def test_check_active_false(self):
auth = Authentication(require_active=False)
user = User.objects.get(username='******')
self.assertTrue(auth.check_active(user))
auth = Authentication(require_active=False)
user = User.objects.get(username='******')
self.assertTrue(auth.check_active(user))
def test_get_identifier(self):
auth = Authentication()
request = HttpRequest()
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
request = HttpRequest()
request.META['REMOTE_ADDR'] = '127.0.0.1'
request.META['REMOTE_HOST'] = 'nebula.local'
self.assertEqual(auth.get_identifier(request), '127.0.0.1_nebula.local')
def test_get_identifier(self):
auth = Authentication()
request = HttpRequest()
self.assertEqual(auth.get_identifier(request), "noaddr_nohost")
request = HttpRequest()
request.META["REMOTE_ADDR"] = "127.0.0.1"
request.META["REMOTE_HOST"] = "nebula.local"
self.assertEqual(auth.get_identifier(request), "127.0.0.1_nebula.local")
class Meta:
queryset = Connection.objects.all()
allowed_methods = ['get', 'post', 'patch', 'put']
authentication = Authentication()
authorization = Authorization()
validation = ConnectionValidation()
filtering = {
'status': ALL,
}
class Meta:
queryset = Tag.objects.all()
resource_name = 'tags'
authentication = Authentication()
authorization = Authorization()
list_allowed_methods = ['get'] # you can only retrieve the list
# you can retrieve and modify each item
detail_allowed_methods = ['get', 'put', 'patch', 'delete']
always_return_data = False
class Meta:
queryset = Comment.objects.all()
resource_name = 'comment'
list_allowed_methods = ['get', 'post'
] # you can retrieve all items and add item
detail_allowed_methods = ['get', 'put', 'patch', 'delete'
] # you can retrieve and modify each item
authentication = Authentication()
authorization = Authorization()
class Meta:
queryset = Area.objects.all()
resource_name = 'area'
allowed_methods = ['get']
excludes = ['shape', 'layout']
filtering = {
'parent': ['exact'],
}
authentication = Authentication()
class Meta:
queryset = UserProfile.objects.all()
resource_name = 'user'
detail_allowed_methods = ["get", "put"]
list_allowed_methods = ["get"]
#fields = ['first_name']
excludes = ["id", "timestamp", "is_anonymous"]
authentication = Authentication()
authorization = UserAuthorization()
class Meta:
queryset = GeoLevel.objects.all()
resource_name = 'geolevels'
allowed_methods = ['get']
# Allow open access to this resource for now since it's read-only
authentication = Authentication()
authorization = ReadOnlyAuthorization()
fields = ['id', 'name', 'parent_id']
filtering = {'id': ('exact', ), 'name': ALL}
class Meta:
object_class = User
resource_name = 'register'
fields = ['username', 'email']
#allowed_methods = ['post']
include_resource_uri = False
authentication = Authentication()
authorization = Authorization()
queryset = User.objects.all()
class Meta:
queryset = Comment.objects.all()
# detail_uri_name = 'text'
authorization = Authorization()
authentication = Authentication()
filtering = {
'text': ALL_WITH_RELATIONS,
}
class Meta:
detail_uri_name = 'slug'
queryset = Survey.objects.all()
always_return_data = True
authorization = StaffUserOnlyAuthorization()
authentication = Authentication()
filtering = {
'slug': ['exact']
}
class Meta:
queryset = Question.objects.all()
always_return_data = True
authorization = StaffUserOnlyAuthorization()
authentication = Authentication()
filtering = {
'slug': ALL,
'surveys': ALL_WITH_RELATIONS
}
class Meta:
queryset = User.objects.all()
excludes = ["password", "is_superuser"]
allowed_methods = ["get", "post"]
resource_name = "authentication"
authentication = Authentication()
authorization = Authorization()
always_return_data = True
validation = UserProfileValidation()
class Meta:
resource_name = 'test'
indices = [getattr(settings, "ES_INDEX_NAME", "test")]
doc_type = "test"
authentication = Authentication()
authorization = DjangoAuthorization()
class Meta:
queryset = User.objects.all()
resource_name = 'username'
allowed_methods = ['post']
fields = []
authentication = Authentication()
authorization = Authorization()
always_return_data = True
include_resource_uri = False
class Meta:
queryset = News.objects.all()
include_resource_uri = False
list_allowed_methods = ['get']
resource_name = 'news'
collection_name = 'news'
excludes = ['published_by']
authentication = Authentication()
authorization = Authorization()
class Meta:
queryset = EventMetricOutcome.objects.all()
resource_name = 'event_metrics_outcome'
authentication = Authentication()
authorization = ReadOnlyAuthorization()
include_resource_uri = False
include_absolute_url = False
allowed_methods = ['get']
fields = ['metric', 'expected_outcome', 'outcome']
def __init__(self, *backends, **kwargs):
super(MultiAuthentication, self).__init__(**kwargs)
if API_OAUTH_ENABLED:
backends = backends + (OAuthAuthentication(), )
# AllowAll is added last to the list, as it is possible
# that the user may have been authenticated by previous backends
if API_ALLOW_ALL:
backends = backends + (Authentication(), )
self.backends = backends
class Meta:
queryset = CourseModule.objects.all()
resource_name = 'coursemodule'
excludes = []
# In the first version GET (read only) requests are
# allowed and no authentication is required
allowed_methods = ['get']
authentication = Authentication()
authorization = ReadOnlyAuthorization()
class Meta:
queryset = Entity.objects.active()
include_resource_uri = False
list_allowed_methods = ['get']
resource_name = 'simple_entity'
collection_name = 'simple_entity'
fields = ['id', 'name', 'address', 'logo']
authentication = Authentication()
authorization = Authorization()
class Meta:
allowed_methods = ['post']
