2011-02-19 13:26:27 +03:00
|
|
|
from django.conf.urls.defaults import patterns
|
|
|
|
from django.contrib.auth.models import User
|
2011-04-26 23:20:31 +04:00
|
|
|
from django.test import Client, TestCase
|
2011-04-27 21:36:43 +04:00
|
|
|
|
2011-04-25 07:50:28 +04:00
|
|
|
from django.utils import simplejson as json
|
|
|
|
|
2011-05-24 13:27:24 +04:00
|
|
|
from djangorestframework.views import View
|
2011-04-27 21:07:28 +04:00
|
|
|
from djangorestframework import permissions
|
2011-02-19 13:26:27 +03:00
|
|
|
|
|
|
|
import base64
|
2011-04-25 07:50:28 +04:00
|
|
|
|
2011-02-19 13:26:27 +03:00
|
|
|
|
2011-05-24 13:27:24 +04:00
|
|
|
class MockView(View):
|
2012-01-23 13:06:30 +04:00
|
|
|
permissions = (permissions.IsAuthenticated,)
|
2012-01-11 21:22:56 +04:00
|
|
|
|
2011-04-11 20:13:11 +04:00
|
|
|
def post(self, request):
|
2012-01-11 21:22:56 +04:00
|
|
|
return {'a': 1, 'b': 2, 'c': 3}
|
|
|
|
|
|
|
|
def put(self, request):
|
|
|
|
return {'a': 1, 'b': 2, 'c': 3}
|
2011-02-19 13:26:27 +03:00
|
|
|
|
|
|
|
urlpatterns = patterns('',
|
2011-05-04 12:21:17 +04:00
|
|
|
(r'^$', MockView.as_view()),
|
2011-02-19 13:26:27 +03:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
class BasicAuthTests(TestCase):
|
|
|
|
"""Basic authentication"""
|
|
|
|
urls = 'djangorestframework.tests.authentication'
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.csrf_client = Client(enforce_csrf_checks=True)
|
|
|
|
self.username = 'john'
|
|
|
|
self.email = 'lennon@thebeatles.com'
|
|
|
|
self.password = 'password'
|
2011-12-29 17:31:12 +04:00
|
|
|
self.user = User.objects.create_user(self.username, self.email, self.password)
|
2011-02-19 13:26:27 +03:00
|
|
|
|
|
|
|
def test_post_form_passing_basic_auth(self):
|
|
|
|
"""Ensure POSTing json over basic auth with correct credentials passes and does not require CSRF"""
|
|
|
|
auth = 'Basic %s' % base64.encodestring('%s:%s' % (self.username, self.password)).strip()
|
|
|
|
response = self.csrf_client.post('/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
|
|
|
def test_post_json_passing_basic_auth(self):
|
|
|
|
"""Ensure POSTing form over basic auth with correct credentials passes and does not require CSRF"""
|
|
|
|
auth = 'Basic %s' % base64.encodestring('%s:%s' % (self.username, self.password)).strip()
|
|
|
|
response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json', HTTP_AUTHORIZATION=auth)
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
|
|
|
def test_post_form_failing_basic_auth(self):
|
|
|
|
"""Ensure POSTing form over basic auth without correct credentials fails"""
|
|
|
|
response = self.csrf_client.post('/', {'example': 'example'})
|
|
|
|
self.assertEqual(response.status_code, 403)
|
|
|
|
|
|
|
|
def test_post_json_failing_basic_auth(self):
|
|
|
|
"""Ensure POSTing json over basic auth without correct credentials fails"""
|
|
|
|
response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json')
|
|
|
|
self.assertEqual(response.status_code, 403)
|
|
|
|
|
|
|
|
|
|
|
|
class SessionAuthTests(TestCase):
|
|
|
|
"""User session authentication"""
|
|
|
|
urls = 'djangorestframework.tests.authentication'
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
self.csrf_client = Client(enforce_csrf_checks=True)
|
|
|
|
self.non_csrf_client = Client(enforce_csrf_checks=False)
|
|
|
|
self.username = 'john'
|
|
|
|
self.email = 'lennon@thebeatles.com'
|
|
|
|
self.password = 'password'
|
2011-12-29 17:31:12 +04:00
|
|
|
self.user = User.objects.create_user(self.username, self.email, self.password)
|
2011-02-19 13:26:27 +03:00
|
|
|
|
|
|
|
def tearDown(self):
|
|
|
|
self.csrf_client.logout()
|
|
|
|
|
|
|
|
def test_post_form_session_auth_failing_csrf(self):
|
2012-01-23 13:06:30 +04:00
|
|
|
"""
|
|
|
|
Ensure POSTing form over session authentication without CSRF token fails.
|
|
|
|
"""
|
2011-02-19 13:26:27 +03:00
|
|
|
self.csrf_client.login(username=self.username, password=self.password)
|
|
|
|
response = self.csrf_client.post('/', {'example': 'example'})
|
|
|
|
self.assertEqual(response.status_code, 403)
|
|
|
|
|
|
|
|
def test_post_form_session_auth_passing(self):
|
2012-01-23 13:06:30 +04:00
|
|
|
"""
|
|
|
|
Ensure POSTing form over session authentication with logged in user and CSRF token passes.
|
|
|
|
"""
|
2011-02-19 13:26:27 +03:00
|
|
|
self.non_csrf_client.login(username=self.username, password=self.password)
|
|
|
|
response = self.non_csrf_client.post('/', {'example': 'example'})
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
2012-01-11 21:22:56 +04:00
|
|
|
def test_put_form_session_auth_passing(self):
|
2012-01-23 13:06:30 +04:00
|
|
|
"""
|
|
|
|
Ensure PUTting form over session authentication with logged in user and CSRF token passes.
|
|
|
|
"""
|
2012-01-11 21:22:56 +04:00
|
|
|
self.non_csrf_client.login(username=self.username, password=self.password)
|
|
|
|
response = self.non_csrf_client.put('/', {'example': 'example'})
|
|
|
|
self.assertEqual(response.status_code, 200)
|
|
|
|
|
2011-02-19 13:26:27 +03:00
|
|
|
def test_post_form_session_auth_failing(self):
|
2012-01-23 13:06:30 +04:00
|
|
|
"""
|
|
|
|
Ensure POSTing form over session authentication without logged in user fails.
|
|
|
|
"""
|
2011-02-19 13:26:27 +03:00
|
|
|
response = self.csrf_client.post('/', {'example': 'example'})
|
|
|
|
self.assertEqual(response.status_code, 403)
|