class ApiLogInTests(TestCase):
"""
Test log in of Django users via Basic auth.
"""
fixtures = ['test_data']
def setUp(self):
self.api = APIMiddleware()
def testBasicAuthentication(self):
"""
Test that a user can log in with Basic auth.
"""
request = HttpRequest()
credentials = 'johndoe:foobar'.encode('base64')
request.META['Authorization'] = 'Basic %s' % credentials
self.assertTrue(self.api._perform_basic_auth(request))
self.assertTrue(request.user.is_authenticated())
self.assertEquals(request.user, User.objects.get(id=1))
class ApiLogInTests(TestCase):
"""
Test log in of Django users via Basic auth.
"""
fixtures = ['test_data']
def setUp(self):
self.api = APIMiddleware()
def testBasicAuthentication(self):
"""
Test that a user can log in with Basic auth.
"""
request = HttpRequest()
credentials = 'johndoe:foobar'.encode('base64')
request.META['Authorization'] = 'Basic %s' % credentials
self.assertTrue(self.api._perform_basic_auth(request))
self.assertTrue(request.user.is_authenticated())
self.assertEquals(request.user, User.objects.get(id=1))
def setUp(self):
self.api = APIMiddleware()
self.request = HttpRequest()
def setUp(self):
self.api = APIMiddleware()
class ApiTest(unittest.TestCase):
"""
Test basic API middleware operations.
"""
def setUp(self):
self.api = APIMiddleware()
self.request = HttpRequest()
def testProcessRequestSetsIsApiFlag(self):
self.api._detect_api_request = Mock()
self.api._should_authorize = Mock() # Prevent execution
self.api._perform_basic_auth = Mock() # Prevent execution
self.api._require_authentication = Mock() # Prevent execution
self.api.process_request(self.request)
self.assertTrue(self.api._detect_api_request.called, '_detect_api_request function was not called, thus is_api is not set')
def testProcessRequestReturns401IfInvalidRequest(self):
self.api._detect_api_request = Mock() # Prevent execution
self.api._should_authorize = Mock(return_value=False)
self.api._perform_basic_auth = Mock(return_value=False)
self.api._require_authentication = Mock(return_value='require_auth')
self.assertTrue(self.api.process_request(self.request) is None)
self.api._should_authorize = Mock(return_value=True)
self.assertEqual(self.api.process_request(self.request), 'require_auth')
self.api._perform_basic_auth = Mock(return_value=True)
self.assertTrue(self.api.process_request(self.request) is None)
self.api._should_authorize = Mock(return_value=False)
self.assertTrue(self.api.process_request(self.request) is None)
def testProcessResponseReturnsResponseAsIsUnlessItsARedirect(self):
self.api._require_authentication = Mock(return_value='req_auth')
self.request.is_api = False
response = HttpResponse()
result = self.api.process_response(self.request, response)
self.assertTrue(result is response, 'process_response should return the same response object')
self.request.is_api = True
result = self.api.process_response(self.request, response)
self.assertTrue(result is response, 'process_response should return the same response object')
response = HttpResponseRedirect('/invalid/url')
result = self.api.process_response(self.request, response)
self.assertTrue(result is response, 'process_response should return the same response object')
response = HttpResponseRedirect(settings.LOGIN_URL)
result = self.api.process_response(self.request, response)
self.assertEqual(result, 'req_auth')
def testDetectApiRequestSetsApiTrueIfRequestAcceptsJson(self):
self.request.is_api = False # Keeping pyLint happy
self.api._detect_api_request(self.request)
self.assertFalse(self.request.is_api)
self.request.META['HTTP_ACCEPT'] = 'text/plain'
self.api._detect_api_request(self.request)
self.assertFalse(self.request.is_api)
self.request.META['HTTP_ACCEPT'] = 'application/json'
self.api._detect_api_request(self.request)
self.assertTrue(self.request.is_api)
def testGetAuthStringReturnsStringInAuthenticationHeader(self):
no_auth = HttpRequest()
auth1 = HttpRequest()
auth2 = HttpRequest()
auth1.META['Authorization'] = 'teststring'
auth2.META['HTTP_AUTHORIZATION'] = 'teststring'
self.assertTrue(self.api._get_auth_string(no_auth) is None)
self.assertEqual(self.api._get_auth_string(auth1), 'teststring')
self.assertEqual(self.api._get_auth_string(auth2), 'teststring')
def testShouldAuthorizeReturnsTrueIfRequestNeedsAuthentication(self):
self.api._get_auth_string = Mock(return_value="blabla")
self.request.is_api = False
self.request.user = Mock()
self.request.user.is_authenticated = Mock(return_value=True)
self.assertFalse(self.api._should_authorize(self.request))
self.request.user.is_authenticated = Mock(return_value=False)
self.assertFalse(self.api._should_authorize(self.request))
self.request.is_api = True
self.assertTrue(self.api._should_authorize(self.request))
self.api._get_auth_string = Mock(return_value=None)
self.assertFalse(self.api._should_authorize(self.request))
self.request.user.is_authenticated = Mock(return_value=True)
self.assertFalse(self.api._should_authorize(self.request))
def testRequireAuthenticationReturnsValidHttpResponse(self):
response = self.api._require_authentication()
self.assertTrue(isinstance(response, HttpResponse), 'Response should be an instance of HttpResponse')
self.assertEqual(response.status_code, 401)
self.assertEqual(response['WWW-Authenticate'], 'Basic realm="API"')
def testInvalidBasicAuthStringResponse(self):
"""
Ensure that invalid basic auth headers are treated correctly.
