mirror of
https://github.com/encode/django-rest-framework.git
synced 2025-04-28 13:03:45 +03:00
Revert custom middleware implementation
This commit is contained in:
Bruno Alla
parent
6b55ccc22a
commit
d295dfe5a7
|
|
@ -1,26 +0,0 @@
|
|||
from django.core.exceptions import ImproperlyConfigured
|
||||
|
||||
from rest_framework.settings import api_settings
|
||||
from rest_framework.views import APIView
|
||||
|
||||
try:
|
||||
from django.contrib.auth.middleware import \
|
||||
LoginRequiredMiddleware as DjangoLoginRequiredMiddleware
|
||||
except ImportError:
|
||||
DjangoLoginRequiredMiddleware = None
|
||||
|
||||
|
||||
if DjangoLoginRequiredMiddleware:
|
||||
class LoginRequiredMiddleware(DjangoLoginRequiredMiddleware):
|
||||
def process_view(self, request, view_func, view_args, view_kwargs):
|
||||
if (
|
||||
hasattr(view_func, "cls")
|
||||
and issubclass(view_func.cls, APIView)
|
||||
):
|
||||
if 'rest_framework.permissions.AllowAny' in api_settings.DEFAULT_PERMISSION_CLASSES:
|
||||
raise ImproperlyConfigured(
|
||||
"You cannot use 'rest_framework.permissions.AllowAny' in `DEFAULT_PERMISSION_CLASSES` "
|
||||
"with `LoginRequiredMiddleware`."
|
||||
)
|
||||
return None
|
||||
return super().process_view(request, view_func, view_args, view_kwargs)
|
||||
|
|
@ -1,58 +1,25 @@
|
|||
import base64
|
||||
import unittest
|
||||
|
||||
import django
|
||||
from django.contrib.auth.models import User
|
||||
from django.http import HttpRequest, HttpResponse
|
||||
from django.http import HttpRequest
|
||||
from django.test import override_settings
|
||||
from django.urls import path
|
||||
from django.views import View
|
||||
|
||||
from rest_framework import HTTP_HEADER_ENCODING, status
|
||||
from rest_framework.authentication import (
|
||||
BasicAuthentication, TokenAuthentication
|
||||
)
|
||||
from rest_framework.authentication import TokenAuthentication
|
||||
from rest_framework.authtoken.models import Token
|
||||
from rest_framework.decorators import api_view
|
||||
from rest_framework.request import is_form_media_type
|
||||
from rest_framework.response import Response
|
||||
from rest_framework.test import APITestCase
|
||||
from rest_framework.views import APIView
|
||||
|
||||
|
||||
class PostAPIView(APIView):
|
||||
class PostView(APIView):
|
||||
def post(self, request):
|
||||
return Response(data=request.data, status=200)
|
||||
|
||||
|
||||
with override_settings(
|
||||
REST_FRAMEWORK={
|
||||
'DEFAULT_PERMISSION_CLASSES': [
|
||||
'rest_framework.permissions.IsAuthenticated',
|
||||
],
|
||||
}
|
||||
):
|
||||
class GetAPIView(APIView):
|
||||
def get(self, request):
|
||||
return Response(data={"status": "ok"}, status=200)
|
||||
|
||||
class GetView(View):
|
||||
def get(self, request):
|
||||
return HttpResponse("OK", status=200)
|
||||
|
||||
@api_view(['GET'])
|
||||
def get_func_view(request):
|
||||
return HttpResponse("OK", status=200)
|
||||
|
||||
urlpatterns = [
|
||||
path('api/auth', APIView.as_view(authentication_classes=(TokenAuthentication,))),
|
||||
path('api/post', PostAPIView.as_view()),
|
||||
path('api/get', GetAPIView.as_view()),
|
||||
path('api/get-func', get_func_view),
|
||||
path('api/basic', GetAPIView.as_view(authentication_classes=(BasicAuthentication,))),
|
||||
path('api/token', GetAPIView.as_view(authentication_classes=(TokenAuthentication,))),
|
||||
path('get', GetView.as_view()),
|
||||
]
|
||||
urlpatterns = [
|
||||
path('auth', APIView.as_view(authentication_classes=(TokenAuthentication,))),
|
||||
path('post', PostView.as_view()),
|
||||
]
|
||||
|
||||
|
||||
class RequestUserMiddleware:
|
||||
|
|
@ -98,78 +65,12 @@ class TestMiddleware(APITestCase):
|
|||
key = 'abcd1234'
|
||||
