def test_user_should_be_authorized_via_http_header(self, user):
assert_http_unauthorized(self.get(self.INDEX_URL))
resp = self.post(self.API_LOGIN_URL, {
'username': '******',
'password': '******'
})
assert_http_ok(resp)
assert_in('token', resp.json())
assert_http_ok(
self.get(self.INDEX_URL,
headers={
'HTTP_AUTHORIZATION':
'Bearer {}'.format(resp.json()['token'])
}))
assert_not_in('Authorization', self.c.cookies)
assert_true(Token.objects.last().allowed_header)
assert_false(Token.objects.last().allowed_cookie)
def test_user_should_be_logged_out_via_http_header(self, user):
resp = self.post(self.API_LOGIN_URL, {
'username': '******',
'password': '******'
})
assert_http_ok(resp)
token = resp.json()['token']
assert_http_ok(
self.get(self.INDEX_URL,
headers={'HTTP_AUTHORIZATION':
'Bearer {}'.format(token)}))
assert_http_accepted(
self.delete(
self.API_LOGOUT_URL,
headers={'HTTP_AUTHORIZATION': 'Bearer {}'.format(token)}))
assert_http_unauthorized(
self.get(self.INDEX_URL,
headers={'HTTP_AUTHORIZATION':
'Bearer {}'.format(token)}))
def test_not_logged_user_can_not_get_number_of_user_issues(self):
user = self.get_user_obj()
resp = self.get(self.USER_ISSUES_API_URL % {'user_pk': user.pk})
assert_http_unauthorized(resp)
def test_non_logged_user_should_receive_401(self):
resp = self.get(self.USER_API_URL)
assert_http_unauthorized(resp)
def test_401_exception(self):
for accept_type in self.ACCEPT_TYPES:
resp = self.get(self.ISSUE_API_URL, headers={'HTTP_ACCEPT': accept_type})
assert_in(accept_type, resp['Content-Type'])
assert_http_unauthorized(resp)
def test_401_exception(self):
for accept_type in self.ACCEPT_TYPES:
resp = self.get(self.ISSUE_API_URL, headers={'HTTP_ACCEPT': accept_type})
assert_in(accept_type, resp['Content-Type'])
assert_http_unauthorized(resp)
