def setUp(self): self.user = User.objects.create_user('test_user', '*****@*****.**', 'test_password') self.middleware = AuthenticationMiddleware() self.client.force_login(self.user) self.request = HttpRequest() self.request.session = self.client.session
class TestShibbolethRemoteUserMiddleware(TestCase): def setUp(self): self.request_factory = RequestFactory() self.smw = SessionMiddleware() self.amw = AuthenticationMiddleware() self.rmw = RemoteUserMiddleware() self.srmw = middleware.ShibbolethRemoteUserMiddleware() def _process_request_through_middleware(self, request): self.smw.process_request(request) self.amw.process_request(request) self.rmw.process_request(request) return self.srmw.process_request(request) def test_no_remote_user(self): test_request = self.request_factory.get('/') self._process_request_through_middleware(test_request) #shouldn't have done anything - just return because no REMOTE_USER self.assertTrue('shib' not in test_request.session) self.assertFalse(test_request.user.is_authenticated()) def test_remote_user_empty(self): test_request = self.request_factory.get('/', REMOTE_USER='') response = self._process_request_through_middleware(test_request) self.assertTrue('shib' not in test_request.session) self.assertFalse(test_request.user.is_authenticated())
class SignedCookiesTest(TestCase): def setUp(self): self.middleware = SignedCookiesMiddleware() self.auth_middleware = AuthenticationMiddleware() self.session_middleware = SessionMiddleware() def _process_request(self, request): self.session_middleware.process_request(request) self.auth_middleware.process_request(request) self.middleware.process_request(request) def _process_response(self, request, response): self.middleware.process_response(request, response) self.session_middleware.process_response(request, response) def test_middleware(self): request = HttpRequest() request.COOKIES['key'] = 'foo' self._process_request(request) self.failIf('key' in request.COOKIES) response = HttpResponse() request = HttpRequest() self._process_request(request) response.set_cookie('key', 'foo') self._process_response(request, response) signed_val = response.cookies['key'].value self.failIfEqual(signed_val, 'foo') request.COOKIES['key'] = signed_val self._process_request(request) self.failUnlessEqual(request.COOKIES['key'], 'foo')
def get_request_with_session(path): """Get request with attached session.""" request_factory = RequestFactory() request = request_factory.get(path) session_middleware = SessionMiddleware() session_middleware.process_request(request) authentication_middleware = AuthenticationMiddleware() authentication_middleware.process_request(request) return request
class FacebookAuthenticationMiddlewareTests(TestCase): def setUp(self): self.factory = RequestFactory() self.session_middleware = SessionMiddleware() self.django_auth_middleware = AuthenticationMiddleware() self.auth_middleware = FacebookAuthenticationMiddleware() def request(self, url='/fb'): request = self.factory.get(url) self.session_middleware.process_request(request) self.django_auth_middleware.process_request(request) return request def test_no_session(self): """ If there is no authenticated session, the user attribute should contain an anonymous user. """ request = self.request() self.auth_middleware.process_request(request) eq_(request.user.is_anonymous(), True) def test_no_matching_user(self): """ If an invalid user id is given in the session, the user attribute should contain an anonymous user. """ request = self.request() request.session[SESSION_KEY] = 9999 self.auth_middleware.process_request(request) eq_(request.user.is_anonymous(), True) def test_user_found(self): """ If there is an authenticated session with an existing user, the specified user should be available via the user attribute. """ request = self.request() user = FacebookUserFactory.create() request.session[SESSION_KEY] = user.id self.auth_middleware.process_request(request) eq_(request.user, user) def test_user_non_fb_app(self): """ If there is an authenticated session with an existing user outside of the app, the specified user should not be a FacebookUser. """ request = self.request(url='/') user = FacebookUserFactory.create() request.session[SESSION_KEY] = user.id self.auth_middleware.process_request(request) ok_(not request.user == user) eq_(request.user.is_anonymous(), True)
def setUp(self): self.user_password = '******' self.user = User.objects.create_user('test_user', '*****@*****.**', self.user_password) self.middleware = AuthenticationMiddleware() self.assertTrue( self.client.login( username=self.user.username, password=self.user_password, )) self.request = HttpRequest() self.request.session = self.client.session
