diff options
| author | Alec Perkins | 2012-09-09 13:23:07 -0400 |
|---|---|---|
| committer | Alec Perkins | 2012-09-09 13:23:07 -0400 |
| commit | 45001033378a49986d4cd7f5bdf4673b083cdbd0 (patch) | |
| tree | e5eb2cd49d122ba56d63058413cb3d4d138dae7a /djangorestframework/tests/authentication.py | |
| parent | 0ae5500f34a81005ba0161dacb280a94f768a885 (diff) | |
| parent | d4f8b4cf0683923fe85652f8fd572d2931eb3074 (diff) | |
| download | django-rest-framework-45001033378a49986d4cd7f5bdf4673b083cdbd0.tar.bz2 | |
Merge 'tomchristie/restframework2' into 'browsable-bootstrap'
Diffstat (limited to 'djangorestframework/tests/authentication.py')
| -rw-r--r-- | djangorestframework/tests/authentication.py | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/djangorestframework/tests/authentication.py b/djangorestframework/tests/authentication.py index 79194718..fcc8f7ba 100644 --- a/djangorestframework/tests/authentication.py +++ b/djangorestframework/tests/authentication.py @@ -8,6 +8,9 @@ from django.http import HttpResponse from djangorestframework.views import APIView from djangorestframework import permissions +from djangorestframework.tokenauth.models import BasicToken +from djangorestframework.authentication import TokenAuthentication + import base64 @@ -20,6 +23,8 @@ class MockView(APIView): def put(self, request): return HttpResponse({'a': 1, 'b': 2, 'c': 3}) +MockView.authentication += (TokenAuthentication,) + urlpatterns = patterns('', (r'^$', MockView.as_view()), ) @@ -104,3 +109,45 @@ class SessionAuthTests(TestCase): """ response = self.csrf_client.post('/', {'example': 'example'}) self.assertEqual(response.status_code, 403) + + +class TokenAuthTests(TestCase): + """Token authentication""" + urls = 'djangorestframework.tests.authentication' + + def setUp(self): + self.csrf_client = Client(enforce_csrf_checks=True) + self.username = 'john' + self.email = 'lennon@thebeatles.com' + self.password = 'password' + self.user = User.objects.create_user(self.username, self.email, self.password) + + self.key = 'abcd1234' + self.token = BasicToken.objects.create(key=self.key, user=self.user) + + def test_post_form_passing_token_auth(self): + """Ensure POSTing json over token auth with correct credentials passes and does not require CSRF""" + auth = self.key + response = self.csrf_client.post('/', {'example': 'example'}, HTTP_AUTHORIZATION=auth) + self.assertEqual(response.status_code, 200) + + def test_post_json_passing_token_auth(self): + """Ensure POSTing form over token auth with correct credentials passes and does not require CSRF""" + auth = self.key + response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json', HTTP_AUTHORIZATION=auth) + self.assertEqual(response.status_code, 200) + + def test_post_form_failing_token_auth(self): + """Ensure POSTing form over token auth without correct credentials fails""" + response = self.csrf_client.post('/', {'example': 'example'}) + self.assertEqual(response.status_code, 403) + + def test_post_json_failing_token_auth(self): + """Ensure POSTing json over token auth without correct credentials fails""" + response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json') + self.assertEqual(response.status_code, 403) + + def test_token_has_auto_assigned_key_if_none_provided(self): + """Ensure creating a token with no key will auto-assign a key""" + token = BasicToken.objects.create(user=self.user) + self.assertEqual(len(token.key), 32) |