def test_unauthenticated_request_allow_anonymous2(self):
"""
Test requests to the login page or pages with LOGIN_EXEMPT_URLS don't
redirect.
"""
request = self._get_request("/accounts/login/")
request.user = AnonymousUser()
response = AuthenticationMiddleware().process_request(request)
self.assertEqual(response, None)
with self.settings(LOGIN_EXEMPT_URLS=('test/url/', )):
request = self._get_request("test/url/")
request.user = AnonymousUser()
response = AuthenticationMiddleware().process_request(request)
self.assertEqual(response, None)
def test_preflight_response_with_origin_header(self):
request = self._get_request("/")
request.META['HTTP_ORIGIN'] = "www.example.com"
response = HttpResponse()
result = AuthenticationMiddleware().process_response(request, response)
self.assertEqual(result['Access-Control-Allow-Origin'],
"www.example.com")
def test_preflight_response_with_access_control_headers(self):
"""
Test setting HTTP_ACCESS_CONTROL_REQUEST_HEADERS.
"""
request = self._get_request("/")
request.META['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'] = 'TEST-HEADER'
response = HttpResponse()
result = AuthenticationMiddleware().process_response(request, response)
self.assertEqual(result['Access-Control-Allow-Headers'], 'TEST-HEADER')
def test_unauthenticated_request(self):
"""
Test that a request by an anonymous user redirects the user to the
login page.
"""
request = self._get_request("/")
request.user = AnonymousUser()
response = AuthenticationMiddleware().process_request(request)
self.assertEqual(response.status_code, 302)
self.assertEqual(response['Location'], '/accounts/login/')
def test_authenticated_request(self):
"""
Test that making a request with an authenticated user results in some
extra attributes being attached to the request.
"""
request = self._get_request("/")
request.user = User.objects.get(pk=1)
self.assertEqual(AuthenticationMiddleware().process_request(request),
None)
self.assertTrue(hasattr(request, "SITE_NAME"))
self.assertTrue(hasattr(request, "footer"))
def test_unauthenticated_request_allow_anonymous(self):
"""
Test that setting ALLOW_ANONYMOUS_ACCESS doesn't redirect the
request like it would if it was False.
"""
settings.ALLOW_ANONYMOUS_ACCESS = True
request = self._get_request("/")
request.user = AnonymousUser()
self.assertEqual(AuthenticationMiddleware().process_request(request),
None)
self.assertTrue(hasattr(request, "SITE_NAME"))
self.assertTrue(hasattr(request, "footer"))
def test_token_request_invalid(self):
"""
Try making a request with an expired `Token` and check that it gets
deleted.
"""
user = User.objects.get(pk=1)
link = ApplicationLink.objects.get(pk=1)
token = Token.objects.create(secret='sesame', user=user, link=link)
token.modified = token.modified - timedelta(seconds=token.timeout)
token.save()
request = self._get_request("/")
request.GET['access_token'] = token.secret
request.user = user
self.assertEqual(AuthenticationMiddleware().process_request(request),
None)
self.assertEqual(Token.objects.count(), 0)
def test_token_request_anonymous_get(self):
"""
Test that making a request with an access token logs the token's user
into the site and updates the token's modified time.
"""
user = User.objects.get(pk=1)
link = ApplicationLink.objects.get(pk=1)
token = Token.objects.create(secret='sesame', user=user, link=link)
modified = token.modified
request = self._get_request("/")
request.GET['access_token'] = token.secret
request.user = AnonymousUser()
self.assertEqual(AuthenticationMiddleware().process_request(request),
None)
self.assertEqual(request.user, user)
token = Token.objects.get(secret='sesame')
self.assertNotEqual(token.modified, modified)
def test_token_request_anonymous_headers(self):
"""
Try setting HTTP header `HTTP_ACCESS_TOKEN` in a request with an
anonymous user and check that it logs in the token's user.
"""
user = User.objects.get(pk=1)
link = ApplicationLink.objects.get(pk=1)
token = Token.objects.create(secret='sesame', user=user, link=link)
modified = token.modified
request = self._get_request("/")
request.META['HTTP_ACCESS_TOKEN'] = token.secret
request.user = AnonymousUser()
self.assertEqual(AuthenticationMiddleware().process_request(request),
None)
self.assertEqual(request.user, user)
token = Token.objects.get(secret='sesame')
self.assertNotEqual(token.modified, modified)