diff options
| author | Pierre Dulac | 2013-03-01 11:50:11 +0100 |
|---|---|---|
| committer | Pierre Dulac | 2013-03-01 11:50:11 +0100 |
| commit | aed3c13471deae6b2837b3799b4ca6615a5d172c (patch) | |
| tree | 13f3f0a7cb36923dd9dcd84374af1a93f6b30a24 /rest_framework/tests/authentication.py | |
| parent | d8f455bc0ff920e9e0cd1952f58b5a0eccdc2683 (diff) | |
| parent | 282af6057f30b5af4665d687200ee1ebf82fcf00 (diff) | |
| download | django-rest-framework-aed3c13471deae6b2837b3799b4ca6615a5d172c.tar.bz2 | |
Merge branch 'master' into oauth2-authentication
Conflicts:
rest_framework/tests/authentication.py
Diffstat (limited to 'rest_framework/tests/authentication.py')
| -rw-r--r-- | rest_framework/tests/authentication.py | 39 |
1 files changed, 36 insertions, 3 deletions
diff --git a/rest_framework/tests/authentication.py b/rest_framework/tests/authentication.py index 3ceab808..c2c23bcc 100644 --- a/rest_framework/tests/authentication.py +++ b/rest_framework/tests/authentication.py @@ -4,13 +4,21 @@ from django.contrib.auth.models import User from django.http import HttpResponse from django.test import Client, TestCase from rest_framework import HTTP_HEADER_ENCODING +from rest_framework import exceptions from rest_framework import permissions from rest_framework import status from rest_framework.authtoken.models import Token -from rest_framework.authentication import TokenAuthentication, BasicAuthentication, SessionAuthentication, OAuth2Authentication +from rest_framework.authentication import ( + BaseAuthentication, + TokenAuthentication, + BasicAuthentication, + SessionAuthentication, + OAuth2Authentication +) from rest_framework.compat import patterns, url, include from rest_framework.compat import oauth2 from rest_framework.compat import oauth2_provider +from rest_framework.tests.utils import RequestFactory from rest_framework.views import APIView import json import base64 @@ -18,17 +26,21 @@ import datetime import unittest +factory = RequestFactory() + + class MockView(APIView): permission_classes = (permissions.IsAuthenticated,) + def get(self, request): + return HttpResponse({'a': 1, 'b': 2, 'c': 3}) + def post(self, request): return HttpResponse({'a': 1, 'b': 2, 'c': 3}) def put(self, request): return HttpResponse({'a': 1, 'b': 2, 'c': 3}) - def get(self, request): - return HttpResponse({'a': 1, 'b': 2, 'c': 3}) urlpatterns = patterns('', (r'^session/$', MockView.as_view(authentication_classes=[SessionAuthentication])), @@ -199,6 +211,27 @@ class TokenAuthTests(TestCase): self.assertEqual(json.loads(response.content.decode('ascii'))['token'], self.key) +class IncorrectCredentialsTests(TestCase): + def test_incorrect_credentials(self): + """ + If a request contains bad authentication credentials, then + authentication should run and error, even if no permissions + are set on the view. + """ + class IncorrectCredentialsAuth(BaseAuthentication): + def authenticate(self, request): + raise exceptions.AuthenticationFailed('Bad credentials') + + request = factory.get('/') + view = MockView.as_view( + authentication_classes=(IncorrectCredentialsAuth,), + permission_classes=() + ) + response = view(request) + self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN) + self.assertEqual(response.data, {'detail': 'Bad credentials'}) + + class OAuth2Tests(TestCase): """OAuth 2.0 authentication""" urls = 'rest_framework.tests.authentication' |