class FBLoginRequiredTests(TestCase): def setUp(self): self.factory = RequestFactory() self.session_middleware = SessionMiddleware() self.auth_middleware = AuthenticationMiddleware() def request(self, url='/'): """ Create a mock request object. """ request = self.factory.get(url) self.session_middleware.process_request(request) self.auth_middleware.process_request(request) return request def test_no_auth(self): """ If the user has not been authed, return a redirect to the home page. """ request = self.request() with self.activate('en-US'): response = view(request) eq_(response.status_code, 302) self.assertRedirectsNoFollow(response, reverse('base.home')) def test_django_auth(self): """ If the user has authed via normal django mechanisms, return a redirect. """ request = self.request() User.objects.create_user('*****@*****.**', '*****@*****.**', 'asdf1234') user = authenticate(username='******', password='******') django_login(request, user) response = view(request) eq_(response.status_code, 302) @patch.object(FacebookUser.objects, 'update_user_info') def test_facebook_auth(self, update_user_info): """ If the user has authed via the Facebook auth mechanism, execute the view. """ request = self.request() user = FacebookUserFactory() fb_login(request, user) response = view(request) eq_(response, True)
class FBLoginRequiredTests(TestCase): def setUp(self): self.factory = RequestFactory() self.session_middleware = SessionMiddleware() self.auth_middleware = AuthenticationMiddleware() def request(self, url='/'): """ Create a mock request object. """ request = self.factory.get(url) self.session_middleware.process_request(request) self.auth_middleware.process_request(request) return request def test_no_auth(self): """ If the user has not been authed, return a redirect to the home page. """ request = self.request() with self.activate('en-US'): response = view(request) eq_(response.status_code, 302) self.assert_viewname_url(response['Location'], 'base.landing') def test_django_auth(self): """ If the user has authed via normal django mechanisms, return a redirect. """ request = self.request() User.objects.create_user('*****@*****.**', '*****@*****.**', 'asdf1234') user = authenticate(username='******', password='******') django_login(request, user) response = view(request) eq_(response.status_code, 302) @patch.object(FacebookUser.objects, 'update_user_info') def test_facebook_auth(self, update_user_info): """ If the user has authed via the Facebook auth mechanism, execute the view. """ request = self.request() user = FacebookUserFactory() fb_login(request, user) response = view(request) eq_(response, True)
def setUp(self): self.user_email = '*****@*****.**' self.user_password = '******' self.user = get_user_model().objects.create_user( self.user_email, self.user_password) self.middleware_auth = AuthenticationMiddleware() self.middleware_session_auth = SessionAuthenticationMiddleware() self.assertTrue( self.client.login( username=self.user_email, password=self.user_password, )) self.request = HttpRequest() self.request.session = self.client.session
def test_anon_token_from_cookie(self): rf = django.test.RequestFactory() rf.cookies['anoncsrf'] = self.token cache.set(PREFIX + self.token, 'woo') request = rf.get('/') request.session = {} r = { 'wsgi.input': django.test.client.FakePayload('') } # Hack to set up request middleware. ClientHandler()(self.rf._base_environ(**r)) auth_mw = AuthenticationMiddleware() auth_mw.process_request(request) self.mw.process_view(request, anonymous_csrf(lambda: None), [], {}) self.assertEqual(request.csrf_token, 'woo')
def setUp(self): load_test_data(self) self.mox = mox.Mox() self.factory = RequestFactoryWithMessages() self.context = {'authorized_tenants': self.tenants.list()} def fake_conn_request(*args, **kwargs): raise Exception("An external URI request tried to escape through " "an httplib2 client. Args: %s, kwargs: %s" % (args, kwargs)) self._real_conn_request = httplib2.Http._conn_request httplib2.Http._conn_request = fake_conn_request self._real_horizon_context_processor = context_processors.horizon context_processors.horizon = lambda request: self.context self._real_get_user = utils.get_user tenants = self.context['authorized_tenants'] self.setActiveUser(id=self.user.id, token=self.token, username=self.user.name, tenant_id=self.tenant.id, service_catalog=self.service_catalog, authorized_tenants=tenants) self.request = http.HttpRequest() self.request.session = self.client._session() self.request.session['token'] = self.token.id middleware.HorizonMiddleware().process_request(self.request) AuthenticationMiddleware().process_request(self.request) os.environ["HORIZON_TEST_RUN"] = "True"
