summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorJon Dufresne <jon.dufresne@gmail.com>2015-06-15 21:35:19 -0700
committerTim Graham <timograham@gmail.com>2015-07-01 13:01:08 -0400
commitb44dee16e60ff2600fee90576e5bf0083c266104 (patch)
tree591b026b6cc77f6a16373093f7d4bbc3caa8032a /tests
parent39ec59d6d0f136778d483a96f15b6806a2d50407 (diff)
Fixed #20916 -- Added Client.force_login() to bypass authentication.
Diffstat (limited to 'tests')
-rw-r--r--tests/test_client/auth_backends.py5
-rw-r--r--tests/test_client/tests.py101
2 files changed, 106 insertions, 0 deletions
diff --git a/tests/test_client/auth_backends.py b/tests/test_client/auth_backends.py
new file mode 100644
index 0000000000..c886dce336
--- /dev/null
+++ b/tests/test_client/auth_backends.py
@@ -0,0 +1,5 @@
+from django.contrib.auth.backends import ModelBackend
+
+
+class TestClientBackend(ModelBackend):
+ pass
diff --git a/tests/test_client/tests.py b/tests/test_client/tests.py
index bef1146172..ae70f5c494 100644
--- a/tests/test_client/tests.py
+++ b/tests/test_client/tests.py
@@ -364,6 +364,20 @@ class ClientTest(TestCase):
self.assertEqual(response.status_code, 200)
self.assertEqual(response.context['user'].username, 'testclient')
+ def test_view_with_force_login(self):
+ "Request a page that is protected with @login_required"
+ # Get the page without logging in. Should result in 302.
+ response = self.client.get('/login_protected_view/')
+ self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/')
+
+ # Log in
+ self.client.force_login(self.u1)
+
+ # Request a page that requires a login
+ response = self.client.get('/login_protected_view/')
+ self.assertEqual(response.status_code, 200)
+ self.assertEqual(response.context['user'].username, 'testclient')
+
def test_view_with_method_login(self):
"Request a page that is protected with a @login_required method"
@@ -380,6 +394,20 @@ class ClientTest(TestCase):
self.assertEqual(response.status_code, 200)
self.assertEqual(response.context['user'].username, 'testclient')
+ def test_view_with_method_force_login(self):
+ "Request a page that is protected with a @login_required method"
+ # Get the page without logging in. Should result in 302.
+ response = self.client.get('/login_protected_method_view/')
+ self.assertRedirects(response, '/accounts/login/?next=/login_protected_method_view/')
+
+ # Log in
+ self.client.force_login(self.u1)
+
+ # Request a page that requires a login
+ response = self.client.get('/login_protected_method_view/')
+ self.assertEqual(response.status_code, 200)
+ self.assertEqual(response.context['user'].username, 'testclient')
+
def test_view_with_login_and_custom_redirect(self):
"Request a page that is protected with @login_required(redirect_field_name='redirect_to')"
@@ -396,6 +424,23 @@ class ClientTest(TestCase):
self.assertEqual(response.status_code, 200)
self.assertEqual(response.context['user'].username, 'testclient')
+ def test_view_with_force_login_and_custom_redirect(self):
+ """
+ Request a page that is protected with
+ @login_required(redirect_field_name='redirect_to')
+ """
+ # Get the page without logging in. Should result in 302.
+ response = self.client.get('/login_protected_view_custom_redirect/')
+ self.assertRedirects(response, '/accounts/login/?redirect_to=/login_protected_view_custom_redirect/')
+
+ # Log in
+ self.client.force_login(self.u1)
+
+ # Request a page that requires a login
+ response = self.client.get('/login_protected_view_custom_redirect/')
+ self.assertEqual(response.status_code, 200)
+ self.assertEqual(response.context['user'].username, 'testclient')
+
def test_view_with_bad_login(self):
"Request a page that is protected with @login, but use bad credentials"
@@ -408,6 +453,21 @@ class ClientTest(TestCase):
login = self.client.login(username='inactive', password='password')
self.assertFalse(login)
+ def test_view_with_inactive_force_login(self):
+ "Request a page that is protected with @login, but use an inactive login"
+
+ # Get the page without logging in. Should result in 302.
+ response = self.client.get('/login_protected_view/')
+ self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/')
+
+ # Log in
+ self.client.force_login(self.u2)
+
+ # Request a page that requires a login
+ response = self.client.get('/login_protected_view/')
+ self.assertEqual(response.status_code, 200)
+ self.assertEqual(response.context['user'].username, 'inactive')
+
def test_logout(self):
"Request a logout after logging in"
# Log in
@@ -425,6 +485,47 @@ class ClientTest(TestCase):
response = self.client.get('/login_protected_view/')
self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/')
+ def test_logout_with_force_login(self):
+ "Request a logout after logging in"
+ # Log in
+ self.client.force_login(self.u1)
+
+ # Request a page that requires a login
+ response = self.client.get('/login_protected_view/')
+ self.assertEqual(response.status_code, 200)
+ self.assertEqual(response.context['user'].username, 'testclient')
+
+ # Log out
+ self.client.logout()
+
+ # Request a page that requires a login
+ response = self.client.get('/login_protected_view/')
+ self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/')
+
+ @override_settings(
+ AUTHENTICATION_BACKENDS=[
+ 'django.contrib.auth.backends.ModelBackend',
+ 'test_client.auth_backends.TestClientBackend',
+ ],
+ )
+ def test_force_login_with_backend(self):
+ """
+ Request a page that is protected with @login_required when using
+ force_login() and passing a backend.
+ """
+ # Get the page without logging in. Should result in 302.
+ response = self.client.get('/login_protected_view/')
+ self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/')
+
+ # Log in
+ self.client.force_login(self.u1, backend='test_client.auth_backends.TestClientBackend')
+ self.assertEqual(self.u1.backend, 'test_client.auth_backends.TestClientBackend')
+
+ # Request a page that requires a login
+ response = self.client.get('/login_protected_view/')
+ self.assertEqual(response.status_code, 200)
+ self.assertEqual(response.context['user'].username, 'testclient')
+
@override_settings(SESSION_ENGINE="django.contrib.sessions.backends.signed_cookies")
def test_logout_cookie_sessions(self):
self.test_logout()