django-rest-framework/tests/test_testing.py
Peter Thomassen 8b52dc09ee
Do not treat missing non-form data as empty dict
This allows views to distinguish missing payload from empty payload.

Related: #3647, #4566
2021-06-18 14:35:16 +02:00

330 lines
12 KiB
Python

from io import BytesIO
from django.contrib.auth.models import User
from django.shortcuts import redirect
from django.test import TestCase, override_settings
from django.urls import path
from rest_framework import fields, serializers
from rest_framework.decorators import api_view
from rest_framework.response import Response
from rest_framework.test import (
APIClient, APIRequestFactory, URLPatternsTestCase, force_authenticate
)
@api_view(['GET', 'POST'])
def view(request):
return Response({
'auth': request.META.get('HTTP_AUTHORIZATION', b''),
'user': request.user.username
})
@api_view(['GET', 'POST'])
def session_view(request):
active_session = request.session.get('active_session', False)
request.session['active_session'] = True
return Response({
'active_session': active_session
})
@api_view(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'])
def redirect_view(request):
return redirect('/view/')
class BasicSerializer(serializers.Serializer):
flag = fields.BooleanField(default=lambda: True)
@api_view(['POST'])
def post_view(request):
serializer = BasicSerializer(data=request.data)
serializer.allow_null = ('allow_null' in request.query_params)
serializer.is_valid(raise_exception=True)
return Response(serializer.validated_data)
urlpatterns = [
path('view/', view),
path('session-view/', session_view),
path('redirect-view/', redirect_view),
path('post-view/', post_view)
]
@override_settings(ROOT_URLCONF='tests.test_testing')
class TestAPITestClient(TestCase):
def setUp(self):
self.client = APIClient()
def test_credentials(self):
"""
Setting `.credentials()` adds the required headers to each request.
"""
self.client.credentials(HTTP_AUTHORIZATION='example')
for _ in range(0, 3):
response = self.client.get('/view/')
assert response.data['auth'] == 'example'
def test_force_authenticate(self):
"""
Setting `.force_authenticate()` forcibly authenticates each request.
"""
user = User.objects.create_user('example', 'example@example.com')
self.client.force_authenticate(user)
response = self.client.get('/view/')
assert response.data['user'] == 'example'
def test_force_authenticate_with_sessions(self):
"""
Setting `.force_authenticate()` forcibly authenticates each request.
"""
user = User.objects.create_user('example', 'example@example.com')
self.client.force_authenticate(user)
# First request does not yet have an active session
response = self.client.get('/session-view/')
assert response.data['active_session'] is False
# Subsequent requests have an active session
response = self.client.get('/session-view/')
assert response.data['active_session'] is True
# Force authenticating as `None` should also logout the user session.
self.client.force_authenticate(None)
response = self.client.get('/session-view/')
assert response.data['active_session'] is False
def test_csrf_exempt_by_default(self):
"""
By default, the test client is CSRF exempt.
"""
User.objects.create_user('example', 'example@example.com', 'password')
self.client.login(username='example', password='password')
response = self.client.post('/view/')
assert response.status_code == 200
def test_explicitly_enforce_csrf_checks(self):
"""
The test client can enforce CSRF checks.
"""
client = APIClient(enforce_csrf_checks=True)
User.objects.create_user('example', 'example@example.com', 'password')
client.login(username='example', password='password')
response = client.post('/view/')
expected = {'detail': 'CSRF Failed: CSRF cookie not set.'}
assert response.status_code == 403
assert response.data == expected
def test_can_logout(self):
"""
`logout()` resets stored credentials
"""
self.client.credentials(HTTP_AUTHORIZATION='example')
response = self.client.get('/view/')
assert response.data['auth'] == 'example'
self.client.logout()
response = self.client.get('/view/')
assert response.data['auth'] == b''
def test_logout_resets_force_authenticate(self):
"""
`logout()` resets any `force_authenticate`
"""
user = User.objects.create_user('example', 'example@example.com', 'password')
self.client.force_authenticate(user)
response = self.client.get('/view/')
assert response.data['user'] == 'example'
self.client.logout()
response = self.client.get('/view/')
assert response.data['user'] == ''
def test_follow_redirect(self):
"""
Follow redirect by setting follow argument.
"""
response = self.client.get('/redirect-view/')
assert response.status_code == 302
response = self.client.get('/redirect-view/', follow=True)
assert response.redirect_chain is not None
assert response.status_code == 200
response = self.client.post('/redirect-view/')
assert response.status_code == 302
response = self.client.post('/redirect-view/', follow=True)
assert response.redirect_chain is not None
assert response.status_code == 200
response = self.client.put('/redirect-view/')