class ApiOauthMiddleware(object): """Middleware which attempts to use OAuth authentication on API requests and cookie-based authentication on normal requests.""" auth_middleware = None def __init__(self): self.auth_middleware = AuthenticationMiddleware() def process_request(self, request): if not default_is_request_api(request): return self.auth_middleware.process_request(request) return None def process_view(self, request, view_func, view_args, view_kwargs): if default_is_request_api(request): request.__class__.user = LazyAnonUser() resource_name = getattr(request, 'oauth_resource_name', None) if CheckOAuth.is_valid_request(request): try: consumer, token, parameters = CheckOAuth.validate_token(request) except OAuthError, e: return None #!! ??return send_oauth_error(e) if resource_name and token.resource.name != resource_name: return send_oauth_error(OAuthError(_('You are not allowed to access this resource.'))) elif consumer and token: if token.user: request.__class__.user = token.user return None
def session(self, request): middleware = SessionMiddleware() middleware.process_request(request) request.session.save() middleware = AuthenticationMiddleware() middleware.process_request(request) return request
def test_newly_authenticated_user_is_authenticated(self): """ This exists to catch an edge case where a user would be created but could not be authenticated against. Using User.objects.create(...) instead of User.objects.create_user(...) will not throw an error, but the created user can't be authenticated against. Who knows what Django does internally that's different from manually adding a user? Just don't delete this test. """ email = "*****@*****.**" # Django does not include middleware in tests, so add it manually # The request can be nondescript because it's just to satisfy Django request = self.request_factory.get("/") SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) user = IdentityService.sign_up(request, email, "hunter2", "John", "Doe") self.assertTrue(user is not None) self.assertEqual(user.email, email)
def log_in(username, password): """ Log the user in programatically. This will delete any existing cookies to ensure that the user logs in to the correct session. """ # Authenticate the user world.scenario_dict['USER'] = authenticate(username=username, password=password) assert (world.scenario_dict['USER'] is not None and world.scenario_dict['USER'].is_active) # Send a fake HttpRequest to log the user in # We need to process the request using # Session middleware and Authentication middleware # to ensure that session state can be stored request = HttpRequest() SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) login(request, world.scenario_dict['USER']) # Save the session request.session.save() # Retrieve the sessionid and add it to the browser's cookies cookie_dict = {settings.SESSION_COOKIE_NAME: request.session.session_key} world.browser.cookies.delete() world.browser.cookies.add(cookie_dict)
def test_vary_with_original_update_cache_middleware(self): """ Mainly to demonstrate the need to remove the Vary: Cookie header during caching. Same basic test as test_vary() but with django's UpdateCacheMiddleware instead of PatchedVaryUpdateCacheMiddleware. This does not get a cache hit if the cookies are not the same. """ request = self.factory.get('/') request.method = 'GET' request.COOKIES = {'test': 'foo'} request.META['HTTP_COOKIE'] = 'test=foo' response = HttpResponse() patch_vary_headers(response, ['Cookie']) response.set_cookie('test', 'foo') SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) cache_hit = FetchFromCacheMiddleware().process_request(request) self.assertEqual(cache_hit, None) response = UpdateCacheMiddleware().process_response(request, response) cache_hit = FetchFromCacheMiddleware().process_request(request) self.assertTrue(isinstance(cache_hit, HttpResponse)) new_request = self.factory.get('/') new_request.method = 'GET' # note: not using cookies here. this demonstrates that cookies don't # affect the cache key cache_hit = FetchFromCacheMiddleware().process_request(new_request) self.assertEqual(cache_hit, None)
