django-rest-framework/tests/test_testing.py

# -- coding: utf-8 --

from __future__ import unicode_literals
from django.conf.urls import patterns, url
from io import BytesIO

from django.contrib.auth.models import User
from django.shortcuts import redirect
from django.test import TestCase
from rest_framework.decorators import api_view
from rest_framework.response import Response
from rest_framework.test import APIClient, APIRequestFactory, force_authenticate


@api_view(['GET', 'POST'])
def view(request):
    return Response({
        'auth': request.META.get('HTTP_AUTHORIZATION', b''),
        'user': request.user.username
    })


@api_view(['GET', 'POST'])
def session_view(request):
    active_session = request.session.get('active_session', False)
    request.session['active_session'] = True
    return Response({
        'active_session': active_session
    })


@api_view(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'])
def redirect_view(request):
    return redirect('/view/')


urlpatterns = patterns(
    '',
    url(r'^view/$', view),
    url(r'^session-view/$', session_view),
    url(r'^redirect-view/$', redirect_view),
)


class TestAPITestClient(TestCase):
    urls = 'tests.test_testing'

    def setUp(self):
        self.client = APIClient()

    def test_credentials(self):
        """
        Setting `.credentials()` adds the required headers to each request.
        """
        self.client.credentials(HTTP_AUTHORIZATION='example')
        for _ in range(0, 3):
            response = self.client.get('/view/')
            self.assertEqual(response.data['auth'], 'example')

    def test_force_authenticate(self):
        """
        Setting `.force_authenticate()` forcibly authenticates each request.
        """
        user = User.objects.create_user('example', 'example@example.com')
        self.client.force_authenticate(user)
        response = self.client.get('/view/')
        self.assertEqual(response.data['user'], 'example')

    def test_force_authenticate_with_sessions(self):
        """
        Setting `.force_authenticate()` forcibly authenticates each request.
        """
        user = User.objects.create_user('example', 'example@example.com')
        self.client.force_authenticate(user)

        # First request does not yet have an active session
        response = self.client.get('/session-view/')
        self.assertEqual(response.data['active_session'], False)

        # Subsequant requests have an active session
        response = self.client.get('/session-view/')
        self.assertEqual(response.data['active_session'], True)

        # Force authenticating as `None` should also logout the user session.
        self.client.force_authenticate(None)
        response = self.client.get('/session-view/')
        self.assertEqual(response.data['active_session'], False)

    def test_csrf_exempt_by_default(self):
        """
        By default, the test client is CSRF exempt.
        """
        User.objects.create_user('example', 'example@example.com', 'password')
        self.client.login(username='example', password='password')
        response = self.client.post('/view/')
        self.assertEqual(response.status_code, 200)

    def test_explicitly_enforce_csrf_checks(self):
        """
        The test client can enforce CSRF checks.
        """
        client = APIClient(enforce_csrf_checks=True)
        User.objects.create_user('example', 'example@example.com', 'password')
        client.login(username='example', password='password')
        response = client.post('/view/')
        expected = {'detail': 'CSRF Failed: CSRF cookie not set.'}
        self.assertEqual(response.status_code, 403)
        self.assertEqual(response.data, expected)

    def test_can_logout(self):
        """
        `logout()` reset stored credentials
        """
        self.client.credentials(HTTP_AUTHORIZATION='example')
        response = self.client.get('/view/')
        self.assertEqual(response.data['auth'], 'example')
        self.client.logout()
        response = self.client.get('/view/')
        self.assertEqual(response.data['auth'], b'')

    def test_follow_redirect(self):
        """
        Follow redirect by setting follow argument.
        """
        response = self.client.get('/redirect-view/')
        self.assertEqual(response.status_code, 302)
        response = self.client.get('/redirect-view/', follow=True)
        self.assertIsNotNone(response.redirect_chain)
        self.assertEqual(response.status_code, 200)

        response = self.client.post('/redirect-view/')
        self.assertEqual(response.status_code, 302)
        response = self.client.post('/redirect-view/', follow=True)
        self.assertIsNotNone(response.redirect_chain)
        self.assertEqual(response.status_code, 200)

