Merge branch 'restframework2' into rest-framework-2-merge2.0.0

Conflicts:
	.gitignore
	.travis.yml
	AUTHORS
	README.rst
	djangorestframework/mixins.py
	djangorestframework/renderers.py
	djangorestframework/resources.py
	djangorestframework/serializer.py
	djangorestframework/templates/djangorestframework/base.html
	djangorestframework/templates/djangorestframework/login.html
	djangorestframework/templatetags/add_query_param.py
	djangorestframework/tests/accept.py
	djangorestframework/tests/authentication.py
	djangorestframework/tests/content.py
	djangorestframework/tests/reverse.py
	djangorestframework/tests/serializer.py
	djangorestframework/views.py
	docs/examples.rst
	docs/examples/blogpost.rst
	docs/examples/modelviews.rst
	docs/examples/objectstore.rst
	docs/examples/permissions.rst
	docs/examples/pygments.rst
	docs/examples/views.rst
	docs/howto/alternativeframeworks.rst
	docs/howto/mixin.rst
	docs/howto/reverse.rst
	docs/howto/usingurllib2.rst
	docs/index.rst
	docs/topics/release-notes.md
	examples/sandbox/views.py
	rest_framework/__init__.py
	rest_framework/compat.py
	rest_framework/utils/breadcrumbs.py
	setup.py

1 files changed, 154 insertions, 0 deletions

diff --git a/rest_framework/tests/authentication.py b/rest_framework/tests/authentication.py
new file mode 100644
index 00000000..8ab4c4e4
--- /dev/null
+++ b/rest_framework/tests/authentication.py
@@ -0,0 +1,154 @@
+from django.conf.urls.defaults import patterns
+from django.contrib.auth.models import User
+from django.test import Client, TestCase
+
+from django.utils import simplejson as json
+from django.http import HttpResponse
+
+from rest_framework.views import APIView
+from rest_framework import permissions
+
+from rest_framework.authtoken.models import Token
+from rest_framework.authentication import TokenAuthentication
+
+import base64
+
+
+class MockView(APIView):
+    permission_classes = (permissions.IsAuthenticated,)
+
+    def post(self, request):
+        return HttpResponse({'a': 1, 'b': 2, 'c': 3})
+
+    def put(self, request):
+        return HttpResponse({'a': 1, 'b': 2, 'c': 3})
+
+MockView.authentication_classes += (TokenAuthentication,)
+
+urlpatterns = patterns('',
+    (r'^$', MockView.as_view()),
+)
+
+
+class BasicAuthTests(TestCase):
+    """Basic authentication"""
+    urls = 'rest_framework.tests.authentication'
+
+    def setUp(self):
+        self.csrf_client = Client(enforce_csrf_checks=True)
+        self.username = 'john'
+        self.email = 'lennon@thebeatles.com'
+        self.password = 'password'
+        self.user = User.objects.create_user(self.username, self.email, self.password)
+
+    def test_post_form_passing_basic_auth(self):
+        """Ensure POSTing json over basic auth with correct credentials passes and does not require CSRF"""
+        auth = 'Basic %s' % base64.encodestring('%s:%s' % (self.username, self.password)).strip()
+        response = self.csrf_client.post('/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
+        self.assertEqual(response.status_code, 200)
+
+    def test_post_json_passing_basic_auth(self):
+        """Ensure POSTing form over basic auth with correct credentials passes and does not require CSRF"""
+        auth = 'Basic %s' % base64.encodestring('%s:%s' % (self.username, self.password)).strip()
+        response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json', HTTP_AUTHORIZATION=auth)
+        self.assertEqual(response.status_code, 200)
+
+    def test_post_form_failing_basic_auth(self):
+        """Ensure POSTing form over basic auth without correct credentials fails"""
+        response = self.csrf_client.post('/', {'example': 'example'})
+        self.assertEqual(response.status_code, 403)
+
+    def test_post_json_failing_basic_auth(self):
+        """Ensure POSTing json over basic auth without correct credentials fails"""
+        response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json')
+        self.assertEqual(response.status_code, 403)
+
+
+class SessionAuthTests(TestCase):
+    """User session authentication"""
+    urls = 'rest_framework.tests.authentication'
+
+    def setUp(self):
+        self.csrf_client = Client(enforce_csrf_checks=True)
+        self.non_csrf_client = Client(enforce_csrf_checks=False)
+        self.username = 'john'
+        self.email = 'lennon@thebeatles.com'
+        self.password = 'password'
+        self.user = User.objects.create_user(self.username, self.email, self.password)
+
+    def tearDown(self):
+        self.csrf_client.logout()
+
+    def test_post_form_session_auth_failing_csrf(self):
+        """
+        Ensure POSTing form over session authentication without CSRF token fails.
+        """
+        self.csrf_client.login(username=self.username, password=self.password)
+        response = self.csrf_client.post('/', {'example': 'example'})
+        self.assertEqual(response.status_code, 403)
+
+    def test_post_form_session_auth_passing(self):
+        """
+        Ensure POSTing form over session authentication with logged in user and CSRF token passes.
+        """
+        self.non_csrf_client.login(username=self.username, password=self.password)
+        response = self.non_csrf_client.post('/', {'example': 'example'})
+        self.assertEqual(response.status_code, 200)
+
+    def test_put_form_session_auth_passing(self):
+        """
+        Ensure PUTting form over session authentication with logged in user and CSRF token passes.
+        """
+        self.non_csrf_client.login(username=self.username, password=self.password)
+        response = self.non_csrf_client.put('/', {'example': 'example'})
+        self.assertEqual(response.status_code, 200)
+
+    def test_post_form_session_auth_failing(self):
+        """
+        Ensure POSTing form over session authentication without logged in user fails.
+        """
+        response = self.csrf_client.post('/', {'example': 'example'})
+        self.assertEqual(response.status_code, 403)
+
+
+class TokenAuthTests(TestCase):
+    """Token authentication"""
+    urls = 'rest_framework.tests.authentication'
+
+    def setUp(self):
+        self.csrf_client = Client(enforce_csrf_checks=True)
+        self.username = 'john'
+        self.email = 'lennon@thebeatles.com'
+        self.password = 'password'
+        self.user = User.objects.create_user(self.username, self.email, self.password)
+
+        self.key = 'abcd1234'
+        self.token = Token.objects.create(key=self.key, user=self.user)
+
+    def test_post_form_passing_token_auth(self):
+        """Ensure POSTing json over token auth with correct credentials passes and does not require CSRF"""
+        auth = "Token " + self.key
+        response = self.csrf_client.post('/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
+        self.assertEqual(response.status_code, 200)
+
+    def test_post_json_passing_token_auth(self):
+        """Ensure POSTing form over token auth with correct credentials passes and does not require CSRF"""
+        auth = "Token " + self.key
+        response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json', HTTP_AUTHORIZATION=auth)
+        self.assertEqual(response.status_code, 200)
+
+    def test_post_form_failing_token_auth(self):
+        """Ensure POSTing form over token auth without correct credentials fails"""
+        response = self.csrf_client.post('/', {'example': 'example'})
+        self.assertEqual(response.status_code, 403)
+
+    def test_post_json_failing_token_auth(self):
+        """Ensure POSTing json over token auth without correct credentials fails"""
+        response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json')
+        self.assertEqual(response.status_code, 403)
+
+    def test_token_has_auto_assigned_key_if_none_provided(self):
+        """Ensure creating a token with no key will auto-assign a key"""
+        self.token.delete()
+        token = Token.objects.create(user=self.user)
+        self.assertTrue(bool(token.key))