def test_vary(self): """ Ensure caching works even when cookies are present and `Vary: Cookie` is on. """ request = self.factory.get('/test/vary') request.COOKIES = {'test': 'foo'} request.META['HTTP_COOKIE'] = 'test=foo' response = HttpResponse() patch_vary_headers(response, ['Cookie']) response.set_cookie('test', 'foo') SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) cache_hit = FetchFromCacheMiddleware().process_request(request) self.assertTrue(cache_hit is None) response = PatchedVaryUpdateCacheMiddleware().process_response(request, response) cache_hit = FetchFromCacheMiddleware().process_request(request) self.assertTrue(isinstance(cache_hit, HttpResponse)) new_request = self.factory.get('/test/vary') # note: not using cookies here. this demonstrates that cookies don't # affect the cache key cache_hit = FetchFromCacheMiddleware().process_request(new_request) self.assertTrue(isinstance(cache_hit, HttpResponse))
def test_without_process_view(self): with self.login(self.user): request = self.factory.get(reverse('view'), **self.extra_header(1, 2)) SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) CitixenProfileMiddleware().process_view(request, None) self.assertEqual(request.profile, None)
def setUp(self): self.user_password = "******" self.user = User.objects.create_user("test_user", "*****@*****.**", self.user_password) self.middleware = AuthenticationMiddleware() self.assertTrue(self.client.login(username=self.user.username, password=self.user_password)) self.request = HttpRequest() self.request.session = self.client.session
def test_setting_DRAL_HEADER_user_in_custom_header_is_authenticated(self): with self.settings(DRAL_HEADER='CUSTOM', DRAL_CHECK_DOMAIN=False): m = middleware.RemoteUserMiddleware() headers = {'CUSTOM': 'alice'} request = RequestFactory().get('/', **headers) SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) m.process_request(request) self.assertIsNotNone(get_user_model().objects.get(username='******'))
def test_anon_token_from_cookie(self): rf = django.test.RequestFactory() rf.cookies['anoncsrf'] = self.token cache.set(prep_key(self.token), 'woo') request = rf.get('/') SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) self.mw.process_request(request) self.assertEqual(request.csrf_token, 'woo')
def get_result(request): url_match = resolve(request.path) module = importlib.import_module(url_match.func.__module__) view = getattr(module, url_match.func.__name__)() request = copy.deepcopy(request) SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) view.request = request return view.get_result(request, *url_match.args, **url_match.kwargs)
def setUp(self): # Pass request object through session middleware so session is # available to login and logout functions self.wrapped_request = factory.get('/') self.request = Request(self.wrapped_request) SessionMiddleware().process_request(self.wrapped_request) AuthenticationMiddleware().process_request(self.wrapped_request) User.objects.create_user('ringo', '*****@*****.**', 'yellow') self.user = authenticate(username='******', password='******')
def setUp(self): super(TestCase, self).setUp() self.mox = mox.Mox() self._setup_test_data() self._setup_factory() self._setup_user() self._setup_request() middleware.HorizonMiddleware().process_request(self.request) AuthenticationMiddleware().process_request(self.request) os.environ["HORIZON_TEST_RUN"] = "True"
def test_can_stop_users_from_proceeding_if_not_logged_in(self): """ Several routes depend on a method to get the session user that will throw if no request user is logged in. """ request = self.request_factory.get("/") SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) with self.assertRaises(AuthenticationRequiredException): IdentityService.get_required_session_user(request)
def setUp(self): self.mox = mox.Mox() self.factory = RequestFactoryWithMessages() self.user = User.objects.create_user(username='******', password='******') self.assertTrue(self.client.login(username="******", password="******")) self.request = http.HttpRequest() self.request.session = self.client._session() middleware.HorizonMiddleware().process_request(self.request) AuthenticationMiddleware().process_request(self.request) os.environ["HORIZON_TEST_RUN"] = "True"
def __init__(self): print print "Starting SOCKETIO Application" print "=" * 20 print namespaces = load_namespaces() if namespaces: self._my_namespaces = namespaces self.django_wsgi = WSGIHandler() super(Application, self).__init__() self.middleware = [SessionMiddleware(), AuthenticationMiddleware()]
def setUp(self): super().setUp() self._setup_test_data() self._setup_factory() self._setup_user() self._setup_request() # A dummy get_response function (which is not callable) is passed # because middlewares below are used only to populate request attrs. middleware.HorizonMiddleware('dummy_get_response') \ ._process_request(self.request) AuthenticationMiddleware('dummy_get_response') \ .process_request(self.request) os.environ["HORIZON_TEST_RUN"] = "True"
