From 0768339e57e32d13a2e2359aa395d464b7de0534 Mon Sep 17 00:00:00 2001 From: Will Beaufoy Date: Sun, 17 Oct 2021 15:33:34 +0100 Subject: [PATCH 1/4] Fix testing with token --- rest_framework/test.py | 2 +- tests/test_testing.py | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/rest_framework/test.py b/rest_framework/test.py index 07df743c8e..04409f9621 100644 --- a/rest_framework/test.py +++ b/rest_framework/test.py @@ -277,7 +277,7 @@ def force_authenticate(self, user=None, token=None): """ self.handler._force_user = user self.handler._force_token = token - if user is None: + if user is None and token is None: self.logout() # Also clear any possible session info if required def request(self, **kwargs): diff --git a/tests/test_testing.py b/tests/test_testing.py index b6579e3690..9ea34c4c51 100644 --- a/tests/test_testing.py +++ b/tests/test_testing.py @@ -102,8 +102,9 @@ def test_force_authenticate_with_sessions(self): response = self.client.get('/session-view/') assert response.data['active_session'] is True - # Force authenticating as `None` should also logout the user session. - self.client.force_authenticate(None) + # Force authenticating with `None` user and token should also logout + # the user session. + self.client.force_authenticate(user=None, token=None) response = self.client.get('/session-view/') assert response.data['active_session'] is False From 34c7c9a7710104d7ec68ce50b0dbae281d440664 Mon Sep 17 00:00:00 2001 From: Will Beaufoy Date: Mon, 18 Oct 2021 23:58:50 +0100 Subject: [PATCH 2/4] Add unit test --- tests/test_testing.py | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/tests/test_testing.py b/tests/test_testing.py index 9ea34c4c51..3cce39b417 100644 --- a/tests/test_testing.py +++ b/tests/test_testing.py @@ -10,6 +10,7 @@ from django.urls import path from rest_framework import fields, serializers +from rest_framework.authtoken.models import Token from rest_framework.decorators import api_view from rest_framework.response import Response from rest_framework.test import ( @@ -19,10 +20,12 @@ @api_view(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS']) def view(request): - return Response({ - 'auth': request.META.get('HTTP_AUTHORIZATION', b''), - 'user': request.user.username - }) + data = {'auth': request.META.get('HTTP_AUTHORIZATION', b'')} + if request.user: + data['user'] = request.user.username + if request.auth: + data['token'] = request.auth.key + return Response(data) @api_view(['GET', 'POST']) @@ -82,10 +85,25 @@ def test_force_authenticate(self): """ Setting `.force_authenticate()` forcibly authenticates each request. """ + # User only user = User.objects.create_user('example', 'example@example.com') - self.client.force_authenticate(user) + self.client.force_authenticate(user=user) + response = self.client.get('/view/') + assert response.data['user'] == 'example' + assert 'token' not in response.data + + # Token only + token = Token.objects.create(key='xyz', user=user) + self.client.force_authenticate(token=token) + response = self.client.get('/view/') + assert response.data['token'] == 'xyz' + assert 'user' not in response.data + + # User and token + self.client.force_authenticate(user=user, token=token) response = self.client.get('/view/') assert response.data['user'] == 'example' + assert response.data['token'] == 'xyz' def test_force_authenticate_with_sessions(self): """ From f43cd3034927b6d62568b55ec558995473751354 Mon Sep 17 00:00:00 2001 From: Will Beaufoy Date: Sun, 3 Jul 2022 12:46:10 +0100 Subject: [PATCH 3/4] Split unit test into 3 --- tests/test_testing.py | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/tests/test_testing.py b/tests/test_testing.py index 3cce39b417..eaed0e9d75 100644 --- a/tests/test_testing.py +++ b/tests/test_testing.py @@ -81,27 +81,44 @@ def test_credentials(self): response = self.client.get('/view/') assert response.data['auth'] == 'example' - def test_force_authenticate(self): + def test_force_authenticate_with_user(self): """ - Setting `.force_authenticate()` forcibly authenticates each request. + Setting `.force_authenticate()` with a user forcibly authenticates each + request with that user. """ - # User only user = User.objects.create_user('example', 'example@example.com') + self.client.force_authenticate(user=user) response = self.client.get('/view/') + assert response.data['user'] == 'example' assert 'token' not in response.data - # Token only + def test_force_authenticate_with_token(self): + """ + Setting `.force_authenticate()` with a token forcibly authenticates each + request with that token. + """ + user = User.objects.create_user('example', 'example@example.com') token = Token.objects.create(key='xyz', user=user) + self.client.force_authenticate(token=token) response = self.client.get('/view/') + assert response.data['token'] == 'xyz' assert 'user' not in response.data - # User and token + def test_force_authenticate_with_user_and_token(self): + """ + Setting `.force_authenticate()` with a user and token forcibly + authenticates each request with that user and token. + """ + user = User.objects.create_user('example', 'example@example.com') + token = Token.objects.create(key='xyz', user=user) + self.client.force_authenticate(user=user, token=token) response = self.client.get('/view/') + assert response.data['user'] == 'example' assert response.data['token'] == 'xyz' From 6149e9d949194cfb6dc378310122d0bc06687b28 Mon Sep 17 00:00:00 2001 From: Will Beaufoy Date: Wed, 14 Sep 2022 15:55:58 +0100 Subject: [PATCH 4/4] Fix linting error --- tests/test_testing.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_testing.py b/tests/test_testing.py index eaed0e9d75..196319a29e 100644 --- a/tests/test_testing.py +++ b/tests/test_testing.py @@ -115,7 +115,7 @@ def test_force_authenticate_with_user_and_token(self): """ user = User.objects.create_user('example', 'example@example.com') token = Token.objects.create(key='xyz', user=user) - + self.client.force_authenticate(user=user, token=token) response = self.client.get('/view/')