view/', {})
self.assertEquals(resp.status_code, 403) self.assertEquals(resp.status_code, 403)
@ -759,6 +802,56 @@ class APIBasicTests(TestsMixin, TestCase):
## TEST WITH JWT AUTH HEADER does not make sense ## TEST WITH JWT AUTH HEADER does not make sense
## TEST WITH COOKIES ## TEST WITH COOKIES
resp = client.get('/protected-view/')
self.assertEquals(resp.status_code, 200)
#fail w/o csrftoken in payload
resp = client.post('/protected-view/', {})
self.assertEquals(resp.status_code, 403)
csrfparam = {"csrfmiddlewaretoken": csrftoken}
resp = client.post('/protected-view/', csrfparam)
self.assertEquals(resp.status_code, 200)
@override_settings(REST_USE_JWT=True)
@override_settings(JWT_AUTH_COOKIE='jwt-auth')
@override_settings(JWT_AUTH_COOKIE_USE_CSRF=False)
@override_settings(JWT_AUTH_COOKIE_ENFORCE_CSRF_ON_UNAUTHENTICATED=True) #True at your own risk
@override_settings(REST_FRAMEWORK=dict(
DEFAULT_AUTHENTICATION_CLASSES=[
'dj_rest_auth.jwt_auth.JWTCookieAuthentication'
]
))
@override_settings(REST_SESSION_LOGIN=False)
@override_settings(CSRF_COOKIE_SECURE =True)
@override_settings(CSRF_COOKIE_HTTPONLY =True)
def test_csrf_w_login_csrf_enforcement_2(self):
from .mixins import APIClient
payload = {
"username": self.USERNAME,
"password": self.PASS
}
client = APIClient(enforce_csrf_checks=True)
get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
response = client.get(reverse("getcsrf"))
csrftoken = client.cookies['csrftoken'].value
#fail w/o csrftoken in payload
resp = client.post(self.login_url, payload)
self.assertEquals(resp.status_code, 403)
payload['csrfmiddlewaretoken'] = csrftoken
resp = client.post(self.login_url, payload)
self.assertTrue('jwt-auth' in list(client.cookies.keys()))
self.assertTrue('csrftoken' in list(client.cookies.keys()))
self.assertEquals(resp.status_code, 200)
## TEST WITH JWT AUTH HEADER does not make sense
## TEST WITH COOKIES
resp = client.get('/protected-view/')
self.assertEquals(resp.status_code, 200)
#fail w/o csrftoken in payload #fail w/o csrftoken in payload
resp = client.post('/protected-view/', {}) resp = client.post('/protected-view/', {})
self.assertEquals(resp.status_code, 403) self.assertEquals(resp.status_code, 403)