class TestAuthenticationMiddleware(TestCase): def setUp(self): self.user = User.objects.create_user('test_user', '*****@*****.**', 'test_password') self.middleware = AuthenticationMiddleware() self.client.force_login(self.user) self.request = HttpRequest() self.request.session = self.client.session def test_no_password_change_doesnt_invalidate_session(self): self.request.session = self.client.session self.middleware.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertFalse(self.request.user.is_anonymous()) def test_changed_password_invalidates_session(self): # After password change, user should be anonymous self.user.set_password('new_password') self.user.save() self.middleware.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertTrue(self.request.user.is_anonymous()) # session should be flushed self.assertIsNone(self.request.session.session_key)
class TestAuthenticationMiddleware(TestCase): def setUp(self): self.user = User.objects.create_user('test_user', '*****@*****.**', 'test_password') self.middleware = AuthenticationMiddleware() self.client.force_login(self.user) self.request = HttpRequest() self.request.session = self.client.session def test_no_password_change_doesnt_invalidate_session(self): self.request.session = self.client.session self.middleware.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertFalse(self.request.user.is_anonymous) def test_changed_password_invalidates_session(self): # After password change, user should be anonymous self.user.set_password('new_password') self.user.save() self.middleware.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertTrue(self.request.user.is_anonymous) # session should be flushed self.assertIsNone(self.request.session.session_key)
def test_without_values(self, rf): request = rf.get('/') SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) # Let's test the decorator @shib_meta_to_user def sample_view(request): # Let's check the attribute assert request.user.shib == {} return HttpResponse() response = sample_view(request) assert response.status_code == 200
def setUp(self): self.user_email = '*****@*****.**' self.user_password = '******' self.user = get_user_model().objects.create_user( self.user_email, self.user_password) self.middleware_auth = AuthenticationMiddleware() self.middleware_session_auth = SessionAuthenticationMiddleware() self.assertTrue(self.client.login( username=self.user_email, password=self.user_password, )) self.request = HttpRequest() self.request.session = self.client.session
def test_with_values(self, db, monkeypatch, rf, shib_meta): monkeypatch.setattr(ShibbolethRemoteUserMiddleware, 'parse_attributes', lambda x, y: (shib_meta, None)) request = rf.get('/', REMOTE_USER=shib_meta.get('username')) SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) ShibbolethRemoteUserMiddleware().process_request(request) # Let's test the decorator @shib_meta_to_user def sample_view(request): # Let's check the attribute assert request.user.shib == shib_meta return HttpResponse() response = sample_view(request) assert response.status_code == 200
def test_no_vary(self): """ Ensure basic caching works. """ request = self.factory.get('/test/no-vary') response = HttpResponse() SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) cache_hit = FetchFromCacheMiddleware().process_request(request) self.assertEqual(cache_hit, None) response = PatchedVaryUpdateCacheMiddleware().process_response(request, response) cache_hit = FetchFromCacheMiddleware().process_request(request) self.assertTrue(isinstance(cache_hit, HttpResponse))
def forward_request(client, backend, auth_func): headers_complete = False body_part = None authenticated = False headers = StringIO() if not headers_complete: # Accumulate headers, then parse them. while True: data = client.recv(1024) logger.debug(data) if not data: break header_part, header_end, body_part = data.partition('\r\n\r\n') headers.write(header_part) if header_end: headers.write(header_end) # Build a Django flavor HttpRequest from the raw headers request = DjangoizedHttpRequest(StringIO(headers.getvalue()), client) # Run it through the middleware we need SessionMiddleware().process_request(request) AuthenticationMiddleware().process_request(request) authenticated = auth_func(request) break if authenticated: backend.sendall(headers.getvalue()) if body_part: backend.sendall(body_part) while True: data = client.recv(1024) if not data: break backend.sendall(data) else: # Close backend connection. backend.sendall("") # Respond to client with forbidden body = u"403 Forbidden" response = u"\r\n".join(("HTTP/1.1 403 Forbidden", "Content-Type: text/plain; charset=utf-8", "Content-Length: %s" % len(body), "Connection: close", "\r\n", body)) client.sendall(response) # Close client connection. client.sendall("")
