diff --git a/tests/test_authentication.py b/tests/test_authentication.py
index 9784087d8..e7d2dd421 100644
--- a/tests/test_authentication.py
+++ b/tests/test_authentication.py
@@ -53,11 +53,28 @@ class MockView(APIView):
urlpatterns = [
- url(r'^session/$', MockView.as_view(authentication_classes=[SessionAuthentication])),
- url(r'^basic/$', MockView.as_view(authentication_classes=[BasicAuthentication])),
- url(r'^token/$', MockView.as_view(authentication_classes=[TokenAuthentication])),
- url(r'^customtoken/$', MockView.as_view(authentication_classes=[CustomTokenAuthentication])),
- url(r'^customkeywordtoken/$', MockView.as_view(authentication_classes=[CustomKeywordTokenAuthentication])),
+ url(
+ r'^session/$',
+ MockView.as_view(authentication_classes=[SessionAuthentication])
+ ),
+ url(
+ r'^basic/$',
+ MockView.as_view(authentication_classes=[BasicAuthentication])
+ ),
+ url(
+ r'^token/$',
+ MockView.as_view(authentication_classes=[TokenAuthentication])
+ ),
+ url(
+ r'^customtoken/$',
+ MockView.as_view(authentication_classes=[CustomTokenAuthentication])
+ ),
+ url(
+ r'^customkeywordtoken/$',
+ MockView.as_view(
+ authentication_classes=[CustomKeywordTokenAuthentication]
+ )
+ ),
url(r'^auth-token/$', 'rest_framework.authtoken.views.obtain_auth_token'),
url(r'^auth/', include('rest_framework.urls', namespace='rest_framework')),
]
@@ -72,22 +89,37 @@ class BasicAuthTests(TestCase):
self.username = 'john'
self.email = 'lennon@thebeatles.com'
self.password = 'password'
- self.user = User.objects.create_user(self.username, self.email, self.password)
+ self.user = User.objects.create_user(
+ self.username, self.email, self.password
+ )
def test_post_form_passing_basic_auth(self):
"""Ensure POSTing json over basic auth with correct credentials passes and does not require CSRF"""
credentials = ('%s:%s' % (self.username, self.password))
- base64_credentials = base64.b64encode(credentials.encode(HTTP_HEADER_ENCODING)).decode(HTTP_HEADER_ENCODING)
+ base64_credentials = base64.b64encode(
+ credentials.encode(HTTP_HEADER_ENCODING)
+ ).decode(HTTP_HEADER_ENCODING)
auth = 'Basic %s' % base64_credentials
- response = self.csrf_client.post('/basic/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
+ response = self.csrf_client.post(
+ '/basic/',
+ {'example': 'example'},
+ HTTP_AUTHORIZATION=auth
+ )
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_post_json_passing_basic_auth(self):
"""Ensure POSTing form over basic auth with correct credentials passes and does not require CSRF"""
credentials = ('%s:%s' % (self.username, self.password))
- base64_credentials = base64.b64encode(credentials.encode(HTTP_HEADER_ENCODING)).decode(HTTP_HEADER_ENCODING)
+ base64_credentials = base64.b64encode(
+ credentials.encode(HTTP_HEADER_ENCODING)
+ ).decode(HTTP_HEADER_ENCODING)
auth = 'Basic %s' % base64_credentials
- response = self.csrf_client.post('/basic/', {'example': 'example'}, format='json', HTTP_AUTHORIZATION=auth)
+ response = self.csrf_client.post(
+ '/basic/',
+ {'example': 'example'},
+ format='json',
+ HTTP_AUTHORIZATION=auth
+ )
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_regression_handle_bad_base64_basic_auth_header(self):
@@ -95,7 +127,12 @@ class BasicAuthTests(TestCase):
# regression test for issue in 'rest_framework.authentication.BasicAuthentication.authenticate'
# https://github.com/tomchristie/django-rest-framework/issues/4089
auth = 'Basic =a='
- response = self.csrf_client.post('/basic/', {'example': 'example'}, format='json', HTTP_AUTHORIZATION=auth)
+ response = self.csrf_client.post(
+ '/basic/',
+ {'example': 'example'},
+ format='json',
+ HTTP_AUTHORIZATION=auth
+ )
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_form_failing_basic_auth(self):
@@ -105,7 +142,11 @@ class BasicAuthTests(TestCase):
def test_post_json_failing_basic_auth(self):
"""Ensure POSTing json over basic auth without correct credentials fails"""
- response = self.csrf_client.post('/basic/', {'example': 'example'}, format='json')
+ response = self.csrf_client.post(
+ '/basic/',
+ {'example': 'example'},
+ format='json'
+ )
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response['WWW-Authenticate'], 'Basic realm="api"')
@@ -120,7 +161,9 @@ class SessionAuthTests(TestCase):
self.username = 'john'
self.email = 'lennon@thebeatles.com'
self.password = 'password'
- self.user = User.objects.create_user(self.username, self.email, self.password)
+ self.user = User.objects.create_user(
+ self.username, self.email, self.password
+ )
def tearDown(self):
self.csrf_client.logout()
@@ -132,7 +175,9 @@ class SessionAuthTests(TestCase):
cf. [#1810](https://github.com/tomchristie/django-rest-framework/pull/1810)
"""
response = self.csrf_client.get('/auth/login/')
- self.assertContains(response, '')
+ self.assertContains(
+ response, ''
+ )
def test_post_form_session_auth_failing_csrf(self):
"""
@@ -144,18 +189,28 @@ class SessionAuthTests(TestCase):
def test_post_form_session_auth_passing(self):
"""
- Ensure POSTing form over session authentication with logged in user and CSRF token passes.
