def test_multiple_shared_works(self):
request = RequestFactory().post(
'/api',
HTTP_AUTHORIZATION='mkt-shared-secret '
'[email protected],56b6f1a3dd735d962c56'
'ce7d8f46e02ec1d4748d2c00c407d75f0969d08bb'
'9c68c31b3371aa8130317815c89e5072e31bb94b4'
'121c5c165f3515838d4d6c60c4,165d631d3c3045'
'458b4516242dad7ae')
drf_request = Request(request)
# Start with an AnonymousUser on the request, because that's a classic
# situation: we already went through a middleware, it didn't find a
# session cookie, if set request.user = AnonymousUser(), and now we
# are going through the authentication code in the API.
request.user = AnonymousUser()
# Call middleware as they would normally be called.
RedirectPrefixedURIMiddleware().process_request(request)
RestSharedSecretMiddleware().process_request(request)
RestOAuthMiddleware().process_request(request)
drf_request.authenticators = (
authentication.RestSharedSecretAuthentication(),
authentication.RestOAuthAuthentication())
eq_(drf_request.user, self.profile.user)
eq_(drf_request._request.user, self.profile.user)
eq_(drf_request.user.is_authenticated(), True)
eq_(drf_request._request.user.is_authenticated(), True)
eq_(drf_request.amo_user.pk, self.profile.pk)
eq_(drf_request._request.amo_user.pk, self.profile.pk)
def setUp(self):
self.api_name = 'foo'
self.profile = UserProfile.objects.get(pk=2519)
self.profile.update(read_dev_agreement=datetime.today())
self.access = Access.objects.create(key='test_oauth_key',
secret=generate(),
user=self.profile.user)
self.auth = authentication.RestOAuthAuthentication()
unpin_this_thread()
def test_multiple_fail(self):
request = RequestFactory().post('/api')
drf_request = Request(request)
request.user = AnonymousUser()
drf_request.authenticators = (
authentication.RestSharedSecretAuthentication(),
authentication.RestOAuthAuthentication())
eq_(drf_request.user.is_authenticated(), False)
eq_(drf_request._request.user.is_authenticated(), False)
def setUp(self):
self.api_name = 'foo'
self.profile = UserProfile.objects.get(pk=2519)
self.profile.update(read_dev_agreement=datetime.today())
self.access = Access.objects.create(key='test_oauth_key',
secret='super secret',
user=self.profile)
self.auth = authentication.RestOAuthAuthentication()
self.middlewares = [APIBaseMiddleware, RestOAuthMiddleware]
unpin_this_thread()
def test_bad_access_token(self):
url = absolutify(reverse('app-list'))
Token.generate_new(ACCESS_TOKEN, creds=self.access, user=self.user2)
url, auth_header = self._oauth_request_info(
url, client_key=self.access.key,
client_secret=self.access.secret, resource_owner_key=generate(),
resource_owner_secret=generate())
auth = authentication.RestOAuthAuthentication()
req = RequestFactory().get(
url, HTTP_HOST='testserver',
HTTP_AUTHORIZATION=auth_header)
req.API = True
RestOAuthMiddleware().process_request(req)
assert not auth.authenticate(Request(req))
def test_fail(self):
url = absolutify(reverse('app-list'))
url, auth_header = self._oauth_request_info(url,
client_key=self.access.key,
client_secret="none")
auth = authentication.RestOAuthAuthentication()
req = RequestFactory().get(url,
HTTP_HOST='testserver',
HTTP_AUTHORIZATION=auth_header)
req.API = True
req.user = AnonymousUser()
RestOAuthMiddleware().process_request(req)
ok_(not auth.authenticate(Request(req)))
ok_(not req.user.is_authenticated())
def test_use_access_token(self):
url = absolutify(reverse('app-list'))
t = Token.generate_new(ACCESS_TOKEN,
creds=self.access,
user=self.user2)
url, auth_header = self._oauth_request_info(
url,
client_key=self.access.key,
client_secret=self.access.secret,
resource_owner_key=t.key,
resource_owner_secret=t.secret)
auth = authentication.RestOAuthAuthentication()
req = RequestFactory().get(url,
HTTP_HOST='testserver',
HTTP_AUTHORIZATION=auth_header)
assert auth.is_authenticated(req)
eq_(req.user, self.user2)
def test_use_access_token(self):
url = absolutify(reverse('app-list'))
t = Token.generate_new(ACCESS_TOKEN,
creds=self.access,
user=self.user2)
url, auth_header = self._oauth_request_info(
url,
client_key=self.access.key,
client_secret=self.access.secret,
resource_owner_key=t.key,
resource_owner_secret=t.secret)
auth = authentication.RestOAuthAuthentication()
req = RequestFactory().get(url,
HTTP_HOST='testserver',
HTTP_AUTHORIZATION=auth_header)
req.API = True
req.user = AnonymousUser()
RestOAuthMiddleware().process_request(req)
ok_(auth.authenticate(Request(req)))
ok_(req.user.is_authenticated())
eq_(req.user, self.user2)
def setUp(self):
super(TestRestOAuthAuthentication, self).setUp()
self.auth = authentication.RestOAuthAuthentication()