class TestSessionAuthenticationMiddleware(TestCase): def setUp(self): self.user_email = '*****@*****.**' self.user_password = '******' self.user = get_user_model().objects.create_user( self.user_email, self.user_password) self.middleware_auth = AuthenticationMiddleware() self.middleware_session_auth = SessionAuthenticationMiddleware() self.assertTrue( self.client.login( username=self.user_email, password=self.user_password, )) self.request = HttpRequest() self.request.session = self.client.session def test_changed_password_doesnt_invalidate_session(self): # Changing a user's password shouldn't invalidate the session if session # verification isn't activated. session_key = self.request.session.session_key self.middleware_auth.process_request(self.request) self.middleware_session_auth.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertFalse(self.request.user.is_anonymous()) # After password change, user should remain logged in. self.user.set_password('new_password') self.user.save() self.middleware_auth.process_request(self.request) self.middleware_session_auth.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertFalse(self.request.user.is_anonymous()) self.assertEqual(session_key, self.request.session.session_key) def test_changed_password_invalidates_session_with_middleware(self): session_key = self.request.session.session_key with self.modify_settings( MIDDLEWARE_CLASSES= { 'append': [ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware' ] }): # After password change, user should be anonymous self.user.set_password('new_password') self.user.save() self.middleware_auth.process_request(self.request) self.middleware_session_auth.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertTrue(self.request.user.is_anonymous()) # session should be flushed self.assertNotEqual(session_key, self.request.session.session_key)
def test_login_invalid(self): req = self.request_factory.post( 'login_django', data={ 'username': '******', 'password': '******' }, ) SessionMiddleware().process_request(req) req.session.save() AuthenticationMiddleware().process_request(req) req._dont_enforce_csrf_checks = True # req.user = AnonymousUser() # Initalized so the users are loaded Django_Login_Mock_Saml2_Auth(req) resp = MockSSOLoginView.as_view()(req) self.assertEqual(resp.status_code, 200)
def setUp(self): super(TestCase, self).setUp() if self.use_mox: LOG.warning("'use_mox' will be dropped at the beginning of " "'Stein' release. If you still depend on mox, " "you must prepare mox environment in your test case.") self.mox = mox.Mox() self._setup_test_data() self._setup_factory() self._setup_user() self._setup_request() # A dummy get_response function (which is not callable) is passed # because middlewares below are used only to populate request attrs. middleware.HorizonMiddleware('dummy_get_response') \ .process_request(self.request) AuthenticationMiddleware('dummy_get_response') \ .process_request(self.request) os.environ["HORIZON_TEST_RUN"] = "True"
class TestSessionAuthenticationMiddleware(TestCase): def setUp(self): self.user_email = '*****@*****.**' self.user_password = '******' self.user = get_user_model().objects.create_user( self.user_email, self.user_password) self.middleware_auth = AuthenticationMiddleware() self.middleware_session_auth = SessionAuthenticationMiddleware() self.assertTrue(self.client.login( username=self.user_email, password=self.user_password, )) self.request = HttpRequest() self.request.session = self.client.session def test_changed_password_doesnt_invalidate_session(self): # Changing a user's password shouldn't invalidate the session if session # verification isn't activated. session_key = self.request.session.session_key self.middleware_auth.process_request(self.request) self.middleware_session_auth.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertFalse(self.request.user.is_anonymous()) # After password change, user should remain logged in. self.user.set_password('new_password') self.user.save() self.middleware_auth.process_request(self.request) self.middleware_session_auth.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertFalse(self.request.user.is_anonymous()) self.assertEqual(session_key, self.request.session.session_key) def test_changed_password_invalidates_session_with_middleware(self): session_key = self.request.session.session_key with self.modify_settings(MIDDLEWARE_CLASSES={'append': ['django.contrib.auth.middleware.SessionAuthenticationMiddleware']}): # After password change, user should be anonymous self.user.set_password('new_password') self.user.save() self.middleware_auth.process_request(self.request) self.middleware_session_auth.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertTrue(self.request.user.is_anonymous()) # session should be flushed self.assertNotEqual(session_key, self.request.session.session_key)