+ Ensure POSTing form over session authentication with logged in
+ user and CSRF token passes.
"""
- self.non_csrf_client.login(username=self.username, password=self.password)
- response = self.non_csrf_client.post('/session/', {'example': 'example'})
+ self.non_csrf_client.login(
+ username=self.username, password=self.password
+ )
+ response = self.non_csrf_client.post(
+ '/session/', {'example': 'example'}
+ )
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_put_form_session_auth_passing(self):
"""
- Ensure PUTting form over session authentication with logged in user and CSRF token passes.
+ Ensure PUTting form over session authentication with
+ logged in user and CSRF token passes.
"""
- self.non_csrf_client.login(username=self.username, password=self.password)
- response = self.non_csrf_client.put('/session/', {'example': 'example'})
+ self.non_csrf_client.login(
+ username=self.username, password=self.password
+ )
+ response = self.non_csrf_client.put(
+ '/session/', {'example': 'example'}
+ )
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_post_form_session_auth_failing(self):
@@ -178,52 +233,81 @@ class BaseTokenAuthTests(object):
self.username = 'john'
self.email = 'lennon@thebeatles.com'
self.password = 'password'
- self.user = User.objects.create_user(self.username, self.email, self.password)
+ self.user = User.objects.create_user(
+ self.username, self.email, self.password
+ )
self.key = 'abcd1234'
self.token = self.model.objects.create(key=self.key, user=self.user)
def test_post_form_passing_token_auth(self):
- """Ensure POSTing json over token auth with correct credentials passes and does not require CSRF"""
+ """
+ Ensure POSTing json over token auth with correct
+ credentials passes and does not require CSRF
+ """
auth = self.header_prefix + self.key
- response = self.csrf_client.post(self.path, {'example': 'example'}, HTTP_AUTHORIZATION=auth)
+ response = self.csrf_client.post(
+ self.path, {'example': 'example'}, HTTP_AUTHORIZATION=auth
+ )
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_fail_post_form_passing_nonexistent_token_auth(self):
# use a nonexistent token key
auth = self.header_prefix + 'wxyz6789'
- response = self.csrf_client.post(self.path, {'example': 'example'}, HTTP_AUTHORIZATION=auth)
+ response = self.csrf_client.post(
+ self.path, {'example': 'example'}, HTTP_AUTHORIZATION=auth
+ )
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_fail_post_form_passing_invalid_token_auth(self):
# add an 'invalid' unicode character
auth = self.header_prefix + self.key + "ΒΈ"
- response = self.csrf_client.post(self.path, {'example': 'example'}, HTTP_AUTHORIZATION=auth)
+ response = self.csrf_client.post(
+ self.path, {'example': 'example'}, HTTP_AUTHORIZATION=auth
+ )
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_json_passing_token_auth(self):
- """Ensure POSTing form over token auth with correct credentials passes and does not require CSRF"""
+ """
+ Ensure POSTing form over token auth with correct
+ credentials passes and does not require CSRF
+ """
auth = self.header_prefix + self.key
- response = self.csrf_client.post(self.path, {'example': 'example'}, format='json', HTTP_AUTHORIZATION=auth)
+ response = self.csrf_client.post(
+ self.path, {'example': 'example'},
+ format='json', HTTP_AUTHORIZATION=auth
+ )
self.assertEqual(response.status_code, status.HTTP_200_OK)
def test_post_json_makes_one_db_query(self):
- """Ensure that authenticating a user using a token performs only one DB query"""
+ """
+ Ensure that authenticating a user using a
+ token performs only one DB query
+ """
auth = self.header_prefix + self.key
def func_to_test():
- return self.csrf_client.post(self.path, {'example': 'example'}, format='json', HTTP_AUTHORIZATION=auth)
+ return self.csrf_client.post(
+ self.path, {'example': 'example'},
+ format='json', HTTP_AUTHORIZATION=auth
+ )
self.assertNumQueries(1, func_to_test)
def test_post_form_failing_token_auth(self):
- """Ensure POSTing form over token auth without correct credentials fails"""
+ """
+ Ensure POSTing form over token auth without correct credentials fails
+ """
response = self.csrf_client.post(self.path, {'example': 'example'})
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
def test_post_json_failing_token_auth(self):
- """Ensure POSTing json over token auth without correct credentials fails"""
- response = self.csrf_client.post(self.path, {'example': 'example'}, format='json')
+ """
+ Ensure POSTing json over token auth without correct credentials fails
+ """
+ response = self.csrf_client.post(
+ self.path, {'example': 'example'}, format='json'
+ )
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
@@ -246,16 +330,25 @@ class TokenAuthTests(BaseTokenAuthTests, TestCase):
def test_token_login_json(self):
"""Ensure token login view using JSON POST works."""
client = APIClient(enforce_csrf_checks=True)
- response = client.post('/auth-token/',
- {'username': self.username, 'password': self.password}, format='json')
+ response = client.post(
+ '/auth-token/',
+ {'username': self.username, 'password': self.password},
+ format='json'
+ )
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['token'], self.key)
def test_token_login_json_bad_creds(self):
- """Ensure token login view using JSON POST fails if bad credentials are used."""
+ """
+ Ensure token login view using JSON POST fails if
+ bad credentials are used
+ """
client = APIClient(enforce_csrf_checks=True)
- response = client.post('/auth-token/',
- {'username': self.username, 'password': "badpass"}, format='json')
+ response = client.post(
+ '/auth-token/',
+ {'username': self.username, 'password': "badpass"},
+ format='json'
+ )
self.assertEqual(response.status_code, 400)
def test_token_login_json_missing_fields(self):