assert response.status_code == 302
response = self.client.put('/redirect-view/', follow=True)
assert response.redirect_chain is not None
assert response.status_code == 200
response = self.client.patch('/redirect-view/')
assert response.status_code == 302
response = self.client.patch('/redirect-view/', follow=True)
assert response.redirect_chain is not None
assert response.status_code == 200
response = self.client.delete('/redirect-view/')
assert response.status_code == 302
response = self.client.delete('/redirect-view/', follow=True)
assert response.redirect_chain is not None
assert response.status_code == 200
response = self.client.options('/redirect-view/')
assert response.status_code == 302
response = self.client.options('/redirect-view/', follow=True)
assert response.redirect_chain is not None
assert response.status_code == 200
def test_invalid_multipart_data(self):
"""
MultiPart encoding cannot support nested data, so raise a helpful
error if the user attempts to do so.
"""
self.assertRaises(
AssertionError, self.client.post,
path='/view/', data={'valid': 123, 'invalid': {'a': 123}}
)
def test_missing_post_payload_causes_400(self):
response = self.client.post(
'/post-view/',
data=None,
content_type='application/json'
)
assert response.status_code == 400
assert response.data['non_field_errors'] == ['No data provided']
def test_missing_post_payload_allow_null_causes_200(self):
response = self.client.post(
'/post-view/?allow_null=1',
data=None,
content_type='application/json'
)
assert response.status_code == 200
assert response.data is None
@override_settings(REST_FRAMEWORK={'DEFAULT_MISSING_DATA': {}})
def test_missing_post_payload_coerced_dict_uses_default_boolean_value(self):
response = self.client.post(
'/post-view/',
data=None,
content_type='application/json'
)
assert response.status_code == 200
assert response.data == {"flag": True}
class TestAPIRequestFactory(TestCase):
def test_csrf_exempt_by_default(self):
"""
By default, the test client is CSRF exempt.
"""
user = User.objects.create_user('example', 'example@example.com', 'password')
factory = APIRequestFactory()
request = factory.post('/view/')
request.user = user
response = view(request)
assert response.status_code == 200
def test_explicitly_enforce_csrf_checks(self):
"""
The test client can enforce CSRF checks.
"""
user = User.objects.create_user('example', 'example@example.com', 'password')
factory = APIRequestFactory(enforce_csrf_checks=True)
request = factory.post('/view/')
request.user = user
response = view(request)
expected = {'detail': 'CSRF Failed: CSRF cookie not set.'}
assert response.status_code == 403
assert response.data == expected
def test_invalid_format(self):
"""
Attempting to use a format that is not configured will raise an
assertion error.
"""
factory = APIRequestFactory()
self.assertRaises(
AssertionError, factory.post,
path='/view/', data={'example': 1}, format='xml'
)
def test_force_authenticate(self):
"""
Setting `force_authenticate()` forcibly authenticates the request.
"""
user = User.objects.create_user('example', 'example@example.com')
factory = APIRequestFactory()
request = factory.get('/view')
force_authenticate(request, user=user)
response = view(request)
assert response.data['user'] == 'example'
def test_upload_file(self):
# This is a 1x1 black png
simple_png = BytesIO(b'\x89PNG\r\n\x1a\n\x00\x00\x00\rIHDR\x00\x00\x00\x01\x00\x00\x00\x01\x08\x06\x00\x00\x00\x1f\x15\xc4\x89\x00\x00\x00\rIDATx\x9cc````\x00\x00\x00\x05\x00\x01\xa5\xf6E@\x00\x00\x00\x00IEND\xaeB`\x82')
simple_png.name = 'test.png'
factory = APIRequestFactory()
factory.post('/', data={'image': simple_png})
def test_request_factory_url_arguments(self):
"""
This is a non regression test against #1461
"""
factory = APIRequestFactory()
request = factory.get('/view/?demo=test')
assert dict(request.GET) == {'demo': ['test']}
request = factory.get('/view/', {'demo': 'test'})
assert dict(request.GET) == {'demo': ['test']}
def test_request_factory_url_arguments_with_unicode(self):
factory = APIRequestFactory()
request = factory.get('/view/?demo=testé')
assert dict(request.GET) == {'demo': ['testé']}
request = factory.get('/view/', {'demo': 'testé'})
assert dict(request.GET) == {'demo': ['testé']}
def test_empty_request_content_type(self):
factory = APIRequestFactory()
request = factory.post(
'/post-view/',
data=None,
content_type='application/json',
)
assert request.META['CONTENT_TYPE'] == 'application/json'
class TestUrlPatternTestCase(URLPatternsTestCase):
urlpatterns = [
path('', view),
]
@classmethod
def setUpClass(cls):
assert urlpatterns is not cls.urlpatterns
super().setUpClass()
assert urlpatterns is cls.urlpatterns
@classmethod
def tearDownClass(cls):
assert urlpatterns is cls.urlpatterns
super().tearDownClass()
assert urlpatterns is not cls.urlpatterns
def test_urlpatterns(self):
assert self.client.get('/').status_code == 200
class TestExistingPatterns(TestCase):
def test_urlpatterns(self):
# sanity test to ensure that this test module does not have a '/' route
assert self.client.get('/').status_code == 404