mirror of
https://github.com/django/django.git
synced 2024-12-23 01:25:58 +00:00
Fixed #21250 -- Made HTTP auth user header configurable in tests
Currently, if the authentication mechanism uses a custom HTTP header and not REMOTE_USER, it is not easy to test. This commit modifies remote user tests in order to make them more generic.
This commit is contained in:
parent
75ec1fdf16
commit
8f994f1bcc
@ -3,6 +3,7 @@ from datetime import datetime
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import authenticate
|
||||
from django.contrib.auth.backends import RemoteUserBackend
|
||||
from django.contrib.auth.middleware import RemoteUserMiddleware
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib.auth.tests.utils import skipIfCustomUser
|
||||
from django.test import TestCase
|
||||
@ -15,6 +16,7 @@ class RemoteUserTest(TestCase):
|
||||
urls = 'django.contrib.auth.tests.urls'
|
||||
middleware = 'django.contrib.auth.middleware.RemoteUserMiddleware'
|
||||
backend = 'django.contrib.auth.backends.RemoteUserBackend'
|
||||
header = 'REMOTE_USER'
|
||||
|
||||
# Usernames to be passed in REMOTE_USER for the test_known_user test case.
|
||||
known_user = 'knownuser'
|
||||
@ -37,11 +39,11 @@ class RemoteUserTest(TestCase):
|
||||
self.assertTrue(response.context['user'].is_anonymous())
|
||||
self.assertEqual(User.objects.count(), num_users)
|
||||
|
||||
response = self.client.get('/remote_user/', REMOTE_USER=None)
|
||||
response = self.client.get('/remote_user/', **{self.header: None})
|
||||
self.assertTrue(response.context['user'].is_anonymous())
|
||||
self.assertEqual(User.objects.count(), num_users)
|
||||
|
||||
response = self.client.get('/remote_user/', REMOTE_USER='')
|
||||
response = self.client.get('/remote_user/', **{self.header: ''})
|
||||
self.assertTrue(response.context['user'].is_anonymous())
|
||||
self.assertEqual(User.objects.count(), num_users)
|
||||
|
||||
@ -51,13 +53,13 @@ class RemoteUserTest(TestCase):
|
||||
as a User.
|
||||
"""
|
||||
num_users = User.objects.count()
|
||||
response = self.client.get('/remote_user/', REMOTE_USER='newuser')
|
||||
response = self.client.get('/remote_user/', **{self.header: 'newuser'})
|
||||
self.assertEqual(response.context['user'].username, 'newuser')
|
||||
self.assertEqual(User.objects.count(), num_users + 1)
|
||||
User.objects.get(username='newuser')
|
||||
|
||||
# Another request with same user should not create any new users.
|
||||
response = self.client.get('/remote_user/', REMOTE_USER='newuser')
|
||||
response = self.client.get('/remote_user/', **{self.header: 'newuser'})
|
||||
self.assertEqual(User.objects.count(), num_users + 1)
|
||||
|
||||
def test_known_user(self):
|
||||
@ -67,12 +69,14 @@ class RemoteUserTest(TestCase):
|
||||
User.objects.create(username='knownuser')
|
||||
User.objects.create(username='knownuser2')
|
||||
num_users = User.objects.count()
|
||||
response = self.client.get('/remote_user/', REMOTE_USER=self.known_user)
|
||||
response = self.client.get('/remote_user/',
|
||||
**{self.header: self.known_user})
|
||||
self.assertEqual(response.context['user'].username, 'knownuser')
|
||||
self.assertEqual(User.objects.count(), num_users)
|
||||
# Test that a different user passed in the headers causes the new user
|
||||
# to be logged in.
|
||||
response = self.client.get('/remote_user/', REMOTE_USER=self.known_user2)
|
||||
response = self.client.get('/remote_user/',
|
||||
**{self.header: self.known_user2})
|
||||
self.assertEqual(response.context['user'].username, 'knownuser2')
|
||||
self.assertEqual(User.objects.count(), num_users)
|
||||
|
||||
@ -89,13 +93,15 @@ class RemoteUserTest(TestCase):
|
||||
user.last_login = default_login
|
||||
user.save()
|
||||
|
||||
response = self.client.get('/remote_user/', REMOTE_USER=self.known_user)
|
||||
response = self.client.get('/remote_user/',
|
||||
**{self.header: self.known_user})
|
||||
self.assertNotEqual(default_login, response.context['user'].last_login)
|
||||
|
||||
user = User.objects.get(username='knownuser')
|
||||
user.last_login = default_login
|
||||
user.save()
|
||||
response = self.client.get('/remote_user/', REMOTE_USER=self.known_user)
|
||||
response = self.client.get('/remote_user/',
|
||||
**{self.header: self.known_user})
|
||||
self.assertEqual(default_login, response.context['user'].last_login)
|
||||
|
||||
def test_header_disappears(self):
|
||||
@ -105,7 +111,8 @@ class RemoteUserTest(TestCase):
|
||||
"""
|
||||
User.objects.create(username='knownuser')
|
||||
# Known user authenticates
|
||||
response = self.client.get('/remote_user/', REMOTE_USER=self.known_user)
|
||||
response = self.client.get('/remote_user/',
|
||||
**{self.header: self.known_user})
|
||||
self.assertEqual(response.context['user'].username, 'knownuser')
|
||||
# During the session, the REMOTE_USER header disappears. Should trigger logout.
|
||||
response = self.client.get('/remote_user/')
|
||||
@ -140,7 +147,7 @@ class RemoteUserNoCreateTest(RemoteUserTest):
|
||||
|
||||
def test_unknown_user(self):
|
||||
num_users = User.objects.count()
|
||||
response = self.client.get('/remote_user/', REMOTE_USER='newuser')
|
||||
response = self.client.get('/remote_user/', **{self.header: 'newuser'})
|
||||
self.assertTrue(response.context['user'].is_anonymous())
|
||||
self.assertEqual(User.objects.count(), num_users)
|
||||
|
||||
@ -194,3 +201,22 @@ class RemoteUserCustomTest(RemoteUserTest):
|
||||
super(RemoteUserCustomTest, self).test_unknown_user()
|
||||
newuser = User.objects.get(username='newuser')
|
||||
self.assertEqual(newuser.email, 'user@example.com')
|
||||
|
||||
|
||||
class CustomHeaderMiddleware(RemoteUserMiddleware):
|
||||
"""
|
||||
Middleware that overrides custom HTTP auth user header.
|
||||
"""
|
||||
header = 'HTTP_AUTHUSER'
|
||||
|
||||
|
||||
@skipIfCustomUser
|
||||
class CustomHeaderRemoteUserTest(RemoteUserTest):
|
||||
"""
|
||||
Tests a custom RemoteUserMiddleware subclass with custom HTTP auth user
|
||||
header.
|
||||
"""
|
||||
middleware = (
|
||||
'django.contrib.auth.tests.test_remote_user.CustomHeaderMiddleware'
|
||||
)
|
||||
header = 'HTTP_AUTHUSER'
|
||||
|
Loading…
Reference in New Issue
Block a user