def setUp(self):
self.api_name = 'foo'
self.auth = authentication.OAuthAuthentication()
self.profile = UserProfile.objects.get(pk=2519)
self.profile.update(read_dev_agreement=datetime.today())
self.access = Access.objects.create(key='test_oauth_key',
secret=generate(),
user=self.profile.user)
def test_bad_access_token(self):
url = absolutify(reverse('app-list'))
Token.generate_new(ACCESS_TOKEN, creds=self.access, user=self.user2)
url, auth_header = self._oauth_request_info(
url, client_key=self.access.key,
client_secret=self.access.secret, resource_owner_key=generate(),
resource_owner_secret=generate())
auth = authentication.OAuthAuthentication()
req = RequestFactory().get(
url, HTTP_HOST='testserver',
HTTP_AUTHORIZATION=auth_header)
eq_(auth.is_authenticated(req).status_code, 401)
def test_multiple_fails(self):
client = OAuthClient(Mock(key='foo', secret='bar'))
req = RequestFactory().get('/',
HTTP_HOST='api',
HTTP_AUTHORIZATION=client.header(
'GET', 'http://foo/'))
req.user = AnonymousUser()
next_auth = Mock()
self.resource._meta.authentication = (
# OAuth fails because there are bogus auth headers.
authentication.OAuthAuthentication(),
next_auth)
with self.assertRaises(ImmediateHttpResponse):
eq_(self.resource.is_authenticated(req), None)
# This never even got called.
ok_(not next_auth.is_authenticated.called)
def test_use_access_token(self):
url = get_absolute_url(('api_dispatch_list', {'resource_name': 'app'}))
t = Token.generate_new(ACCESS_TOKEN,
creds=self.access,
user=self.user2)
url, auth_header = self._oauth_request_info(
url,
client_key=self.access.key,
client_secret=self.access.secret,
resource_owner_key=t.key,
resource_owner_secret=t.secret)
auth = authentication.OAuthAuthentication()
req = RequestFactory().get(url,
HTTP_HOST='testserver',
HTTP_AUTHORIZATION=auth_header)
assert auth.is_authenticated(req)
eq_(req.user, self.user2)
