def test_unauthenticated_request_allow_anonymous2(self): """ Test requests to the login page or pages with LOGIN_EXEMPT_URLS don't redirect. """ request = self._get_request("/accounts/login/") request.user = AnonymousUser() response = AuthenticationMiddleware().process_request(request) self.assertEqual(response, None) with self.settings(LOGIN_EXEMPT_URLS=('test/url/', )): request = self._get_request("test/url/") request.user = AnonymousUser() response = AuthenticationMiddleware().process_request(request) self.assertEqual(response, None)
def test_preflight_response_with_origin_header(self): request = self._get_request("/") request.META['HTTP_ORIGIN'] = "www.example.com" response = HttpResponse() result = AuthenticationMiddleware().process_response(request, response) self.assertEqual(result['Access-Control-Allow-Origin'], "www.example.com")
def test_preflight_response_with_access_control_headers(self): """ Test setting HTTP_ACCESS_CONTROL_REQUEST_HEADERS. """ request = self._get_request("/") request.META['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'] = 'TEST-HEADER' response = HttpResponse() result = AuthenticationMiddleware().process_response(request, response) self.assertEqual(result['Access-Control-Allow-Headers'], 'TEST-HEADER')
def test_unauthenticated_request(self): """ Test that a request by an anonymous user redirects the user to the login page. """ request = self._get_request("/") request.user = AnonymousUser() response = AuthenticationMiddleware().process_request(request) self.assertEqual(response.status_code, 302) self.assertEqual(response['Location'], '/accounts/login/')
def test_authenticated_request(self): """ Test that making a request with an authenticated user results in some extra attributes being attached to the request. """ request = self._get_request("/") request.user = User.objects.get(pk=1) self.assertEqual(AuthenticationMiddleware().process_request(request), None) self.assertTrue(hasattr(request, "SITE_NAME")) self.assertTrue(hasattr(request, "footer"))
def test_unauthenticated_request_allow_anonymous(self): """ Test that setting ALLOW_ANONYMOUS_ACCESS doesn't redirect the request like it would if it was False. """ settings.ALLOW_ANONYMOUS_ACCESS = True request = self._get_request("/") request.user = AnonymousUser() self.assertEqual(AuthenticationMiddleware().process_request(request), None) self.assertTrue(hasattr(request, "SITE_NAME")) self.assertTrue(hasattr(request, "footer"))
def test_token_request_invalid(self): """ Try making a request with an expired `Token` and check that it gets deleted. """ user = User.objects.get(pk=1) link = ApplicationLink.objects.get(pk=1) token = Token.objects.create(secret='sesame', user=user, link=link) token.modified = token.modified - timedelta(seconds=token.timeout) token.save() request = self._get_request("/") request.GET['access_token'] = token.secret request.user = user self.assertEqual(AuthenticationMiddleware().process_request(request), None) self.assertEqual(Token.objects.count(), 0)
def test_token_request_anonymous_get(self): """ Test that making a request with an access token logs the token's user into the site and updates the token's modified time. """ user = User.objects.get(pk=1) link = ApplicationLink.objects.get(pk=1) token = Token.objects.create(secret='sesame', user=user, link=link) modified = token.modified request = self._get_request("/") request.GET['access_token'] = token.secret request.user = AnonymousUser() self.assertEqual(AuthenticationMiddleware().process_request(request), None) self.assertEqual(request.user, user) token = Token.objects.get(secret='sesame') self.assertNotEqual(token.modified, modified)
def test_token_request_anonymous_headers(self): """ Try setting HTTP header `HTTP_ACCESS_TOKEN` in a request with an anonymous user and check that it logs in the token's user. """ user = User.objects.get(pk=1) link = ApplicationLink.objects.get(pk=1) token = Token.objects.create(secret='sesame', user=user, link=link) modified = token.modified request = self._get_request("/") request.META['HTTP_ACCESS_TOKEN'] = token.secret request.user = AnonymousUser() self.assertEqual(AuthenticationMiddleware().process_request(request), None) self.assertEqual(request.user, user) token = Token.objects.get(secret='sesame') self.assertNotEqual(token.modified, modified)