def test_apikey_and_basic_auth(self):
auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
# No API Key or HTTP Basic auth details should fail.
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Basic Auth still returns appropriately.
self.assertEqual(auth.is_authenticated(request)['WWW-Authenticate'], 'Basic Realm="django-tastypie"')
# API Key Auth works.
request = HttpRequest()
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'johndoe')
# Basic Auth works.
request = HttpRequest()
john_doe = User.objects.get(username='******')
john_doe.set_password('pass')
john_doe.save()
request.META['HTTP_AUTHORIZATION'] = 'Basic %s' % base64.b64encode('johndoe:pass'.encode('utf-8')).decode('utf-8')
self.assertEqual(auth.is_authenticated(request), True)
def test_apikey_and_basic_auth(self):
auth = MultiAuthentication(BasicAuthentication(),
ApiKeyAuthentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
# No API Key or HTTP Basic auth details should fail.
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Basic Auth still returns appropriately.
self.assertEqual(
auth.is_authenticated(request)['WWW-Authenticate'],
'Basic Realm="django-tastypie"')
# API Key Auth works.
request = HttpRequest()
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'johndoe')
# Basic Auth works.
request = HttpRequest()
john_doe = User.objects.get(username='******')
john_doe.set_password('pass')
john_doe.save()
request.META['HTTP_AUTHORIZATION'] = 'Basic %s' % base64.b64encode(
'johndoe:pass'.encode('utf-8')).decode('utf-8')
self.assertEqual(auth.is_authenticated(request), True)
def test_multiauth_apikey_and_basic_auth__api_key_works_in_header(self):
auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
request.META['HTTP_AUTHORIZATION'] = 'ApiKey %s:%s' % (john_doe.username, john_doe.api_key.key,)
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__api_key_works_in_header(self):
auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
request.META['HTTP_AUTHORIZATION'] = 'ApiKey %s:%s' % (john_doe.username, john_doe.api_key.key,)
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__api_key_works_in_query(self):
auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
request.GET['username'] = john_doe.username
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__api_key_works_in_query(self):
auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
request.GET['username'] = john_doe.username
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__basic_auth_works(self):
auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
john_doe.set_password('pass')
john_doe.save()
request.META['HTTP_AUTHORIZATION'] = 'Basic %s' % base64.b64encode('johndoe:pass'.encode('utf-8')).decode('utf-8')
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__api_key_works_in_header__space_in_username(self):
auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication())
request = HttpRequest()
john_doe = User.objects.get(username="******")
john_doe.username = "******"
john_doe.save()
request.META["HTTP_AUTHORIZATION"] = "ApiKey %s:%s" % (john_doe.username, john_doe.api_key.key)
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__basic_auth_works(self):
auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
john_doe.set_password('pass')
john_doe.save()
request.META['HTTP_AUTHORIZATION'] = 'Basic %s' % base64.b64encode('johndoe:pass'.encode('utf-8')).decode('utf-8')
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_apikey_and_authentication(self):
auth = MultiAuthentication(ApiKeyAuthentication(), Authentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
# No username/api_key details should pass.
self.assertEqual(auth.is_authenticated(request), True)
# The identifier should be the basic auth stock.
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
# Wrong username details.
request = HttpRequest()
request.GET['username'] = '******'
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
# No api_key.
request = HttpRequest()
request.GET['username'] = '******'
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
# Wrong user/api_key.
request = HttpRequest()
request.GET['username'] = '******'
request.GET['api_key'] = 'foo'
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
request = HttpRequest()
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_apikey_and_authentication(self):
auth = MultiAuthentication(ApiKeyAuthentication(), Authentication())
request = HttpRequest()
john_doe = User.objects.get(username='******')
# No username/api_key details should pass.
self.assertEqual(auth.is_authenticated(request), True)
# The identifier should be the basic auth stock.
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
# Wrong username details.
request = HttpRequest()
request.GET['username'] = '******'
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
# No api_key.
request = HttpRequest()
request.GET['username'] = '******'
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
# Wrong user/api_key.
request = HttpRequest()
request.GET['username'] = '******'
request.GET['api_key'] = 'foo'
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'noaddr_nohost')
request = HttpRequest()
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_apikey_and_authentication(self):
auth = MultiAuthentication(ApiKeyAuthentication(), Authentication())
request = HttpRequest()
john_doe = User.objects.get(username="******")
# No username/api_key details should pass.
self.assertEqual(auth.is_authenticated(request), True)
# The identifier should be the basic auth stock.
self.assertEqual(auth.get_identifier(request), "noaddr_nohost")
# Wrong username details.
request = HttpRequest()
request.GET["username"] = "******"
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), "noaddr_nohost")
# No api_key.
request = HttpRequest()
request.GET["username"] = "******"
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), "noaddr_nohost")
# Wrong user/api_key.
request = HttpRequest()
request.GET["username"] = "******"
request.GET["api_key"] = "foo"
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), "noaddr_nohost")
request = HttpRequest()
request.GET["username"] = "******"
request.GET["api_key"] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
def test_multiauth_apikey_and_basic_auth__basic_auth_works(self):
auth = MultiAuthentication(BasicAuthentication(), ApiKeyAuthentication())
request = HttpRequest()
john_doe = User.objects.get(username="******")
john_doe.set_password("pass")
john_doe.save()
request.META["HTTP_AUTHORIZATION"] = "Basic %s" % base64.b64encode("johndoe:pass".encode("utf-8")).decode(
"utf-8"
)
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.username)
