encode/django-rest-framework
1
1
Fork 0
mirror of https://github.com/encode/django-rest-framework.git synced 2025-04-28 21:13:43 +03:00
Code Issues Packages Projects Releases Wiki Activity

Revert custom middleware implementation

Browse Source
This commit is contained in:
Bruno Alla 2024-08-30 18:42:14 +01:00
parent 6b55ccc22a
commit d295dfe5a7
No known key found for this signature in database
2 changed files with 10 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
rest_framework/middleware.py
View File

@ -1,26 +0,0 @@
from django.core.exceptions import ImproperlyConfigured
from rest_framework.settings import api_settings
from rest_framework.views import APIView
try:
from django.contrib.auth.middleware import \
LoginRequiredMiddleware as DjangoLoginRequiredMiddleware
except ImportError:
DjangoLoginRequiredMiddleware = None
if DjangoLoginRequiredMiddleware:
class LoginRequiredMiddleware(DjangoLoginRequiredMiddleware):
def process_view(self, request, view_func, view_args, view_kwargs):
if (
hasattr(view_func, "cls")
and issubclass(view_func.cls, APIView)
):
if 'rest_framework.permissions.AllowAny' in api_settings.DEFAULT_PERMISSION_CLASSES:
raise ImproperlyConfigured(
"You cannot use 'rest_framework.permissions.AllowAny' in `DEFAULT_PERMISSION_CLASSES` "
"with `LoginRequiredMiddleware`."
)
return None
return super().process_view(request, view_func, view_args, view_kwargs)

119
tests/test_middleware.py
View File

@ -1,58 +1,25 @@
import base64
import unittest
import django
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest
from django.test import override_settings from django.test import override_settings
from django.urls import path from django.urls import path
from django.views import View
from rest_framework import HTTP_HEADER_ENCODING, status from rest_framework.authentication import TokenAuthentication
from rest_framework.authentication import (
BasicAuthentication, TokenAuthentication
)
from rest_framework.authtoken.models import Token from rest_framework.authtoken.models import Token
from rest_framework.decorators import api_view
from rest_framework.request import is_form_media_type from rest_framework.request import is_form_media_type
from rest_framework.response import Response from rest_framework.response import Response
from rest_framework.test import APITestCase from rest_framework.test import APITestCase
from rest_framework.views import APIView from rest_framework.views import APIView
class PostAPIView(APIView): class PostView(APIView):
def post(self, request): def post(self, request):
return Response(data=request.data, status=200) return Response(data=request.data, status=200)
with override_settings( urlpatterns = [
REST_FRAMEWORK={ path('auth', APIView.as_view(authentication_classes=(TokenAuthentication,))),
'DEFAULT_PERMISSION_CLASSES': [ path('post', PostView.as_view()),
'rest_framework.permissions.IsAuthenticated', ]
],
}
):
class GetAPIView(APIView):
def get(self, request):
return Response(data={"status": "ok"}, status=200)
class GetView(View):
def get(self, request):
return HttpResponse("OK", status=200)
@api_view(['GET'])
def get_func_view(request):
return HttpResponse("OK", status=200)
urlpatterns = [
path('api/auth', APIView.as_view(authentication_classes=(TokenAuthentication,))),
path('api/post', PostAPIView.as_view()),
path('api/get', GetAPIView.as_view()),
path('api/get-func', get_func_view),
path('api/basic', GetAPIView.as_view(authentication_classes=(BasicAuthentication,))),
path('api/token', GetAPIView.as_view(authentication_classes=(TokenAuthentication,))),
path('get', GetView.as_view()),
]
class RequestUserMiddleware: class RequestUserMiddleware:
@ -98,78 +65,12 @@ class TestMiddleware(APITestCase):
key = 'abcd1234' key = 'abcd1234'
Token.objects.create(key=key, user=user) Token.objects.create(key=key, user=user)
self.client.get('/api/auth', HTTP_AUTHORIZATION='Token %s' % key) self.client.get('/auth', HTTP_AUTHORIZATION='Token %s' % key)
@override_settings(MIDDLEWARE=('tests.test_middleware.RequestPOSTMiddleware',)) @override_settings(MIDDLEWARE=('tests.test_middleware.RequestPOSTMiddleware',))
def test_middleware_can_access_request_post_when_processing_response(self): def test_middleware_can_access_request_post_when_processing_response(self):
response = self.client.post('/api/post', {'foo': 'bar'}) response = self.client.post('/post', {'foo': 'bar'})
assert response.status_code == 200 assert response.status_code == 200
response = self.client.post('/api/post', {'foo': 'bar'}, format='json') response = self.client.post('/post', {'foo': 'bar'}, format='json')
assert response.status_code == 200 assert response.status_code == 200
@unittest.skipUnless(django.VERSION >= (5, 1), 'Only for Django 5.1+')
@override_settings(
ROOT_URLCONF='tests.test_middleware',
MIDDLEWARE=(
# Needed for AuthenticationMiddleware
'django.contrib.sessions.middleware.SessionMiddleware',
# Needed for LoginRequiredMiddleware
'django.contrib.auth.middleware.AuthenticationMiddleware',
'rest_framework.middleware.LoginRequiredMiddleware',
),
REST_FRAMEWORK={
'DEFAULT_PERMISSION_CLASSES': [
'rest_framework.permissions.IsAuthenticated',
],
}
)
class TestLoginRequiredMiddleware(APITestCase):
def test_unauthorized_when_user_is_anonymous_on_public_view(self):
response = self.client.get('/api/get')
assert response.status_code == status.HTTP_401_UNAUTHORIZED
def test_unauthorized_when_user_is_anonymous_on_basic_auth_view(self):
response = self.client.get('/api/basic')
assert response.status_code == status.HTTP_401_UNAUTHORIZED
def test_unauthorized_when_user_is_anonymous_on_token_auth_view(self):
response = self.client.get('/api/token')
assert response.status_code == status.HTTP_401_UNAUTHORIZED
def test_allows_request_when_session_authenticated(self):
user = User.objects.create_user('john', 'john@example.com', 'password')
self.client.force_login(user)
response = self.client.get('/api/get')
assert response.status_code == status.HTTP_200_OK
def test_allows_request_when_authenticated_function_view(self):
user = User.objects.create_user('john', 'john@example.com', 'password')
self.client.force_login(user)
response = self.client.get('/api/get-func')
assert response.status_code == status.HTTP_200_OK
def test_allows_request_when_token_authenticated(self):
user = User.objects.create_user('john', 'john@example.com', 'password')
key = 'abcd1234'
Token.objects.create(key=key, user=user)
response = self.client.get('/api/token', headers={"Authorization": f'Token {key}'})
assert response.status_code == status.HTTP_200_OK
def test_allows_request_when_basic_authenticated(self):
user = User.objects.create_user('john', 'john@example.com', 'password')
credentials = ('%s:%s' % (user.username, user.password))
base64_credentials = base64.b64encode(
credentials.encode(HTTP_HEADER_ENCODING)
).decode(HTTP_HEADER_ENCODING)
auth = f'Basic {base64_credentials}'
response = self.client.get('/api/basic', headers={"Authorization": auth})
assert response.status_code == status.HTTP_200_OK
def test_works_as_base_middleware_for_django_view(self):
response = self.client.get('/get')
self.assertRedirects(response, '/accounts/login/?next=/get', fetch_redirect_response=False)