def test_csrf_exempt_by_default(self): """ By default, the test client is CSRF exempt. """ user = User.objects.create_user('example', '*****@*****.**', 'password') factory = APIRequestFactory() request = factory.post('/view/') request.user = user response = view(request) self.assertEqual(response.status_code, 200)
def test_explicitly_enforce_csrf_checks(self): """ The test client can enforce CSRF checks. """ user = User.objects.create_user('example', '*****@*****.**', 'password') factory = APIRequestFactory(enforce_csrf_checks=True) request = factory.post('/view/') request.user = user response = view(request) expected = {'detail': 'CSRF Failed: CSRF cookie not set.'} self.assertEqual(response.status_code, 403) self.assertEqual(response.data, expected)
class DecoratorTestCase(TestCase): def setUp(self): self.factory = APIRequestFactory() def _finalize_response(self, request, response, *args, **kwargs): response.request = request return APIView.finalize_response(self, request, response, *args, **kwargs) def test_api_view_incorrect(self): """ If @api_view is not applied correct, we should raise an assertion. """ @api_view def view(request): return Response() request = self.factory.get('/') self.assertRaises(AssertionError, view, request) def test_api_view_incorrect_arguments(self): """ If @api_view is missing arguments, we should raise an assertion. """ with self.assertRaises(AssertionError): @api_view('GET') def view(request): return Response() def test_calling_method(self): @api_view(['GET']) def view(request): return Response({}) request = self.factory.get('/') response = view(request) self.assertEqual(response.status_code, status.HTTP_200_OK) request = self.factory.post('/') response = view(request) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) def test_calling_put_method(self): @api_view(['GET', 'PUT']) def view(request): return Response({}) request = self.factory.put('/') response = view(request) self.assertEqual(response.status_code, status.HTTP_200_OK) request = self.factory.post('/') response = view(request) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) def test_calling_patch_method(self): @api_view(['GET', 'PATCH']) def view(request): return Response({}) request = self.factory.patch('/') response = view(request) self.assertEqual(response.status_code, status.HTTP_200_OK) request = self.factory.post('/') response = view(request) self.assertEqual(response.status_code, status.HTTP_405_METHOD_NOT_ALLOWED) def test_renderer_classes(self): @api_view(['GET']) @renderer_classes([JSONRenderer]) def view(request): return Response({}) request = self.factory.get('/') response = view(request) self.assertTrue(isinstance(response.accepted_renderer, JSONRenderer)) def test_parser_classes(self): @api_view(['GET']) @parser_classes([JSONParser]) def view(request): self.assertEqual(len(request.parsers), 1) self.assertTrue(isinstance(request.parsers[0], JSONParser)) return Response({}) request = self.factory.get('/') view(request) def test_authentication_classes(self): @api_view(['GET']) @authentication_classes([BasicAuthentication]) def view(request): self.assertEqual(len(request.authenticators), 1) self.assertTrue(isinstance(request.authenticators[0], BasicAuthentication)) return Response({}) request = self.factory.get('/') view(request) def test_permission_classes(self): @api_view(['GET']) @permission_classes([IsAuthenticated]) def view(request): return Response({}) request = self.factory.get('/') response = view(request) self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) def test_throttle_classes(self): class OncePerDayUserThrottle(UserRateThrottle): rate = '1/day' @api_view(['GET']) @throttle_classes([OncePerDayUserThrottle]) def view(request): return Response({}) request = self.factory.get('/') response = view(request) self.assertEqual(response.status_code, status.HTTP_200_OK) response = view(request) self.assertEqual(response.status_code, status.HTTP_429_TOO_MANY_REQUESTS)
def test_upload_file(self): # This is a 1x1 black png simple_png = BytesIO(b'\x89PNG\r\n\x1a\n\x00\x00\x00\rIHDR\x00\x00\x00\x01\x00\x00\x00\x01\x08\x06\x00\x00\x00\x1f\x15\xc4\x89\x00\x00\x00\rIDATx\x9cc````\x00\x00\x00\x05\x00\x01\xa5\xf6E@\x00\x00\x00\x00IEND\xaeB`\x82') simple_png.name = 'test.png' factory = APIRequestFactory() factory.post('/', data={'image': simple_png})