|
13 | 13 | from django.apps import apps |
14 | 14 | from django.conf import settings |
15 | 15 | from django.test import Client |
| 16 | +from django.test.utils import override_settings |
16 | 17 | from django.urls import reverse as urlreverse |
17 | 18 | from django.utils import timezone |
18 | 19 |
|
@@ -530,6 +531,101 @@ def test_api_appauth(self): |
530 | 531 | jsondata = r.json() |
531 | 532 | self.assertEqual(jsondata['success'], True) |
532 | 533 |
|
| 534 | +class DirectAuthApiTests(TestCase): |
| 535 | + |
| 536 | + def setUp(self): |
| 537 | + super().setUp() |
| 538 | + self.valid_token = "nSZJDerbau6WZwbEAYuQ" |
| 539 | + self.invalid_token = self.valid_token |
| 540 | + while self.invalid_token == self.valid_token: |
| 541 | + self.invalid_token = User.objects.make_random_password(20) |
| 542 | + self.url = urlreverse("ietf.api.views.directauth") |
| 543 | + self.valid_person = PersonFactory() |
| 544 | + self.valid_password = self.valid_person.user.username+"+password" |
| 545 | + self.invalid_password = self.valid_password |
| 546 | + while self.invalid_password == self.valid_password: |
| 547 | + self.invalid_password = User.objects.make_random_password(20) |
| 548 | + |
| 549 | + self.valid_body_with_good_password = self.post_dict(authtoken=self.valid_token, username=self.valid_person.user.username, password=self.valid_password) |
| 550 | + self.valid_body_with_bad_password = self.post_dict(authtoken=self.valid_token, username=self.valid_person.user.username, password=self.invalid_password) |
| 551 | + self.valid_body_with_unknown_user = self.post_dict(authtoken=self.valid_token, username="notauser@nowhere.nada", password=self.valid_password) |
| 552 | + |
| 553 | + def post_dict(self, authtoken, username, password): |
| 554 | + data = dict() |
| 555 | + if authtoken is not None: |
| 556 | + data["authtoken"] = authtoken |
| 557 | + if username is not None: |
| 558 | + data["username"] = username |
| 559 | + if password is not None: |
| 560 | + data["password"] = password |
| 561 | + return dict(data = json.dumps(data)) |
| 562 | + |
| 563 | + def response_data(self, response): |
| 564 | + try: |
| 565 | + data = json.loads(response.content) |
| 566 | + except json.decoder.JSONDecodeError: |
| 567 | + data = None |
| 568 | + self.assertIsNotNone(data) |
| 569 | + return data |
| 570 | + |
| 571 | + def test_bad_methods(self): |
| 572 | + for method in (self.client.get, self.client.put, self.client.head, self.client.delete, self.client.patch): |
| 573 | + r = method(self.url) |
| 574 | + self.assertEqual(r.status_code, 405) |
| 575 | + |
| 576 | + def test_bad_post(self): |
| 577 | + for bad in [ |
| 578 | + self.post_dict(authtoken=None, username=self.valid_person.user.username, password=self.valid_password), |
| 579 | + self.post_dict(authtoken=self.valid_token, username=None, password=self.valid_password), |
| 580 | + self.post_dict(authtoken=self.valid_token, username=self.valid_person.user.username, password=None), |
| 581 | + self.post_dict(authtoken=None, username=None, password=self.valid_password), |
| 582 | + self.post_dict(authtoken=self.valid_token, username=None, password=None), |
| 583 | + self.post_dict(authtoken=None, username=self.valid_person.user.username, password=None), |
| 584 | + self.post_dict(authtoken=None, username=None, password=None), |
| 585 | + ]: |
| 586 | + r = self.client.post(self.url, bad) |
| 587 | + self.assertEqual(r.status_code, 200) |
| 588 | + data = self.response_data(r) |
| 589 | + self.assertEqual(data["result"], "failure") |
| 590 | + self.assertEqual(data["reason"], "invalid post") |
| 591 | + |
| 592 | + bad = dict(authtoken=self.valid_token, username=self.valid_person.user.username, password=self.valid_password) |
| 593 | + r = self.client.post(self.url, bad) |
| 594 | + self.assertEqual(r.status_code, 200) |
| 595 | + data = self.response_data(r) |
| 596 | + self.assertEqual(data["result"], "failure") |
| 597 | + self.assertEqual(data["reason"], "invalid post") |
| 598 | + |
| 599 | + def test_notokenstore(self): |
| 600 | + self.assertFalse(hasattr(settings, "APP_API_TOKENS")) |
| 601 | + r = self.client.post(self.url,self.valid_body_with_good_password) |
| 602 | + self.assertEqual(r.status_code, 200) |
| 603 | + data = self.response_data(r) |
| 604 | + self.assertEqual(data["result"], "failure") |
| 605 | + self.assertEqual(data["reason"], "invalid authtoken") |
| 606 | + |
| 607 | + @override_settings(APP_API_TOKENS={"ietf.api.views.directauth":"nSZJDerbau6WZwbEAYuQ"}) |
| 608 | + def test_bad_username(self): |
| 609 | + r = self.client.post(self.url, self.valid_body_with_unknown_user) |
| 610 | + self.assertEqual(r.status_code, 200) |
| 611 | + data = self.response_data(r) |
| 612 | + self.assertEqual(data["result"], "failure") |
| 613 | + self.assertEqual(data["reason"], "authentication failed") |
| 614 | + |
| 615 | + @override_settings(APP_API_TOKENS={"ietf.api.views.directauth":"nSZJDerbau6WZwbEAYuQ"}) |
| 616 | + def test_bad_password(self): |
| 617 | + r = self.client.post(self.url, self.valid_body_with_bad_password) |
| 618 | + self.assertEqual(r.status_code, 200) |
| 619 | + data = self.response_data(r) |
| 620 | + self.assertEqual(data["result"], "failure") |
| 621 | + self.assertEqual(data["reason"], "authentication failed") |
| 622 | + |
| 623 | + @override_settings(APP_API_TOKENS={"ietf.api.views.directauth":"nSZJDerbau6WZwbEAYuQ"}) |
| 624 | + def test_good_password(self): |
| 625 | + r = self.client.post(self.url, self.valid_body_with_good_password) |
| 626 | + self.assertEqual(r.status_code, 200) |
| 627 | + data = self.response_data(r) |
| 628 | + self.assertEqual(data["result"], "success") |
533 | 629 |
|
534 | 630 | class TastypieApiTestCase(ResourceTestCaseMixin, TestCase): |
535 | 631 | def __init__(self, *args, **kwargs): |
|
0 commit comments