def test_is_authenticated_get_params(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username details.
request.GET['username'] = '******'
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.GET['username'] = '******'
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.GET['username'] = '******'
request.GET['api_key'] = 'foo'
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
john_doe = User.objects.get(username='******')
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'johndoe')
def test_is_authenticated_get_params(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username details.
request.GET['username'] = '******'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.GET['username'] = '******'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.GET['username'] = '******'
request.GET['api_key'] = 'foo'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
john_doe = User.objects.get(username='******')
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), 'johndoe')
def test_is_authenticated_get_params(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = CustomUser.objects.get(pk=1)
create_api_key(CustomUser, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username (email) details.
request.GET['username'] = '******'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.GET['username'] = john_doe.email
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.GET['username'] = john_doe.email
request.GET['api_key'] = 'foo'
self.assertEqual(isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
ApiKey.objects.all().delete()
create_api_key(CustomUser, instance=john_doe, created=True)
request.GET['username'] = john_doe.email
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.email)
def test_is_authenticated_get_params(self):
auth = ApiKeyAuthentication()
request = HttpRequest()
# Simulate sending the signal.
john_doe = CustomUser.objects.get(pk=1)
create_api_key(CustomUser, instance=john_doe, created=True)
# No username/api_key details should fail.
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong username (email) details.
request.GET['username'] = '******'
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# No api_key.
request.GET['username'] = john_doe.email
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Wrong user/api_key.
request.GET['username'] = john_doe.email
request.GET['api_key'] = 'foo'
self.assertEqual(
isinstance(auth.is_authenticated(request), HttpUnauthorized), True)
# Correct user/api_key.
ApiKey.objects.all().delete()
create_api_key(CustomUser, instance=john_doe, created=True)
request.GET['username'] = john_doe.email
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request), True)
self.assertEqual(auth.get_identifier(request), john_doe.email)
def test_whitelisting(self):
auth = ApiKeyAuthentication(whitelisted_methods=['a_method'])
request = HttpRequest()
# Simulate sending the signal.
john_doe = User.objects.get(username='******')
create_api_key(User, instance=john_doe, created=True)
# Calling with a whitelisted method_name without credentials should work
self.assertEqual(auth.is_authenticated(request, method_name='a_method'), True)
# Calling any other method should require the Api Key
self.assertEqual(isinstance(auth.is_authenticated(request, method_name='another_method'), HttpUnauthorized), True)
# Correct user/api_key
john_doe = User.objects.get(username='******')
request.GET['username'] = '******'
request.GET['api_key'] = john_doe.api_key.key
self.assertEqual(auth.is_authenticated(request, method_name="another_method"), True)
self.assertEqual(auth.get_identifier(request), 'johndoe')
self.assertEqual(auth.is_authenticated(request, method_name="a_method"), True)
self.assertEqual(auth.get_identifier(request), 'johndoe')
class Authentication(ApiKeyAuthentication):
def __init__(self):
self.api_key_auth = ApiKeyAuthentication()
self.basic_auth = BasicAuthentication(backend=ApiKeyBackend())
def is_authenticated(self, request, **kwargs):
if request.user.is_authenticated():
return True
ret = self.basic_auth.is_authenticated(request, **kwargs)
if isinstance(ret, HttpUnauthorized):
ret2 = self.api_key_auth.is_authenticated(request, **kwargs)
if not isinstance(ret2, HttpUnauthorized):
return ret2
return ret
def get_identifier(self, request):
if request.user.is_authenticated():
return request.user.username
ret = self.basic_auth.get_identifier(request)
if isinstance(ret, HttpUnauthorized):
ret2 = self.api_key_auth.get_identifier(request)
if not isinstance(ret2, HttpUnauthorized):
return ret2
return ret