        response = self.client.put('/redirect-view/')
        self.assertEqual(response.status_code, 302)
        response = self.client.put('/redirect-view/', follow=True)
        self.assertIsNotNone(response.redirect_chain)
        self.assertEqual(response.status_code, 200)

        response = self.client.patch('/redirect-view/')
        self.assertEqual(response.status_code, 302)
        response = self.client.patch('/redirect-view/', follow=True)
        self.assertIsNotNone(response.redirect_chain)
        self.assertEqual(response.status_code, 200)

        response = self.client.delete('/redirect-view/')
        self.assertEqual(response.status_code, 302)
        response = self.client.delete('/redirect-view/', follow=True)
        self.assertIsNotNone(response.redirect_chain)
        self.assertEqual(response.status_code, 200)

        response = self.client.options('/redirect-view/')
        self.assertEqual(response.status_code, 302)
        response = self.client.options('/redirect-view/', follow=True)
        self.assertIsNotNone(response.redirect_chain)
        self.assertEqual(response.status_code, 200)


class TestAPIRequestFactory(TestCase):
    def test_csrf_exempt_by_default(self):
        """
        By default, the test client is CSRF exempt.
        """
        user = User.objects.create_user('example', 'example@example.com', 'password')
        factory = APIRequestFactory()
        request = factory.post('/view/')
        request.user = user
        response = view(request)
        self.assertEqual(response.status_code, 200)

    def test_explicitly_enforce_csrf_checks(self):
        """
        The test client can enforce CSRF checks.
        """
        user = User.objects.create_user('example', 'example@example.com', 'password')
        factory = APIRequestFactory(enforce_csrf_checks=True)
        request = factory.post('/view/')
        request.user = user
        response = view(request)
        expected = {'detail': 'CSRF Failed: CSRF cookie not set.'}
        self.assertEqual(response.status_code, 403)
        self.assertEqual(response.data, expected)

    def test_invalid_format(self):
        """
        Attempting to use a format that is not configured will raise an
        assertion error.
        """
        factory = APIRequestFactory()
        self.assertRaises(
            AssertionError, factory.post,
            path='/view/', data={'example': 1}, format='xml'
        )

    def test_force_authenticate(self):
        """
        Setting `force_authenticate()` forcibly authenticates the request.
        """
        user = User.objects.create_user('example', 'example@example.com')
        factory = APIRequestFactory()
        request = factory.get('/view')
        force_authenticate(request, user=user)
        response = view(request)
        self.assertEqual(response.data['user'], 'example')

    def test_upload_file(self):
        # This is a 1x1 black png
        simple_png = BytesIO(b'\x89PNG\r\n\x1a\n\x00\x00\x00\rIHDR\x00\x00\x00\x01\x00\x00\x00\x01\x08\x06\x00\x00\x00\x1f\x15\xc4\x89\x00\x00\x00\rIDATx\x9cc````\x00\x00\x00\x05\x00\x01\xa5\xf6E@\x00\x00\x00\x00IEND\xaeB`\x82')
        simple_png.name = 'test.png'
        factory = APIRequestFactory()
        factory.post('/', data={'image': simple_png})

    def test_request_factory_url_arguments(self):
        """
        This is a non regression test against #1461
        """
        factory = APIRequestFactory()
        request = factory.get('/view/?demo=test')
        self.assertEqual(dict(request.GET), {'demo': ['test']})
        request = factory.get('/view/', {'demo': 'test'})
        self.assertEqual(dict(request.GET), {'demo': ['test']})
Addeded 'APITestClient.credentials()' 2013-06-29 11:05:08 +04:00			`# -- coding: utf-8 --`

			`from __future__ import unicode_literals`
Drop 1.3 support 2013-09-25 13:30:04 +04:00			`from django.conf.urls import patterns, url`
Add file upload test for APIRequestFactory Remove test_compat 2014-01-28 19:54:50 +04:00			`from io import BytesIO`

