encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-09-17 01:32:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

test if basic auth without provided password fails

Browse Source
This commit is contained in:
Liljack118 2022-12-03 17:20:33 +01:00
parent 05eded4e28
commit 85cc290ea3
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
tests/authentication/test_authentication.py
View File

@ -120,6 +120,22 @@ class BasicAuthTests(TestCase):
)
assert response.status_code == status.HTTP_200_OK
def test_post_json_without_password_failing_basic_auth(self):
"""Ensure POSTing json without password (even if password is empty string) returns 401"""
self.user.set_password("")
credentials = ('%s' % (self.username))
base64_credentials = base64.b64encode(
credentials.encode(HTTP_HEADER_ENCODING)
).decode(HTTP_HEADER_ENCODING)
auth = 'Basic %s' % base64_credentials
response = self.csrf_client.post(
'/basic/',
{'example': 'example'},
format='json',
HTTP_AUTHORIZATION=auth
)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
def test_regression_handle_bad_base64_basic_auth_header(self):
"""Ensure POSTing JSON over basic auth with incorrectly padded Base64 string is handled correctly"""
# regression test for issue in 'rest_framework.authentication.BasicAuthentication.authenticate'