def test_apikey_and_basic_auth(self): auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication()) request = HttpRequest() john_doe = User.objects.get(username='******') # No API Key or HTTP Basic auth details should fail. self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True) # Basic Auth still returns appropriately. self.assertEqual(auth.is_authenticated(request)['WWW-Authenticate'], 'Basic Realm="django-tastypie"') # API Key Auth works. request = HttpRequest() request.GET['username'] = '******' request.GET['api_key'] = john_doe.api_key.key self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), 'johndoe') # Basic Auth works. request = HttpRequest() john_doe = User.objects.get(username='******') john_doe.set_password('pass') john_doe.save() request.META['HTTP_AUTHORIZATION'] = 'Basic %s' % base64.b64encode('johndoe:pass'.encode('utf-8')).decode('utf-8') self.assertEqual(auth.is_authenticated(request), True)
def test_apikey_and_basic_auth(self): auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication()) request = HttpRequest() john_doe = User.objects.get(username='******') # No API Key or HTTP Basic auth details should fail. self.assertEqual( isinstance(auth.is_authenticated(request), HttpUnauthorized), True) # Basic Auth still returns appropriately. self.assertEqual( auth.is_authenticated(request)['WWW-Authenticate'], 'Basic Realm="django-tastypie"') # API Key Auth works. request = HttpRequest() request.GET['username'] = '******' request.GET['api_key'] = john_doe.api_key.key self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), 'johndoe') # Basic Auth works. request = HttpRequest() john_doe = User.objects.get(username='******') john_doe.set_password('pass') john_doe.save() request.META['HTTP_AUTHORIZATION'] = 'Basic %s' % base64.b64encode( 'johndoe:pass'.encode('utf-8')).decode('utf-8') self.assertEqual(auth.is_authenticated(request), True)
def test_multiauth_apikey_and_basic_auth__api_key_works_in_header(self): auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication()) request = HttpRequest() john_doe = User.objects.get(username='******') request.META['HTTP_AUTHORIZATION'] = 'ApiKey %s:%s' % (john_doe.username, john_doe.api_key.key,) self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__api_key_works_in_query(self): auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication()) request = HttpRequest() john_doe = User.objects.get(username='******') request.GET['username'] = john_doe.username request.GET['api_key'] = john_doe.api_key.key self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__basic_auth_works(self): auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication()) request = HttpRequest() john_doe = User.objects.get(username='******') john_doe.set_password('pass') john_doe.save() request.META['HTTP_AUTHORIZATION'] = 'Basic %s' % base64.b64encode('johndoe:pass'.encode('utf-8')).decode('utf-8') self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__api_key_works_in_header__space_in_username(self): auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication()) request = HttpRequest() john_doe = User.objects.get(username="******") john_doe.username = "******" john_doe.save() request.META["HTTP_AUTHORIZATION"] = "ApiKey %s:%s" % (john_doe.username, john_doe.api_key.key) self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_apikey_and_authentication(self): auth = MultiAuthentication(ApiKeyAuthentication(), Authentication()) request = HttpRequest() john_doe = User.objects.get(username='******') # No username/api_key details should pass. self.assertEqual(auth.is_authenticated(request), True) # The identifier should be the basic auth stock. self.assertEqual(auth.get_identifier(request), 'noaddr_nohost') # Wrong username details. request = HttpRequest() request.GET['username'] = '******' self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), 'noaddr_nohost') # No api_key. request = HttpRequest() request.GET['username'] = '******' self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), 'noaddr_nohost') # Wrong user/api_key. request = HttpRequest() request.GET['username'] = '******' request.GET['api_key'] = 'foo' self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), 'noaddr_nohost') request = HttpRequest() request.GET['username'] = '******' request.GET['api_key'] = john_doe.api_key.key self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_apikey_and_authentication(self): auth = MultiAuthentication(ApiKeyAuthentication(), Authentication()) request = HttpRequest() john_doe = User.objects.get(username="******") # No username/api_key details should pass. self.assertEqual(auth.is_authenticated(request), True) # The identifier should be the basic auth stock. self.assertEqual(auth.get_identifier(request), "noaddr_nohost") # Wrong username details. request = HttpRequest() request.GET["username"] = "******" self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), "noaddr_nohost") # No api_key. request = HttpRequest() request.GET["username"] = "******" self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), "noaddr_nohost") # Wrong user/api_key. request = HttpRequest() request.GET["username"] = "******" request.GET["api_key"] = "foo" self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), "noaddr_nohost") request = HttpRequest() request.GET["username"] = "******" request.GET["api_key"] = john_doe.api_key.key self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__basic_auth_works(self): auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication()) request = HttpRequest() john_doe = User.objects.get(username="******") john_doe.set_password("pass") john_doe.save() request.META["HTTP_AUTHORIZATION"] = "Basic %s" % base64.b64encode("johndoe:pass".encode("utf-8")).decode( "utf-8" ) self.assertEqual(auth.is_authenticated(request), True) self.assertEqual(auth.get_identifier(request), john_doe.username)