Added APIClient.authenticate() 2013-06-30 00:02:58 +04:00			`from django.contrib.auth.models import User`
Fix follow does not work on APIClient Handle follow just like Django's Client. 2014-10-03 10:42:49 +04:00			`from django.shortcuts import redirect`
Addeded 'APITestClient.credentials()' 2013-06-29 11:05:08 +04:00			`from django.test import TestCase`
			`from rest_framework.decorators import api_view`
			`from rest_framework.response import Response`
Complete testing docs 2013-07-01 16:59:05 +04:00			`from rest_framework.test import APIClient, APIRequestFactory, force_authenticate`
Addeded 'APITestClient.credentials()' 2013-06-29 11:05:08 +04:00

Added APIClient.authenticate() 2013-06-30 00:02:58 +04:00			`@api_view(['GET', 'POST'])`
Complete testing docs 2013-07-01 16:59:05 +04:00			`def view(request):`
Addeded 'APITestClient.credentials()' 2013-06-29 11:05:08 +04:00			`return Response({`
Added APIClient.authenticate() 2013-06-30 00:02:58 +04:00			`'auth': request.META.get('HTTP_AUTHORIZATION', b''),`
			`'user': request.user.username`
Addeded 'APITestClient.credentials()' 2013-06-29 11:05:08 +04:00			`})`


force_authenticate(None) also clears session info. Closes #1055. 2013-08-23 14:21:45 +04:00			`@api_view(['GET', 'POST'])`
			`def session_view(request):`
			`active_session = request.session.get('active_session', False)`
			`request.session['active_session'] = True`
			`return Response({`
			`'active_session': active_session`
			`})`


Fix follow does not work on APIClient Handle follow just like Django's Client. 2014-10-03 10:42:49 +04:00			`@api_view(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'])`
			`def redirect_view(request):`
			`return redirect('/view/')`


Code linting and added runtests.py 2014-08-19 16:28:07 +04:00			`urlpatterns = patterns(`
			`'',`
Complete testing docs 2013-07-01 16:59:05 +04:00			`url(r'^view/$', view),`
force_authenticate(None) also clears session info. Closes #1055. 2013-08-23 14:21:45 +04:00			`url(r'^session-view/$', session_view),`
Fix follow does not work on APIClient Handle follow just like Django's Client. 2014-10-03 10:42:49 +04:00			`url(r'^redirect-view/$', redirect_view),`
Addeded 'APITestClient.credentials()' 2013-06-29 11:05:08 +04:00			`)`


Complete testing docs 2013-07-01 16:59:05 +04:00			`class TestAPITestClient(TestCase):`
Support for running the test suite with py.test * Get rid of runtests.py * Moved test code from rest_framework/tests and rest_framework/runtests to tests * Invoke py.test from setup.py * Invoke py.test from Travis * Invoke py.test from tox * Changed setUpClass to be just plain setUp in test_permissions.py * Updated contribution guideline to show how to invoke py.test 2014-03-02 15:40:30 +04:00			`urls = 'tests.test_testing'`
Addeded 'APITestClient.credentials()' 2013-06-29 11:05:08 +04:00
			`def setUp(self):`
			`self.client = APIClient()`

			`def test_credentials(self):`
Added APIClient.authenticate() 2013-06-30 00:02:58 +04:00			`"""`
			Setting `.credentials()` adds the required headers to each request.
			`"""`
Addeded 'APITestClient.credentials()' 2013-06-29 11:05:08 +04:00			`self.client.credentials(HTTP_AUTHORIZATION='example')`
Added APIClient.authenticate() 2013-06-30 00:02:58 +04:00			`for _ in range(0, 3):`
			`response = self.client.get('/view/')`
			`self.assertEqual(response.data['auth'], 'example')`

