def test_user_should_be_authorized_via_http_header(self, user): assert_http_unauthorized(self.get(self.INDEX_URL)) resp = self.post(self.API_LOGIN_URL, { 'username': '******', 'password': '******' }) assert_http_ok(resp) assert_in('token', resp.json()) assert_http_ok( self.get(self.INDEX_URL, headers={ 'HTTP_AUTHORIZATION': 'Bearer {}'.format(resp.json()['token']) })) assert_not_in('Authorization', self.c.cookies) assert_true(Token.objects.last().allowed_header) assert_false(Token.objects.last().allowed_cookie)
def test_user_should_be_logged_out_via_http_header(self, user): resp = self.post(self.API_LOGIN_URL, { 'username': '******', 'password': '******' }) assert_http_ok(resp) token = resp.json()['token'] assert_http_ok( self.get(self.INDEX_URL, headers={'HTTP_AUTHORIZATION': 'Bearer {}'.format(token)})) assert_http_accepted( self.delete( self.API_LOGOUT_URL, headers={'HTTP_AUTHORIZATION': 'Bearer {}'.format(token)})) assert_http_unauthorized( self.get(self.INDEX_URL, headers={'HTTP_AUTHORIZATION': 'Bearer {}'.format(token)}))
def test_not_logged_user_can_not_get_number_of_user_issues(self): user = self.get_user_obj() resp = self.get(self.USER_ISSUES_API_URL % {'user_pk': user.pk}) assert_http_unauthorized(resp)
def test_non_logged_user_should_receive_401(self): resp = self.get(self.USER_API_URL) assert_http_unauthorized(resp)
def test_401_exception(self): for accept_type in self.ACCEPT_TYPES: resp = self.get(self.ISSUE_API_URL, headers={'HTTP_ACCEPT': accept_type}) assert_in(accept_type, resp['Content-Type']) assert_http_unauthorized(resp)
def test_401_exception(self): for accept_type in self.ACCEPT_TYPES: resp = self.get(self.ISSUE_API_URL, headers={'HTTP_ACCEPT': accept_type}) assert_in(accept_type, resp['Content-Type']) assert_http_unauthorized(resp)