2023-02-10 20:43:26 -05:00
|
|
|
from django.contrib.auth import (
|
|
|
|
aauthenticate,
|
|
|
|
aget_user,
|
|
|
|
alogin,
|
|
|
|
alogout,
|
|
|
|
aupdate_session_auth_hash,
|
|
|
|
)
|
|
|
|
from django.contrib.auth.models import AnonymousUser, User
|
|
|
|
from django.http import HttpRequest
|
|
|
|
from django.test import TestCase, override_settings
|
2024-11-28 14:42:59 +01:00
|
|
|
from django.utils.deprecation import RemovedInDjango61Warning
|
2023-02-10 20:43:26 -05:00
|
|
|
|
|
|
|
|
|
|
|
class AsyncAuthTest(TestCase):
|
|
|
|
@classmethod
|
|
|
|
def setUpTestData(cls):
|
|
|
|
cls.test_user = User.objects.create_user(
|
|
|
|
"testuser", "test@example.com", "testpw"
|
|
|
|
)
|
|
|
|
|
|
|
|
async def test_aauthenticate(self):
|
|
|
|
user = await aauthenticate(username="testuser", password="testpw")
|
|
|
|
self.assertIsInstance(user, User)
|
|
|
|
self.assertEqual(user.username, self.test_user.username)
|
|
|
|
user.is_active = False
|
|
|
|
await user.asave()
|
|
|
|
self.assertIsNone(await aauthenticate(username="testuser", password="testpw"))
|
|
|
|
|
|
|
|
async def test_alogin(self):
|
|
|
|
request = HttpRequest()
|
|
|
|
request.session = await self.client.asession()
|
|
|
|
await alogin(request, self.test_user)
|
|
|
|
user = await aget_user(request)
|
|
|
|
self.assertIsInstance(user, User)
|
|
|
|
self.assertEqual(user.username, self.test_user.username)
|
|
|
|
|
2024-03-31 12:29:10 -07:00
|
|
|
async def test_changed_password_invalidates_aget_user(self):
|
|
|
|
request = HttpRequest()
|
|
|
|
request.session = await self.client.asession()
|
|
|
|
await alogin(request, self.test_user)
|
|
|
|
|
|
|
|
self.test_user.set_password("new_password")
|
|
|
|
await self.test_user.asave()
|
|
|
|
|
|
|
|
user = await aget_user(request)
|
|
|
|
|
|
|
|
self.assertIsNotNone(user)
|
|
|
|
self.assertTrue(user.is_anonymous)
|
|
|
|
# Session should be flushed.
|
|
|
|
self.assertIsNone(request.session.session_key)
|
|
|
|
|
|
|
|
async def test_alogin_new_user(self):
|
|
|
|
request = HttpRequest()
|
|
|
|
request.session = await self.client.asession()
|
|
|
|
await alogin(request, self.test_user)
|
|
|
|
second_user = await User.objects.acreate_user(
|
|
|
|
"testuser2", "test2@example.com", "testpw2"
|
|
|
|
)
|
|
|
|
await alogin(request, second_user)
|
|
|
|
user = await aget_user(request)
|
|
|
|
self.assertIsInstance(user, User)
|
|
|
|
self.assertEqual(user.username, second_user.username)
|
|
|
|
|
2024-11-28 14:42:59 +01:00
|
|
|
# RemovedInDjango61Warning: When the deprecation ends, replace with:
|
|
|
|
# async def test_alogin_without_user(self):
|
|
|
|
async def test_alogin_without_user_no_request_user(self):
|
|
|
|
request = HttpRequest()
|
|
|
|
request.session = await self.client.asession()
|
|
|
|
# RemovedInDjango61Warning: When the deprecation ends, replace with:
|
|
|
|
# with self.assertRaisesMessage(
|
|
|
|
# AttributeError,
|
|
|
|
# "'NoneType' object has no attribute 'get_session_auth_hash'",
|
|
|
|
# ):
|
|
|
|
# await alogin(request, None)
|
|
|
|
with (
|
|
|
|
self.assertRaisesMessage(
|
|
|
|
AttributeError,
|
|
|
|
"'HttpRequest' object has no attribute 'auser'",
|
|
|
|
),
|
|
|
|
self.assertWarnsMessage(
|
|
|
|
RemovedInDjango61Warning,
|
|
|
|
"Fallback to request.user when user is None will be removed.",
|
|
|
|
),
|
|
|
|
):
|
|
|
|
await alogin(request, None)