Token.objects.create(key=key, user=user)
|
||||
|
||||
self.client.get('/api/auth', HTTP_AUTHORIZATION='Token %s' % key)
|
||||
self.client.get('/auth', HTTP_AUTHORIZATION='Token %s' % key)
|
||||
|
||||
@override_settings(MIDDLEWARE=('tests.test_middleware.RequestPOSTMiddleware',))
|
||||
def test_middleware_can_access_request_post_when_processing_response(self):
|
||||
response = self.client.post('/api/post', {'foo': 'bar'})
|
||||
response = self.client.post('/post', {'foo': 'bar'})
|
||||
assert response.status_code == 200
|
||||
|
||||
response = self.client.post('/api/post', {'foo': 'bar'}, format='json')
|
||||
response = self.client.post('/post', {'foo': 'bar'}, format='json')
|
||||
assert response.status_code == 200
|
||||
|
||||
|
||||
@unittest.skipUnless(django.VERSION >= (5, 1), 'Only for Django 5.1+')
|
||||
@override_settings(
|
||||
ROOT_URLCONF='tests.test_middleware',
|
||||
MIDDLEWARE=(
|
||||
# Needed for AuthenticationMiddleware
|
||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||
# Needed for LoginRequiredMiddleware
|
||||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
||||
'rest_framework.middleware.LoginRequiredMiddleware',
|
||||
),
|
||||
REST_FRAMEWORK={
|
||||
'DEFAULT_PERMISSION_CLASSES': [
|
||||
'rest_framework.permissions.IsAuthenticated',
|
||||
],
|
||||
}
|
||||
)
|
||||
class TestLoginRequiredMiddleware(APITestCase):
|
||||
def test_unauthorized_when_user_is_anonymous_on_public_view(self):
|
||||
response = self.client.get('/api/get')
|
||||
assert response.status_code == status.HTTP_401_UNAUTHORIZED
|
||||
|
||||
def test_unauthorized_when_user_is_anonymous_on_basic_auth_view(self):
|
||||
response = self.client.get('/api/basic')
|
||||
assert response.status_code == status.HTTP_401_UNAUTHORIZED
|
||||
|
||||
def test_unauthorized_when_user_is_anonymous_on_token_auth_view(self):
|
||||
response = self.client.get('/api/token')
|
||||
assert response.status_code == status.HTTP_401_UNAUTHORIZED
|
||||
|
||||
def test_allows_request_when_session_authenticated(self):
|
||||
user = User.objects.create_user('john', 'john@example.com', 'password')
|
||||
self.client.force_login(user)
|
||||
|
||||
response = self.client.get('/api/get')
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
|
||||
def test_allows_request_when_authenticated_function_view(self):
|
||||
user = User.objects.create_user('john', 'john@example.com', 'password')
|
||||
self.client.force_login(user)
|
||||
|
||||
response = self.client.get('/api/get-func')
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
|
||||
def test_allows_request_when_token_authenticated(self):
|
||||
user = User.objects.create_user('john', 'john@example.com', 'password')
|
||||
key = 'abcd1234'
|
||||
Token.objects.create(key=key, user=user)
|
||||
|
||||
response = self.client.get('/api/token', headers={"Authorization": f'Token {key}'})
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
|
||||
def test_allows_request_when_basic_authenticated(self):
|
||||
user = User.objects.create_user('john', 'john@example.com', 'password')
|
||||
credentials = ('%s:%s' % (user.username, user.password))
|
||||
base64_credentials = base64.b64encode(
|
||||
credentials.encode(HTTP_HEADER_ENCODING)
|
||||
).decode(HTTP_HEADER_ENCODING)
|
||||
auth = f'Basic {base64_credentials}'
|
||||
response = self.client.get('/api/basic', headers={"Authorization": auth})
|
||||
assert response.status_code == status.HTTP_200_OK
|
||||
|
||||
def test_works_as_base_middleware_for_django_view(self):
|
||||
response = self.client.get('/get')
|
||||
self.assertRedirects(response, '/accounts/login/?next=/get', fetch_redirect_response=False)
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user