def test_check_active_true(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
self.user.is_active = False
self.user.save()
request.META['HTTP_AUTHORIZATION'] = 'ApiKey {0}:{1}'.format(self.user.username, self.user.api_key.key)
self.assertFalse(auth.is_authenticated(request))
def test_is_authenticated_header(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Wrong username details.
request.META['HTTP_AUTHORIZATION'] = 'foo'
self.assertFalse(auth.is_authenticated(request))
# No api_key.
request.META['HTTP_AUTHORIZATION'] = 'ApiKey {0}'.format(self.user.username)
self.assertFalse(auth.is_authenticated(request))
# Wrong user/api_key.
request.META['HTTP_AUTHORIZATION'] = 'ApiKey {0}:pass'.format(self.user.username)
self.assertFalse(auth.is_authenticated(request))
# Correct user/api_key.
request.META['HTTP_AUTHORIZATION'] = 'ApiKey {0}:{1}'.format(self.user.username, self.user.api_key.key)
self.assertTrue(auth.is_authenticated(request))
# Capitalization shouldn't matter.
request.META['HTTP_AUTHORIZATION'] = request.META['HTTP_AUTHORIZATION'].replace('ApiKey', 'aPikEy')
self.assertTrue(auth.is_authenticated(request))
def test_is_authenticated_get_params(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# No username/api_key details should fail.
self.assertFalse(auth.is_authenticated(request))
# Wrong username details.
request.GET['username'] = '******'
self.assertFalse(auth.is_authenticated(request))
# No api_key.
request.GET['username'] = self.user.username
self.assertFalse(auth.is_authenticated(request))
# Wrong user/api_key.
request.GET['username'] = self.user.username
request.GET['api_key'] = 'foo'
self.assertFalse(auth.is_authenticated(request))
# Correct user/api_key.
request.GET['username'] = self.user.username
request.GET['api_key'] = self.user.api_key.key
self.assertTrue(auth.is_authenticated(request))