encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-08-08 06:14:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

update tests for csrf logic change of SessionAuthentication

Browse Source
This commit is contained in:
Elephant Liu 2015-10-19 21:19:16 +08:00
parent 9c412426b5
commit 9ad8d08683
1 changed files with 20 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
tests/test_testing.py
View File

@ -8,6 +8,7 @@ from django.contrib.auth.models import User
from django.shortcuts import redirect from django.shortcuts import redirect
from django.test import TestCase from django.test import TestCase
from rest_framework import exceptions
from rest_framework.decorators import api_view from rest_framework.decorators import api_view
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.test import ( from rest_framework.test import (
@ -23,6 +24,21 @@ def view(request):
}) })
@api_view(['GET', 'POST'])
def authenticated_view(request):
if not request.user.is_authenticated():
reason = getattr(request, '_csrf_failed_reason', None)
if reason:
raise exceptions.PermissionDenied('CSRF Failed: %s' % reason)
else:
raise exceptions.PermissionDenied()
return Response({
'auth': request.META.get('HTTP_AUTHORIZATION', b''),
'user': request.user.username
})
@api_view(['GET', 'POST']) @api_view(['GET', 'POST'])
def session_view(request): def session_view(request):
active_session = request.session.get('active_session', False) active_session = request.session.get('active_session', False)
@ -39,6 +55,7 @@ def redirect_view(request):
urlpatterns = [ urlpatterns = [
url(r'^view/$', view), url(r'^view/$', view),
url(r'^authenticated-view/$', authenticated_view),
url(r'^session-view/$', session_view), url(r'^session-view/$', session_view),
url(r'^redirect-view/$', redirect_view), url(r'^redirect-view/$', redirect_view),
] ]
@ -104,7 +121,7 @@ class TestAPITestClient(TestCase):
client = APIClient(enforce_csrf_checks=True) client = APIClient(enforce_csrf_checks=True)
User.objects.create_user('example', 'example@example.com', 'password') User.objects.create_user('example', 'example@example.com', 'password')
client.login(username='example', password='password') client.login(username='example', password='password')
response = client.post('/view/') response = client.post('/authenticated-view/')
expected = {'detail': 'CSRF Failed: CSRF cookie not set.'} expected = {'detail': 'CSRF Failed: CSRF cookie not set.'}
self.assertEqual(response.status_code, 403) self.assertEqual(response.status_code, 403)
self.assertEqual(response.data, expected) self.assertEqual(response.data, expected)
@ -201,9 +218,9 @@ class TestAPIRequestFactory(TestCase):
""" """
user = User.objects.create_user('example', 'example@example.com', 'password') user = User.objects.create_user('example', 'example@example.com', 'password')
factory = APIRequestFactory(enforce_csrf_checks=True) factory = APIRequestFactory(enforce_csrf_checks=True)
request = factory.post('/view/') request = factory.post('/authenticated-view/')
request.user = user request.user = user
response = view(request) response = authenticated_view(request)
expected = {'detail': 'CSRF Failed: CSRF cookie not set.'} expected = {'detail': 'CSRF Failed: CSRF cookie not set.'}
self.assertEqual(response.status_code, 403) self.assertEqual(response.status_code, 403)
self.assertEqual(response.data, expected) self.assertEqual(response.data, expected)