Rename to force_authenticate 2013-06-30 01:53:15 +04:00			`def test_force_authenticate(self):`
Added APIClient.authenticate() 2013-06-30 00:02:58 +04:00			`"""`
Rename to force_authenticate 2013-06-30 01:53:15 +04:00			Setting `.force_authenticate()` forcibly authenticates each request.
Added APIClient.authenticate() 2013-06-30 00:02:58 +04:00			`"""`
			`user = User.objects.create_user('example', 'example@example.com')`
Rename to force_authenticate 2013-06-30 01:53:15 +04:00			`self.client.force_authenticate(user)`
Addeded 'APITestClient.credentials()' 2013-06-29 11:05:08 +04:00			`response = self.client.get('/view/')`
Added APIClient.authenticate() 2013-06-30 00:02:58 +04:00			`self.assertEqual(response.data['user'], 'example')`

force_authenticate(None) also clears session info. Closes #1055. 2013-08-23 14:21:45 +04:00			`def test_force_authenticate_with_sessions(self):`
			`"""`
			Setting `.force_authenticate()` forcibly authenticates each request.
			`"""`
			`user = User.objects.create_user('example', 'example@example.com')`
			`self.client.force_authenticate(user)`

			`# First request does not yet have an active session`
			`response = self.client.get('/session-view/')`
			`self.assertEqual(response.data['active_session'], False)`

			`# Subsequant requests have an active session`
			`response = self.client.get('/session-view/')`
			`self.assertEqual(response.data['active_session'], True)`

			# Force authenticating as `None` should also logout the user session.
			`self.client.force_authenticate(None)`
			`response = self.client.get('/session-view/')`
			`self.assertEqual(response.data['active_session'], False)`

Added APIClient.authenticate() 2013-06-30 00:02:58 +04:00			`def test_csrf_exempt_by_default(self):`
			`"""`
			`By default, the test client is CSRF exempt.`
			`"""`
			`User.objects.create_user('example', 'example@example.com', 'password')`
			`self.client.login(username='example', password='password')`
			`response = self.client.post('/view/')`
			`self.assertEqual(response.status_code, 200)`

			`def test_explicitly_enforce_csrf_checks(self):`
			`"""`
			`The test client can enforce CSRF checks.`
			`"""`
			`client = APIClient(enforce_csrf_checks=True)`
			`User.objects.create_user('example', 'example@example.com', 'password')`
			`client.login(username='example', password='password')`
			`response = client.post('/view/')`
			`expected = {'detail': 'CSRF Failed: CSRF cookie not set.'}`
			`self.assertEqual(response.status_code, 403)`
			`self.assertEqual(response.data, expected)`
Complete testing docs 2013-07-01 16:59:05 +04:00
reset stored credentials when call client.logout() 2014-04-07 16:59:27 +04:00			`def test_can_logout(self):`
			`"""`
			`logout()` reset stored credentials
			`"""`
			`self.client.credentials(HTTP_AUTHORIZATION='example')`
			`response = self.client.get('/view/')`
			`self.assertEqual(response.data['auth'], 'example')`
			`self.client.logout()`
			`response = self.client.get('/view/')`
			`self.assertEqual(response.data['auth'], b'')`

Fix follow does not work on APIClient Handle follow just like Django's Client. 2014-10-03 10:42:49 +04:00			`def test_follow_redirect(self):`
			`"""`
			`Follow redirect by setting follow argument.`
			`"""`
			`response = self.client.get('/redirect-view/')`
			`self.assertEqual(response.status_code, 302)`
			`response = self.client.get('/redirect-view/', follow=True)`
			`self.assertIsNotNone(response.redirect_chain)`
			`self.assertEqual(response.status_code, 200)`

			`response = self.client.post('/redirect-view/')`
			`self.assertEqual(response.status_code, 302)`
			`response = self.client.post('/redirect-view/', follow=True)`
			`self.assertIsNotNone(response.redirect_chain)`
			`self.assertEqual(response.status_code, 200)`

			`response = self.client.put('/redirect-view/')`
			`self.assertEqual(response.status_code, 302)`
			`response = self.client.put('/redirect-view/', follow=True)`
			`self.assertIsNotNone(response.redirect_chain)`
			`self.assertEqual(response.status_code, 200)`

