mirror of
https://github.com/django/django.git
synced 2024-12-23 09:36:06 +00:00
Fixed #21250 -- Made HTTP auth user header configurable in tests
Currently, if the authentication mechanism uses a custom HTTP header and not REMOTE_USER, it is not easy to test. This commit modifies remote user tests in order to make them more generic.
This commit is contained in:
parent
75ec1fdf16
commit
8f994f1bcc
@ -3,6 +3,7 @@ from datetime import datetime
|
|||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.contrib.auth import authenticate
|
from django.contrib.auth import authenticate
|
||||||
from django.contrib.auth.backends import RemoteUserBackend
|
from django.contrib.auth.backends import RemoteUserBackend
|
||||||
|
from django.contrib.auth.middleware import RemoteUserMiddleware
|
||||||
from django.contrib.auth.models import User
|
from django.contrib.auth.models import User
|
||||||
from django.contrib.auth.tests.utils import skipIfCustomUser
|
from django.contrib.auth.tests.utils import skipIfCustomUser
|
||||||
from django.test import TestCase
|
from django.test import TestCase
|
||||||
@ -15,6 +16,7 @@ class RemoteUserTest(TestCase):
|
|||||||
urls = 'django.contrib.auth.tests.urls'
|
urls = 'django.contrib.auth.tests.urls'
|
||||||
middleware = 'django.contrib.auth.middleware.RemoteUserMiddleware'
|
middleware = 'django.contrib.auth.middleware.RemoteUserMiddleware'
|
||||||
backend = 'django.contrib.auth.backends.RemoteUserBackend'
|
backend = 'django.contrib.auth.backends.RemoteUserBackend'
|
||||||
|
header = 'REMOTE_USER'
|
||||||
|
|
||||||
# Usernames to be passed in REMOTE_USER for the test_known_user test case.
|
# Usernames to be passed in REMOTE_USER for the test_known_user test case.
|
||||||
known_user = 'knownuser'
|
known_user = 'knownuser'
|
||||||
@ -37,11 +39,11 @@ class RemoteUserTest(TestCase):
|
|||||||
self.assertTrue(response.context['user'].is_anonymous())
|
self.assertTrue(response.context['user'].is_anonymous())
|
||||||
self.assertEqual(User.objects.count(), num_users)
|
self.assertEqual(User.objects.count(), num_users)
|
||||||
|
|
||||||
response = self.client.get('/remote_user/', REMOTE_USER=None)
|
response = self.client.get('/remote_user/', **{self.header: None})
|
||||||
self.assertTrue(response.context['user'].is_anonymous())
|
self.assertTrue(response.context['user'].is_anonymous())
|
||||||
self.assertEqual(User.objects.count(), num_users)
|
self.assertEqual(User.objects.count(), num_users)
|
||||||
|
|
||||||
response = self.client.get('/remote_user/', REMOTE_USER='')
|
response = self.client.get('/remote_user/', **{self.header: ''})
|
||||||
self.assertTrue(response.context['user'].is_anonymous())
|
self.assertTrue(response.context['user'].is_anonymous())
|
||||||
self.assertEqual(User.objects.count(), num_users)
|
self.assertEqual(User.objects.count(), num_users)
|
||||||
|
|
||||||
@ -51,13 +53,13 @@ class RemoteUserTest(TestCase):
|
|||||||
as a User.
|
as a User.
|
||||||
"""
|
"""
|
||||||
num_users = User.objects.count()
|
num_users = User.objects.count()
|
||||||
response = self.client.get('/remote_user/', REMOTE_USER='newuser')
|
response = self.client.get('/remote_user/', **{self.header: 'newuser'})
|
||||||
self.assertEqual(response.context['user'].username, 'newuser')
|
self.assertEqual(response.context['user'].username, 'newuser')
|
||||||
self.assertEqual(User.objects.count(), num_users + 1)
|
self.assertEqual(User.objects.count(), num_users + 1)
|
||||||
User.objects.get(username='newuser')
|
User.objects.get(username='newuser')
|
||||||
|
|
||||||
# Another request with same user should not create any new users.
|
# Another request with same user should not create any new users.
|
||||||
response = self.client.get('/remote_user/', REMOTE_USER='newuser')
|
response = self.client.get('/remote_user/', **{self.header: 'newuser'})
|
||||||
self.assertEqual(User.objects.count(), num_users + 1)
|
self.assertEqual(User.objects.count(), num_users + 1)
|
||||||
|
|
||||||
def test_known_user(self):
|
def test_known_user(self):
|
||||||
@ -67,12 +69,14 @@ class RemoteUserTest(TestCase):
|
|||||||
User.objects.create(username='knownuser')
|
User.objects.create(username='knownuser')
|
||||||
User.objects.create(username='knownuser2')
|
User.objects.create(username='knownuser2')
|
||||||
num_users = User.objects.count()
|
num_users = User.objects.count()
|
||||||
response = self.client.get('/remote_user/', REMOTE_USER=self.known_user)
|
response = self.client.get('/remote_user/',
|
||||||
|
**{self.header: self.known_user})
|
||||||
self.assertEqual(response.context['user'].username, 'knownuser')
|
self.assertEqual(response.context['user'].username, 'knownuser')
|
||||||
self.assertEqual(User.objects.count(), num_users)
|
self.assertEqual(User.objects.count(), num_users)
