2 files changed, 52 insertions, 17 deletions

diff --git a/djangorestframework/tests/authentication.py b/djangorestframework/tests/authentication.py
index 79194718..fcc8f7ba 100644
--- a/djangorestframework/tests/authentication.py
+++ b/djangorestframework/tests/authentication.py
@@ -8,6 +8,9 @@ from django.http import HttpResponse
 from djangorestframework.views import APIView
 from djangorestframework import permissions
 
+from djangorestframework.tokenauth.models import BasicToken
+from djangorestframework.authentication import TokenAuthentication
+
 import base64
 
 
@@ -20,6 +23,8 @@ class MockView(APIView):
     def put(self, request):
         return HttpResponse({'a': 1, 'b': 2, 'c': 3})
 
+MockView.authentication += (TokenAuthentication,)
+
 urlpatterns = patterns('',
     (r'^$', MockView.as_view()),
 )
@@ -104,3 +109,45 @@ class SessionAuthTests(TestCase):
         """
         response = self.csrf_client.post('/', {'example': 'example'})
         self.assertEqual(response.status_code, 403)
+
+
+class TokenAuthTests(TestCase):
+    """Token authentication"""
+    urls = 'djangorestframework.tests.authentication'
+
+    def setUp(self):
+        self.csrf_client = Client(enforce_csrf_checks=True)
+        self.username = 'john'
+        self.email = 'lennon@thebeatles.com'
+        self.password = 'password'
+        self.user = User.objects.create_user(self.username, self.email, self.password)
+
+        self.key = 'abcd1234'
+        self.token = BasicToken.objects.create(key=self.key, user=self.user)
+
+    def test_post_form_passing_token_auth(self):
+        """Ensure POSTing json over token auth with correct credentials passes and does not require CSRF"""
+        auth = self.key
+        response = self.csrf_client.post('/', {'example': 'example'}, HTTP_AUTHORIZATION=auth)
+        self.assertEqual(response.status_code, 200)
+
+    def test_post_json_passing_token_auth(self):
+        """Ensure POSTing form over token auth with correct credentials passes and does not require CSRF"""
+        auth = self.key
+        response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json', HTTP_AUTHORIZATION=auth)
+        self.assertEqual(response.status_code, 200)
+
+    def test_post_form_failing_token_auth(self):
+        """Ensure POSTing form over token auth without correct credentials fails"""
+        response = self.csrf_client.post('/', {'example': 'example'})
+        self.assertEqual(response.status_code, 403)
+
+    def test_post_json_failing_token_auth(self):
+        """Ensure POSTing json over token auth without correct credentials fails"""
+        response = self.csrf_client.post('/', json.dumps({'example': 'example'}), 'application/json')
+        self.assertEqual(response.status_code, 403)
+
+    def test_token_has_auto_assigned_key_if_none_provided(self):
+        """Ensure creating a token with no key will auto-assign a key"""
+        token = BasicToken.objects.create(user=self.user)
+        self.assertEqual(len(token.key), 32)
diff --git a/djangorestframework/tests/renderers.py b/djangorestframework/tests/renderers.py
index 0a1cd9c7..692243e6 100644
--- a/djangorestframework/tests/renderers.py
+++ b/djangorestframework/tests/renderers.py
@@ -55,27 +55,27 @@ class MockView(APIView):
 
     def get(self, request, **kwargs):
         response = Response(DUMMYCONTENT, status=DUMMYSTATUS)
-        return self.render(response)
+        return response
 
 
 class MockGETView(APIView):
 
     def get(self, request, **kwargs):
-        return {'foo': ['bar', 'baz']}
+        return Response({'foo': ['bar', 'baz']})
 
 
 class HTMLView(APIView):
     renderers = (DocumentingHTMLRenderer, )
 
     def get(self, request, **kwargs):
-        return 'text'
+        return Response('text')
 
 
 class HTMLView1(APIView):
     renderers = (DocumentingHTMLRenderer, JSONRenderer)
 
     def get(self, request, **kwargs):
-        return 'text'
+        return Response('text')
 
 urlpatterns = patterns('',
     url(r'^.*\.(?P<format>.+)$', MockView.as_view(renderers=[RendererA, RendererB])),
@@ -88,7 +88,7 @@ urlpatterns = patterns('',
 )
 
 
-class RendererIntegrationTests(TestCase):
+class RendererEndToEndTests(TestCase):
     """
     End-to-end testing of renderers using an RendererMixin on a generic view.
     """
@@ -216,18 +216,6 @@ class JSONRendererTests(TestCase):
         self.assertEquals(strip_trailing_whitespace(content), _indented_repr)
 
 
-class MockGETView(APIView):
-
-    def get(self, request, *args, **kwargs):
-        return Response({'foo': ['bar', 'baz']})
-
-
-urlpatterns = patterns('',
-    url(r'^jsonp/jsonrenderer$', MockGETView.as_view(renderers=[JSONRenderer, JSONPRenderer])),
-    url(r'^jsonp/nojsonrenderer$', MockGETView.as_view(renderers=[JSONPRenderer])),
-)
-
-
 class JSONPRendererTests(TestCase):
     """
     Tests specific to the JSONP Renderer