diff options
| author | Mjumbe Wawatu Poe | 2012-09-07 12:53:39 -0400 |
|---|---|---|
| committer | Mjumbe Wawatu Poe | 2012-09-07 12:53:39 -0400 |
| commit | f3e65eab6b60a23eeed2178db4f6034ce2c6ac3d (patch) | |
| tree | 0f9216b2c42a17f943f9e69eb6d6b3e66f110838 /djangorestframework/tests | |
| parent | 72bdd0fcec7faa32d7f24e0698736f9433b56f3f (diff) | |
| download | django-rest-framework-f3e65eab6b60a23eeed2178db4f6034ce2c6ac3d.tar.bz2 | |
Add a TokenAuthentication class in a sub-application
Diffstat (limited to 'djangorestframework/tests')
| -rw-r--r-- | djangorestframework/tests/authentication.py | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/djangorestframework/tests/authentication.py b/djangorestframework/tests/authentication.py index 79194718..2806da36 100644 --- a/djangorestframework/tests/authentication.py +++ b/djangorestframework/tests/authentication.py @@ -8,6 +8,9 @@ from django.http import HttpResponse from djangorestframework.views import APIView from djangorestframework import permissions +from djangorestframework.tokenauth.models import Token +from djangorestframework.tokenauth.authentication import TokenAuthentication + import base64 @@ -20,6 +23,8 @@ class MockView(APIView): def put(self, request): return HttpResponse({'a': 1, 'b': 2, 'c': 3}) +MockView.authentication += (TokenAuthentication,) + urlpatterns = patterns('', (r'^$', MockView.as_view()), ) @@ -104,3 +109,40 @@ class SessionAuthTests(TestCase): """ response = self.csrf_client.post('/', {'example': 'example'}) self.assertEqual(response.status_code, 403) + + +class TokenAuthTests(TestCase): + """Token authentication""" + urls = 'djangorestframework.tests.authentication' + + def setUp(self): + self.csrf_client = Client(enforce_csrf_checks=True) + self.username = 'john' + self.email = 'lennon@thebeatles.com' + self.password = 'password' + self.user = User.objects.create_user(self.username, self.email, self.password) + + self.key = 'abcd1234' + self.token = Token.objects.create(key=self.key, user=self.user) + + def test_post_form_passing_token_auth(self): + """Ensure POSTing json over token auth with correct credentials passes and does not require CSRF""" + auth = self.key + response = self.csrf_client.post('/', {'example': 'example'}, HTTP_AUTHORIZATION=auth) + self.assertEqual(response.status_code, 200) + + def test_post_json_passing_token_auth(self): + """Ensure POSTing form over token auth with correct credentials passes and does not require CSRF""" + auth = self.key + response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json', HTTP_AUTHORIZATION=auth) + self.assertEqual(response.status_code, 200) + + def test_post_form_failing_token_auth(self): + """Ensure POSTing form over token auth without correct credentials fails""" + response = self.csrf_client.post('/', {'example': 'example'}) + self.assertEqual(response.status_code, 403) + + def test_post_json_failing_token_auth(self): + """Ensure POSTing json over token auth without correct credentials fails""" + response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json') + self.assertEqual(response.status_code, 403) |