|
||||||
# Test that a different user passed in the headers causes the new user
|
# Test that a different user passed in the headers causes the new user
|
||||||
# to be logged in.
|
# to be logged in.
|
||||||
response = self.client.get('/remote_user/', REMOTE_USER=self.known_user2)
|
response = self.client.get('/remote_user/',
|
||||||
|
**{self.header: self.known_user2})
|
||||||
self.assertEqual(response.context['user'].username, 'knownuser2')
|
self.assertEqual(response.context['user'].username, 'knownuser2')
|
||||||
self.assertEqual(User.objects.count(), num_users)
|
self.assertEqual(User.objects.count(), num_users)
|
||||||
|
|
||||||
@ -89,13 +93,15 @@ class RemoteUserTest(TestCase):
|
|||||||
user.last_login = default_login
|
user.last_login = default_login
|
||||||
user.save()
|
user.save()
|
||||||
|
|
||||||
response = self.client.get('/remote_user/', REMOTE_USER=self.known_user)
|
response = self.client.get('/remote_user/',
|
||||||
|
**{self.header: self.known_user})
|
||||||
self.assertNotEqual(default_login, response.context['user'].last_login)
|
self.assertNotEqual(default_login, response.context['user'].last_login)
|
||||||
|
|
||||||
user = User.objects.get(username='knownuser')
|
user = User.objects.get(username='knownuser')
|
||||||
user.last_login = default_login
|
user.last_login = default_login
|
||||||
user.save()
|
user.save()
|
||||||
response = self.client.get('/remote_user/', REMOTE_USER=self.known_user)
|
response = self.client.get('/remote_user/',
|
||||||
|
**{self.header: self.known_user})
|
||||||
self.assertEqual(default_login, response.context['user'].last_login)
|
self.assertEqual(default_login, response.context['user'].last_login)
|
||||||
|
|
||||||
def test_header_disappears(self):
|
def test_header_disappears(self):
|
||||||
@ -105,7 +111,8 @@ class RemoteUserTest(TestCase):
|
|||||||
"""
|
"""
|
||||||
User.objects.create(username='knownuser')
|
User.objects.create(username='knownuser')
|
||||||
# Known user authenticates
|
# Known user authenticates
|
||||||
response = self.client.get('/remote_user/', REMOTE_USER=self.known_user)
|
response = self.client.get('/remote_user/',
|
||||||
|
**{self.header: self.known_user})
|
||||||
self.assertEqual(response.context['user'].username, 'knownuser')
|
self.assertEqual(response.context['user'].username, 'knownuser')
|
||||||
# During the session, the REMOTE_USER header disappears. Should trigger logout.
|
# During the session, the REMOTE_USER header disappears. Should trigger logout.
|
||||||
response = self.client.get('/remote_user/')
|
response = self.client.get('/remote_user/')
|
||||||
@ -140,7 +147,7 @@ class RemoteUserNoCreateTest(RemoteUserTest):
|
|||||||
|
|
||||||
def test_unknown_user(self):
|
def test_unknown_user(self):
|
||||||
num_users = User.objects.count()
|
num_users = User.objects.count()
|
||||||
response = self.client.get('/remote_user/', REMOTE_USER='newuser')
|
response = self.client.get('/remote_user/', **{self.header: 'newuser'})
|
||||||
self.assertTrue(response.context['user'].is_anonymous())
|
self.assertTrue(response.context['user'].is_anonymous())
|
||||||
self.assertEqual(User.objects.count(), num_users)
|
self.assertEqual(User.objects.count(), num_users)
|
||||||
|
|
||||||
@ -194,3 +201,22 @@ class RemoteUserCustomTest(RemoteUserTest):
|
|||||||
super(RemoteUserCustomTest, self).test_unknown_user()
|
super(RemoteUserCustomTest, self).test_unknown_user()
|
||||||
newuser = User.objects.get(username='newuser')
|
newuser = User.objects.get(username='newuser')
|
||||||
self.assertEqual(newuser.email, 'user@example.com')
|
self.assertEqual(newuser.email, 'user@example.com')
|
||||||
|
|
||||||
|
|
||||||
|
class CustomHeaderMiddleware(RemoteUserMiddleware):
|
||||||
|
"""
|
||||||
|
Middleware that overrides custom HTTP auth user header.
|
||||||
|
"""
|
||||||
|
header = 'HTTP_AUTHUSER'
|
||||||
|
|
||||||
|
|
||||||
|
@skipIfCustomUser
|
||||||
|
class CustomHeaderRemoteUserTest(RemoteUserTest):
|
||||||
|
"""
|
||||||
|
Tests a custom RemoteUserMiddleware subclass with custom HTTP auth user
|
||||||
|
header.
|
||||||
|
"""
|
||||||
|
middleware = (
|
||||||
|
'django.contrib.auth.tests.test_remote_user.CustomHeaderMiddleware'
|
||||||
|
)
|
||||||
|
header = 'HTTP_AUTHUSER'
|
||||||
|
Loading…
Reference in New Issue
Block a user