basicauth: add dedicated test for utf8 credentials

2025-07-28 00:49:49 +03:00 · 2020-02-17 01:11:08 +01:00 · 2020-02-17 01:11:08 +01:00 · 2394a50b59
commit 2394a50b59
parent 25819600c9
1 changed files with 22 additions and 3 deletions
--- a/tests/authentication/test_authentication.py
+++ b/tests/authentication/test_authentication.py
@ -85,7 +85,7 @@ class BasicAuthTests(TestCase):
        self.csrf_client = APIClient(enforce_csrf_checks=True)
        self.username = 'john'
        self.email = 'lennon@thebeatles.com'
-        self.password = 'pässwörd'
+        self.password = 'password'
        self.user = User.objects.create_user(
            self.username, self.email, self.password
        )
@ -94,7 +94,7 @@ class BasicAuthTests(TestCase):
        """Ensure POSTing json over basic auth with correct credentials passes and does not require CSRF"""
        credentials = ('%s:%s' % (self.username, self.password))
        base64_credentials = base64.b64encode(
-            credentials.encode('utf-8')
+            credentials.encode(HTTP_HEADER_ENCODING)
        ).decode(HTTP_HEADER_ENCODING)
        auth = 'Basic %s' % base64_credentials
        response = self.csrf_client.post(
@ -108,7 +108,7 @@ class BasicAuthTests(TestCase):
        """Ensure POSTing form over basic auth with correct credentials passes and does not require CSRF"""
        credentials = ('%s:%s' % (self.username, self.password))
        base64_credentials = base64.b64encode(
-            credentials.encode('utf-8')
+            credentials.encode(HTTP_HEADER_ENCODING)
        ).decode(HTTP_HEADER_ENCODING)
        auth = 'Basic %s' % base64_credentials
        response = self.csrf_client.post(
@ -159,6 +159,25 @@ class BasicAuthTests(TestCase):
        )
        assert response.status_code == status.HTTP_401_UNAUTHORIZED

+    def test_decoding_of_utf8_credentials(self):
+        username = 'walterwhité'
+        email = 'walterwhite@example.com'
+        password = 'pässwörd'
+        User.objects.create_user(
+            username, email, password
+        )
+        credentials = ('%s:%s' % (username, password))
+        base64_credentials = base64.b64encode(
+            credentials.encode('utf-8')
+        ).decode(HTTP_HEADER_ENCODING)
+        auth = 'Basic %s' % base64_credentials
+        response = self.csrf_client.post(
+            '/basic/',
+            {'example': 'example'},
+            HTTP_AUTHORIZATION=auth
+        )
+        assert response.status_code == status.HTTP_200_OK
+

@override_settings(ROOT_URLCONF=__name__)
 class SessionAuthTests(TestCase):