django-rest-framework/tests/test_middleware.py
Bruno Alla 2ede857de0
Add official support for Django 5.1 (#9514)
* Add official support for Django 5.1

Following the supported Python versions:

https://docs.djangoproject.com/en/stable/faq/install/

* Add tests to cover compat with Django's 5.1 LoginRequiredMiddleware

* First pass to create DRF's LoginRequiredMiddleware

* Attempt to fix the tests

* Revert custom middleware implementation

* Disable LoginRequiredMiddleware on DRF views

* Document how to integrate DRF with LoginRequiredMiddleware

* Move login required tests under a separate test case

* Revert redundant change

* Disable LoginRequiredMiddleware on ViewSets

* Add some integrations tests to cover various view types
2024-09-07 17:21:18 +06:00

149 lines
4.7 KiB
Python

import unittest
import django
from django.contrib.auth.models import User
from django.http import HttpRequest
from django.test import override_settings
from django.urls import include, path
from rest_framework import status
from rest_framework.authentication import TokenAuthentication
from rest_framework.authtoken.models import Token
from rest_framework.decorators import action, api_view
from rest_framework.request import is_form_media_type
from rest_framework.response import Response
from rest_framework.routers import SimpleRouter
from rest_framework.test import APITestCase
from rest_framework.views import APIView
from rest_framework.viewsets import GenericViewSet
class PostView(APIView):
def post(self, request):
return Response(data=request.data, status=200)
class GetAPIView(APIView):
def get(self, request):
return Response(data="OK", status=200)
@api_view(['GET'])
def get_func_view(request):
return Response(data="OK", status=200)
class ListViewSet(GenericViewSet):
def list(self, request, *args, **kwargs):
response = Response()
response.view = self
return response
@action(detail=False, url_path='list-action')
def list_action(self, request, *args, **kwargs):
response = Response()
response.view = self
return response
router = SimpleRouter()
router.register(r'view-set', ListViewSet, basename='view_set')
urlpatterns = [
path('auth', APIView.as_view(authentication_classes=(TokenAuthentication,))),
path('post', PostView.as_view()),
path('get', GetAPIView.as_view()),
path('get-func', get_func_view),
path('api/', include(router.urls)),
]
class RequestUserMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
assert hasattr(request, 'user'), '`user` is not set on request'
assert request.user.is_authenticated, '`user` is not authenticated'
return response
class RequestPOSTMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
assert isinstance(request, HttpRequest)
# Parse body with underlying Django request
request.body
# Process request with DRF view
response = self.get_response(request)
# Ensure request.POST is set as appropriate
if is_form_media_type(request.content_type):
assert request.POST == {'foo': ['bar']}
else:
assert request.POST == {}
return response
@override_settings(ROOT_URLCONF='tests.test_middleware')
class TestMiddleware(APITestCase):
@override_settings(MIDDLEWARE=('tests.test_middleware.RequestUserMiddleware',))
def test_middleware_can_access_user_when_processing_response(self):
user = User.objects.create_user('john', 'john@example.com', 'password')
key = 'abcd1234'
Token.objects.create(key=key, user=user)
self.client.get('/auth', HTTP_AUTHORIZATION='Token %s' % key)
@override_settings(MIDDLEWARE=('tests.test_middleware.RequestPOSTMiddleware',))
def test_middleware_can_access_request_post_when_processing_response(self):
response = self.client.post('/post', {'foo': 'bar'})
assert response.status_code == 200
response = self.client.post('/post', {'foo': 'bar'}, format='json')
assert response.status_code == 200
@unittest.skipUnless(django.VERSION >= (5, 1), 'Only for Django 5.1+')
@override_settings(
ROOT_URLCONF='tests.test_middleware',
MIDDLEWARE=(
# Needed for AuthenticationMiddleware
'django.contrib.sessions.middleware.SessionMiddleware',
# Needed for LoginRequiredMiddleware
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.LoginRequiredMiddleware',
),
)
class TestLoginRequiredMiddlewareCompat(APITestCase):
"""
Django's 5.1+ LoginRequiredMiddleware should NOT apply to DRF views.
Instead, users should put IsAuthenticated in their
DEFAULT_PERMISSION_CLASSES setting.
"""
def test_class_based_view(self):
response = self.client.get('/get')
assert response.status_code == status.HTTP_200_OK
def test_function_based_view(self):
response = self.client.get('/get-func')
assert response.status_code == status.HTTP_200_OK
def test_viewset_list(self):
response = self.client.get('/api/view-set/')
assert response.status_code == status.HTTP_200_OK
def test_viewset_list_action(self):
response = self.client.get('/api/view-set/list-action/')
assert response.status_code == status.HTTP_200_OK