class Meta: queryset = User.objects.all() resource_name = 'users' excludes = [ 'email', 'password', 'is_active', 'is_staff', 'is_superuser' ] authentication = OAuthAuthentication() authorization = DjangoAuthorization()
def test_check_active_true(self): auth = OAuthAuthentication() # No username/api_key details should fail. self.request.REQUEST = self.request.GET = { 'oauth_consumer_key': '123', 'oauth_nonce': 'abc', 'oauth_signature': '&', 'oauth_signature_method': 'PLAINTEXT', 'oauth_timestamp': str(int(time.time())), 'oauth_token': 'bar', } self.request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in self.request.REQUEST.items()]) resp = auth.is_authenticated(self.request) self.assertFalse(resp)
def test_is_authenticated(self): from oauth_provider.models import Consumer, Token, Resource auth = OAuthAuthentication() request = HttpRequest() request.META['SERVER_NAME'] = 'testsuite' request.META['SERVER_PORT'] = '8080' request.REQUEST = request.GET = {} request.method = "GET" # Invalid request. resp = auth.is_authenticated(request) self.assertEqual(resp.status_code, 401) # No username/api_key details should fail. request.REQUEST = request.GET = { 'oauth_consumer_key': '123', 'oauth_nonce': 'abc', 'oauth_signature': '&', 'oauth_signature_method': 'PLAINTEXT', 'oauth_timestamp': str(int(time.time())), 'oauth_token': 'foo', } user = User.objects.create_user('daniel', '*****@*****.**', 'password') request.META['Authorization'] = 'OAuth ' + ','.join( [key + '=' + value for key, value in request.REQUEST.items()]) resource, _ = Resource.objects.get_or_create( url='test', defaults={'name': 'Test Resource'}) consumer, _ = Consumer.objects.get_or_create(key='123', defaults={ 'name': 'Test', 'description': 'Testing...' }) token, _ = Token.objects.get_or_create(key='foo', token_type=Token.ACCESS, defaults={ 'consumer': consumer, 'resource': resource, 'secret': '', 'user': user, }) resp = auth.is_authenticated(request) self.assertEqual(resp, True) self.assertEqual(request.user.pk, user.pk)
def test_is_authenticated(self): auth = OAuthAuthentication() # Invalid request. resp = auth.is_authenticated(self.request) self.assertEqual(resp.status_code, 401) # No username/api_key details should fail. self.request.REQUEST = self.request.GET = { 'oauth_consumer_key': '123', 'oauth_nonce': 'abc', 'oauth_signature': '&', 'oauth_signature_method': 'PLAINTEXT', 'oauth_timestamp': str(int(time.time())), 'oauth_token': 'foo', } self.request.META['Authorization'] = 'OAuth ' + ','.join([key+'='+value for key, value in self.request.REQUEST.items()]) resp = auth.is_authenticated(self.request) self.assertEqual(resp, True) self.assertEqual(self.request.user.pk, self.user.pk)
class Meta: queryset = Submission.objects.all() resource_name = 'submission' excludes = ['feedback'] allowed_methods = ['get'] include_absolute_url = True # Rules that enable filtering based on exercise, grader, submitter and grade. filtering = { "exercise": ('exact',), "grader": ('exact',), "submitters": ('exact',), "grade": ALL, "id": ALL } # In this version only superusers are allowed to access # submissions after being authenticated with OAuth authentication = OAuthAuthentication() authorization = SuperuserAuthorization()
class Meta: queryset = Task.objects.all() resource_name = 'tasks' authentication = OAuthAuthentication() authorization = DjangoAuthorization()