class TestSessionAuthenticationMiddleware(TestCase): def setUp(self): self.user_password = "******" self.user = User.objects.create_user("test_user", "*****@*****.**", self.user_password) self.middleware = AuthenticationMiddleware() self.assertTrue(self.client.login(username=self.user.username, password=self.user_password)) self.request = HttpRequest() self.request.session = self.client.session def test_changed_password_doesnt_invalidate_session(self): """ Changing a user's password shouldn't invalidate the session if session verification isn't activated. """ session_key = self.request.session.session_key self.middleware.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertFalse(self.request.user.is_anonymous()) # After password change, user should remain logged in. self.user.set_password("new_password") self.user.save() self.middleware.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertFalse(self.request.user.is_anonymous()) self.assertEqual(session_key, self.request.session.session_key) def test_changed_password_invalidates_session_with_middleware(self): session_key = self.request.session.session_key with self.modify_settings( MIDDLEWARE_CLASSES={"append": ["django.contrib.auth.middleware.SessionAuthenticationMiddleware"]} ): # After password change, user should be anonymous self.user.set_password("new_password") self.user.save() self.middleware.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertTrue(self.request.user.is_anonymous()) # session should be flushed self.assertNotEqual(session_key, self.request.session.session_key)
class FacebookAuthenticationMiddlewareTests(TestCase): def setUp(self): self.factory = RequestFactory() self.session_middleware = SessionMiddleware() self.django_auth_middleware = AuthenticationMiddleware() self.auth_middleware = FacebookAuthenticationMiddleware() def request(self, url='/fb', locale='en-US'): request = self.factory.get(url) self.session_middleware.process_request(request) self.django_auth_middleware.process_request(request) request.META['HTTP_ACCEPT_LANGUAGE'] = locale return request @patch('facebook.middleware.activate_locale') def test_no_session(self, activate_locale): """ If there is no authenticated session, the user attribute should contain an anonymous user. """ request = self.request() self.auth_middleware.process_request(request) eq_(request.user.is_anonymous(), True) # Check that the locale from the request was activated. activate_locale.assert_called_once_with(ANY, 'en-US') @patch('facebook.middleware.activate_locale') def test_no_matching_user(self, activate_locale): """ If an invalid user id is given in the session, the user attribute should contain an anonymous user. """ request = self.request(locale='es') request.session[SESSION_KEY] = 9999 self.auth_middleware.process_request(request) eq_(request.user.is_anonymous(), True) # Check that the locale from the request was activated. activate_locale.assert_called_once_with(ANY, 'es') @patch('facebook.middleware.activate_locale') def test_user_found(self, activate_locale): """ If there is an authenticated session with an existing user, the specified user should be available via the user attribute. """ request = self.request() user = FacebookUserFactory.create(locale='fr') request.session[SESSION_KEY] = user.id self.auth_middleware.process_request(request) eq_(request.user, user) # Check that the locale from the user object was activated. activate_locale.assert_called_once_with(ANY, 'fr') @patch('facebook.middleware.activate_locale') def test_user_non_fb_app(self, activate_locale): """ If there is an authenticated session with an existing user outside of the app, the specified user should not be a FacebookUser. """ request = self.request(url='/', locale='pt-BR') user = FacebookUserFactory.create() request.session[SESSION_KEY] = user.id self.auth_middleware.process_request(request) ok_(not request.user == user) eq_(request.user.is_anonymous(), True) # Check that the FB locale stuff was never called. eq_(activate_locale.called, False)
def setUp(self): self.middleware = SignedCookiesMiddleware() self.auth_middleware = AuthenticationMiddleware() self.session_middleware = SessionMiddleware()
def setUp(self): self.factory = RequestFactory() self.session_middleware = SessionMiddleware() self.auth_middleware = AuthenticationMiddleware()
def __init__(self): self.auth_middleware = AuthenticationMiddleware()