Esempio n. 1
0
    def test_multiple_shared_works(self):
        request = RequestFactory().post(
            '/api',
            HTTP_AUTHORIZATION='mkt-shared-secret '
            '[email protected],56b6f1a3dd735d962c56'
            'ce7d8f46e02ec1d4748d2c00c407d75f0969d08bb'
            '9c68c31b3371aa8130317815c89e5072e31bb94b4'
            '121c5c165f3515838d4d6c60c4,165d631d3c3045'
            '458b4516242dad7ae')
        drf_request = Request(request)

        # Start with an AnonymousUser on the request, because that's a classic
        # situation: we already went through a middleware, it didn't find a
        # session cookie, if set request.user = AnonymousUser(), and now we
        # are going through the authentication code in the API.
        request.user = AnonymousUser()

        # Call middleware as they would normally be called.
        RedirectPrefixedURIMiddleware().process_request(request)
        RestSharedSecretMiddleware().process_request(request)
        RestOAuthMiddleware().process_request(request)

        drf_request.authenticators = (
            authentication.RestSharedSecretAuthentication(),
            authentication.RestOAuthAuthentication())

        eq_(drf_request.user, self.profile.user)
        eq_(drf_request._request.user, self.profile.user)
        eq_(drf_request.user.is_authenticated(), True)
        eq_(drf_request._request.user.is_authenticated(), True)
        eq_(drf_request.amo_user.pk, self.profile.pk)
        eq_(drf_request._request.amo_user.pk, self.profile.pk)
Esempio n. 2
0
 def test_bad_access_token(self):
     url = absolutify(reverse('app-list'))
     Token.generate_new(ACCESS_TOKEN, creds=self.access, user=self.user2)
     url, auth_header = self._oauth_request_info(
         url, client_key=self.access.key,
         client_secret=self.access.secret, resource_owner_key=generate(),
         resource_owner_secret=generate())
     auth = authentication.RestOAuthAuthentication()
     req = RequestFactory().get(
         url, HTTP_HOST='testserver',
         HTTP_AUTHORIZATION=auth_header)
     req.API = True
     RestOAuthMiddleware().process_request(req)
     assert not auth.authenticate(Request(req))
Esempio n. 3
0
 def test_fail(self):
     url = absolutify(reverse('app-list'))
     url, auth_header = self._oauth_request_info(url,
                                                 client_key=self.access.key,
                                                 client_secret="none")
     auth = authentication.RestOAuthAuthentication()
     req = RequestFactory().get(url,
                                HTTP_HOST='testserver',
                                HTTP_AUTHORIZATION=auth_header)
     req.API = True
     req.user = AnonymousUser()
     RestOAuthMiddleware().process_request(req)
     ok_(not auth.authenticate(Request(req)))
     ok_(not req.user.is_authenticated())
Esempio n. 4
0
 def test_use_access_token(self):
     url = absolutify(reverse('app-list'))
     t = Token.generate_new(ACCESS_TOKEN,
                            creds=self.access,
                            user=self.user2)
     url, auth_header = self._oauth_request_info(
         url,
         client_key=self.access.key,
         client_secret=self.access.secret,
         resource_owner_key=t.key,
         resource_owner_secret=t.secret)
     auth = authentication.RestOAuthAuthentication()
     req = RequestFactory().get(url,
                                HTTP_HOST='testserver',
                                HTTP_AUTHORIZATION=auth_header)
     req.API = True
     req.user = AnonymousUser()
     RestOAuthMiddleware().process_request(req)
     ok_(auth.authenticate(Request(req)))
     ok_(req.user.is_authenticated())
     eq_(req.user, self.user2)
Esempio n. 5
0
 def test_shared_secret_no_break_restoauth(self, mock_log):
     shared_secret = 'mkt-shared-secret [email protected],hash'
     request = RequestFactory(HTTP_AUTHORIZATION=shared_secret).get('/')
     request.API = True
     RestOAuthMiddleware().process_request(request)
     ok_(not mock_log.warning.called)