def test_other_user_with_general_token(self): other_user = User.objects.create_user('oho', '*****@*****.**', 'nono') with override_settings(MEDIA_ROOT=self.tempdir, MEDIA_URL='/'): request = toolbox.add_request('abc', requester=self.user) toolbox.attach_file(request, ContentFile(b'abc')) token = toolbox.create_general_token(request) http_request = self.factory.get('/something') http_request.user = other_user # With no verification and no requester required response = serve_file(http_request, token, require_requester=False, verify_requester=False) self.assertEqual(response.status_code, 200) # Now try with simply not requiring the requester http_request.user = other_user self.assertRaises(UserIsNotRequester, serve_file, http_request, token, require_requester=False) # Now try with requiring the requester but not verifying http_request.user = other_user self.assertRaises(SuspiciousToken, serve_file, http_request, token, verify_requester=False)
def test_other_user_with_no_verification(self): other_user = User.objects.create_user('oho', '*****@*****.**', 'nono') with override_settings(MEDIA_ROOT=self.tempdir, MEDIA_URL='/'): request = toolbox.add_request('abc', requester=self.user) toolbox.attach_file(request, ContentFile(b'abc')) token = toolbox.create_token(request) http_request = self.factory.get('/something') http_request.user = other_user response = serve_file(http_request, token, verify_requester=False) self.assertEqual(response.status_code, 200)