object_class = User
# No authentication for create user, or authorization. Anyone can create.
authentication = Authentication()
authorization = Authorization()
fields = ['username', 'email']
resource_name = "createuser"
always_return_data = True
throttle = default_throttling()
class Meta(GenericMeta):
queryset = Project.objects.all()
resource_name = 'project'
authentication = MultiAuthentication(
OAuth20Authentication(),
SessionAuthentication(),
Authentication(),
)
authorization = ProjectAuthorization()
validation = ProjectValidation()
class Meta:
queryset = Gallery.objects.all()
include_resource_uri = False
list_allowed_methods = ['get']
resource_name = 'gallery'
collection_name = 'galleries'
excludes = ['title', 'id']
authentication = Authentication()
authorization = Authorization()
class Meta:
list_allowed_methods = ['put']
authentication = Authentication()
authorization = LoggedInAuthorization()
# Custom meta attributes
parent_resource = StoryResource
delayed_authorization_methods = ['put_list']
related_id_name = 'pk'
related_queryset = None
class Meta:
resource_name = 'user_core'
queryset = User.objects.all()
excludes = ['password', 'date_joined', 'is_active', 'is_staff', 'last_login', 'first_name', 'last_name']
filtering = {
'username': ('exact', ),
}
authentication = Authentication()
authorization = Authorization()
class Meta:
resource_name = 'feedevent'
queryset = FeedEvent.objects.all()
list_allowed_methods = ['get', 'post']
detail_allowed_methods = ['get', 'delete']
filtering = {
'inbox': ALL_WITH_RELATIONS,
}
authentication = Authentication()
authorization = Authorization()
class Meta:
queryset = Course.objects.all()
resource_name = 'course'
excludes = []
# TODO: In this version, only GET requests are accepted and no
# permissions are checked.
allowed_methods = ['get']
authentication = Authentication()
authorization = ReadOnlyAuthorization()
class Meta:
queryset = Speaker.objects.all()
resource_name = 'speaker'
excludes = []
allowed_methods = ['get']
authentication = Authentication()
authorization = ReadOnlyAuthorization()
filtering = {
'name': ALL,
}
class Meta:
queryset = BaseExercise.objects.all()
resource_name = 'exercise'
excludes = ['allow_assistant_grading', 'description', 'content']
# In the first version GET (read only) requests are
# allowed and no authentication is required
allowed_methods = ['get']
authentication = Authentication()
authorization = ReadOnlyAuthorization()
class Meta:
queryset = City.objects.all()
include_resource_uri = False
list_allowed_methods = ['get']
resource_name = 'cities'
collection_name = 'cities'
excludes = []
authentication = Authentication()
authorization = Authorization()
class Meta:
queryset = LearningObject.objects.all()
resource_name = 'learning_object'
excludes = []
# In the first version GET (read only) requests are
# allowed and no authentication is required
allowed_methods = ['get']
authentication = Authentication()
authorization = ReadOnlyAuthorization()
class Meta:
queryset = FunctionalArea.active_objects.all()
resource_name = 'functionalareas'
authentication = Authentication()
authorization = ReadOnlyAuthorization()
include_resource_uri = False
include_absolute_url = False
allowed_methods = ['get']
fields = ['name']
filtering = {'name': ALL}
def test_check_active_true(self):
auth = Authentication(require_active=True)
user = User.objects.get(username="******")
self.assertTrue(auth.check_active(user))
auth = Authentication(require_active=True)
user = User.objects.get(username="******")
self.assertFalse(auth.check_active(user))
# Check the default.
auth = Authentication()
user = User.objects.get(username="******")
self.assertFalse(auth.check_active(user))
def get_identifier(self, request):
if request.method == 'POST':
return Authentication.get_identifier(self, request)
return super(PostFreeSessionAuthentication, self).get_identifier(request)
def test_is_authenticated(self):
auth = Authentication()
request = HttpRequest()
# Doesn't matter. Always true.
self.assertTrue(auth.is_authenticated(None))
self.assertTrue(auth.is_authenticated(request))