|
|
|
|
|
|
|
|
# RemovedInDjango61Warning: When the deprecation ends, remove completely.
|
|
|
|
async def test_alogin_without_user_anonymous_request(self):
|
|
|
|
async def auser():
|
|
|
|
return AnonymousUser()
|
|
|
|
|
|
|
|
request = HttpRequest()
|
|
|
|
request.user = AnonymousUser()
|
|
|
|
request.auser = auser
|
|
|
|
request.session = await self.client.asession()
|
|
|
|
with (
|
|
|
|
self.assertRaisesMessage(
|
|
|
|
AttributeError,
|
|
|
|
"'AnonymousUser' object has no attribute '_meta'",
|
|
|
|
),
|
|
|
|
self.assertWarnsMessage(
|
|
|
|
RemovedInDjango61Warning,
|
|
|
|
"Fallback to request.user when user is None will be removed.",
|
|
|
|
),
|
|
|
|
):
|
|
|
|
await alogin(request, None)
|
|
|
|
|
|
|
|
# RemovedInDjango61Warning: When the deprecation ends, remove completely.
|
|
|
|
async def test_alogin_without_user_authenticated_request(self):
|
2024-03-31 12:29:10 -07:00
|
|
|
async def auser():
|
|
|
|
return self.test_user
|
|
|
|
|
2023-02-10 20:43:26 -05:00
|
|
|
request = HttpRequest()
|
|
|
|
request.user = self.test_user
|
2024-03-31 12:29:10 -07:00
|
|
|
request.auser = auser
|
2023-02-10 20:43:26 -05:00
|
|
|
request.session = await self.client.asession()
|
2024-11-28 14:42:59 +01:00
|
|
|
with self.assertWarnsMessage(
|
|
|
|
RemovedInDjango61Warning,
|
|
|
|
"Fallback to request.user when user is None will be removed.",
|
|
|
|
):
|
|
|
|
await alogin(request, None)
|
2023-02-10 20:43:26 -05:00
|
|
|
user = await aget_user(request)
|
|
|
|
self.assertIsInstance(user, User)
|
|
|
|
self.assertEqual(user.username, self.test_user.username)
|
|
|
|
|
|
|
|
async def test_alogout(self):
|
|
|
|
await self.client.alogin(username="testuser", password="testpw")
|
|
|
|
request = HttpRequest()
|
|
|
|
request.session = await self.client.asession()
|
|
|
|
await alogout(request)
|
|
|
|
user = await aget_user(request)
|
|
|
|
self.assertIsInstance(user, AnonymousUser)
|
|
|
|
|
|
|
|
async def test_client_alogout(self):
|
|
|
|
await self.client.alogin(username="testuser", password="testpw")
|
|
|
|
request = HttpRequest()
|
|
|
|
request.session = await self.client.asession()
|
|
|
|
await self.client.alogout()
|
|
|
|
user = await aget_user(request)
|
|
|
|
self.assertIsInstance(user, AnonymousUser)
|
|
|
|
|
|
|
|
async def test_change_password(self):
|
|
|
|
await self.client.alogin(username="testuser", password="testpw")
|
|
|
|
request = HttpRequest()
|
|
|
|
request.session = await self.client.asession()
|
|
|
|
request.user = self.test_user
|
|
|
|
await aupdate_session_auth_hash(request, self.test_user)
|
|
|
|
user = await aget_user(request)
|
|
|
|
self.assertIsInstance(user, User)
|
|
|
|
|
|
|
|
async def test_invalid_login(self):
|
|
|
|
self.assertEqual(
|
|
|
|
await self.client.alogin(username="testuser", password=""), False
|
|
|
|
)
|
|
|
|
|
|
|
|
async def test_client_aforce_login(self):
|
|
|
|
await self.client.aforce_login(self.test_user)
|
|
|
|
request = HttpRequest()
|
|
|
|
request.session = await self.client.asession()
|
|
|
|
user = await aget_user(request)
|
|
|
|
self.assertEqual(user.username, self.test_user.username)
|
|
|
|
|
|
|
|
@override_settings(
|
|
|
|
AUTHENTICATION_BACKENDS=[
|
|
|
|
"django.contrib.auth.backends.ModelBackend",
|
|
|
|
"django.contrib.auth.backends.AllowAllUsersModelBackend",
|
|
|
|
]
|
|
|
|
)
|
|
|
|
async def test_client_aforce_login_backend(self):
|
|
|
|
self.test_user.is_active = False
|
|
|
|
await self.test_user.asave()
|
|
|
|
await self.client.aforce_login(
|
|
|
|
self.test_user,
|
|
|
|
backend="django.contrib.auth.backends.AllowAllUsersModelBackend",
|
|
|
|
)
|
|
|
|
request = HttpRequest()
|
|
|
|
request.session = await self.client.asession()
|
|
|
|
user = await aget_user(request)
|
|
|
|
self.assertEqual(user.username, self.test_user.username)
|