			`response = self.client.patch('/redirect-view/')`
			`self.assertEqual(response.status_code, 302)`
			`response = self.client.patch('/redirect-view/', follow=True)`
			`self.assertIsNotNone(response.redirect_chain)`
			`self.assertEqual(response.status_code, 200)`

			`response = self.client.delete('/redirect-view/')`
			`self.assertEqual(response.status_code, 302)`
			`response = self.client.delete('/redirect-view/', follow=True)`
			`self.assertIsNotNone(response.redirect_chain)`
			`self.assertEqual(response.status_code, 200)`

			`response = self.client.options('/redirect-view/')`
			`self.assertEqual(response.status_code, 302)`
			`response = self.client.options('/redirect-view/', follow=True)`
			`self.assertIsNotNone(response.redirect_chain)`
			`self.assertEqual(response.status_code, 200)`

Complete testing docs 2013-07-01 16:59:05 +04:00
			`class TestAPIRequestFactory(TestCase):`
			`def test_csrf_exempt_by_default(self):`
			`"""`
			`By default, the test client is CSRF exempt.`
			`"""`
			`user = User.objects.create_user('example', 'example@example.com', 'password')`
			`factory = APIRequestFactory()`
			`request = factory.post('/view/')`
			`request.user = user`
			`response = view(request)`
			`self.assertEqual(response.status_code, 200)`

			`def test_explicitly_enforce_csrf_checks(self):`
			`"""`
			`The test client can enforce CSRF checks.`
			`"""`
			`user = User.objects.create_user('example', 'example@example.com', 'password')`
			`factory = APIRequestFactory(enforce_csrf_checks=True)`
			`request = factory.post('/view/')`
			`request.user = user`
			`response = view(request)`
			`expected = {'detail': 'CSRF Failed: CSRF cookie not set.'}`
			`self.assertEqual(response.status_code, 403)`
			`self.assertEqual(response.data, expected)`

			`def test_invalid_format(self):`
			`"""`
			`Attempting to use a format that is not configured will raise an`
			`assertion error.`
			`"""`
			`factory = APIRequestFactory()`
Code linting and added runtests.py 2014-08-19 16:28:07 +04:00			`self.assertRaises(`
			`AssertionError, factory.post,`
Complete testing docs 2013-07-01 16:59:05 +04:00			`path='/view/', data={'example': 1}, format='xml'`
			`)`

			`def test_force_authenticate(self):`
			`"""`
			Setting `force_authenticate()` forcibly authenticates the request.
			`"""`
			`user = User.objects.create_user('example', 'example@example.com')`
			`factory = APIRequestFactory()`
			`request = factory.get('/view')`
			`force_authenticate(request, user=user)`
			`response = view(request)`
			`self.assertEqual(response.data['user'], 'example')`
Add file upload test for APIRequestFactory Remove test_compat 2014-01-28 19:54:50 +04:00
			`def test_upload_file(self):`
			`# This is a 1x1 black png`
			simple_png = BytesIO(b'\x89PNG\r\n\x1a\n\x00\x00\x00\rIHDR\x00\x00\x00\x01\x00\x00\x00\x01\x08\x06\x00\x00\x00\x1f\x15\xc4\x89\x00\x00\x00\rIDATx\x9cc````\x00\x00\x00\x05\x00\x01\xa5\xf6E@\x00\x00\x00\x00IEND\xaeB`\x82')
			`simple_png.name = 'test.png'`
			`factory = APIRequestFactory()`
			`factory.post('/', data={'image': simple_png})`
Reintroduced url arguments in the urls for the tests. 2014-03-07 19:11:51 +04:00
			`def test_request_factory_url_arguments(self):`
			`"""`
			`This is a non regression test against #1461`
			`"""`
			`factory = APIRequestFactory()`
			`request = factory.get('/view/?demo=test')`
			`self.assertEqual(dict(request.GET), {'demo': ['test']})`
			`request = factory.get('/view/', {'demo': 'test'})`
			`self.assertEqual(dict(request.GET), {'demo': ['test']})`