"""
# Test missing "Basic" opening keyword
request = HttpRequest()
request.META['Authorization'] = 'invalid_basic_auth_string'
self.assertFalse(self.api._perform_basic_auth(request))
# Test wrong formatting of credentials
request = HttpRequest()
credentials = 'username password'.encode('base64') # Missing colon separator
request.META['Authorization'] = 'Basic %s' % credentials
self.assertFalse(self.api._perform_basic_auth(request))
def setUp(self):
self.api = APIMiddleware()
def setUp(self):
self.api = APIMiddleware()
self.request = HttpRequest()
class ApiTest(unittest.TestCase):
"""
Test basic API middleware operations.
"""
def setUp(self):
self.api = APIMiddleware()
self.request = HttpRequest()
def testProcessRequestSetsIsApiFlag(self):
self.api._detect_api_request = Mock()
self.api._should_authorize = Mock() # Prevent execution
self.api._perform_basic_auth = Mock() # Prevent execution
self.api._require_authentication = Mock() # Prevent execution
self.api.process_request(self.request)
self.assertTrue(
self.api._detect_api_request.called,
'_detect_api_request function was not called, thus is_api is not set'
)
def testProcessRequestReturns401IfInvalidRequest(self):
self.api._detect_api_request = Mock() # Prevent execution
self.api._should_authorize = Mock(return_value=False)
self.api._perform_basic_auth = Mock(return_value=False)
self.api._require_authentication = Mock(return_value='require_auth')
self.assertTrue(self.api.process_request(self.request) is None)
self.api._should_authorize = Mock(return_value=True)
self.assertEqual(self.api.process_request(self.request),
'require_auth')
self.api._perform_basic_auth = Mock(return_value=True)
self.assertTrue(self.api.process_request(self.request) is None)
self.api._should_authorize = Mock(return_value=False)
self.assertTrue(self.api.process_request(self.request) is None)
def testProcessResponseReturnsResponseAsIsUnlessItsARedirect(self):
self.api._require_authentication = Mock(return_value='req_auth')
self.request.is_api = False
response = HttpResponse()
result = self.api.process_response(self.request, response)
self.assertTrue(
result is response,
'process_response should return the same response object')
self.request.is_api = True
result = self.api.process_response(self.request, response)
self.assertTrue(
result is response,
'process_response should return the same response object')
response = HttpResponseRedirect('/invalid/url')
result = self.api.process_response(self.request, response)
self.assertTrue(
result is response,
'process_response should return the same response object')
response = HttpResponseRedirect(settings.LOGIN_URL)
result = self.api.process_response(self.request, response)
self.assertEqual(result, 'req_auth')
def testDetectApiRequestSetsApiTrueIfRequestAcceptsJson(self):
self.request.is_api = False # Keeping pyLint happy
self.api._detect_api_request(self.request)
self.assertFalse(self.request.is_api)
self.request.META['HTTP_ACCEPT'] = 'text/plain'
self.api._detect_api_request(self.request)
self.assertFalse(self.request.is_api)
self.request.META['HTTP_ACCEPT'] = 'application/json'
self.api._detect_api_request(self.request)
self.assertTrue(self.request.is_api)
def testGetAuthStringReturnsStringInAuthenticationHeader(self):
no_auth = HttpRequest()
auth1 = HttpRequest()
auth2 = HttpRequest()
auth1.META['Authorization'] = 'teststring'
auth2.META['HTTP_AUTHORIZATION'] = 'teststring'
self.assertTrue(self.api._get_auth_string(no_auth) is None)
self.assertEqual(self.api._get_auth_string(auth1), 'teststring')
self.assertEqual(self.api._get_auth_string(auth2), 'teststring')
def testShouldAuthorizeReturnsTrueIfRequestNeedsAuthentication(self):
self.api._get_auth_string = Mock(return_value="blabla")
self.request.is_api = False
self.request.user = Mock()
self.request.user.is_authenticated = Mock(return_value=True)
self.assertFalse(self.api._should_authorize(self.request))
self.request.user.is_authenticated = Mock(return_value=False)
self.assertFalse(self.api._should_authorize(self.request))
self.request.is_api = True
self.assertTrue(self.api._should_authorize(self.request))
self.api._get_auth_string = Mock(return_value=None)
self.assertFalse(self.api._should_authorize(self.request))
self.request.user.is_authenticated = Mock(return_value=True)
self.assertFalse(self.api._should_authorize(self.request))
def testRequireAuthenticationReturnsValidHttpResponse(self):
response = self.api._require_authentication()
self.assertTrue(isinstance(response, HttpResponse),
'Response should be an instance of HttpResponse')
self.assertEqual(response.status_code, 401)
self.assertEqual(response['WWW-Authenticate'], 'Basic realm="API"')
def testInvalidBasicAuthStringResponse(self):
"""
Ensure that invalid basic auth headers are treated correctly.
"""
# Test missing "Basic" opening keyword
request = HttpRequest()
request.META['Authorization'] = 'invalid_basic_auth_string'
self.assertFalse(self.api._perform_basic_auth(request))
# Test wrong formatting of credentials
request = HttpRequest()
credentials = 'username password'.encode(
'base64') # Missing colon separator
request.META['Authorization'] = 'Basic %s' % credentials
self.assertFalse(self.api._perform_basic_auth(request))
