diff options
| author | Jon Dufresne <jon.dufresne@gmail.com> | 2015-06-15 21:35:19 -0700 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2015-07-01 13:01:08 -0400 |
| commit | b44dee16e60ff2600fee90576e5bf0083c266104 (patch) | |
| tree | 591b026b6cc77f6a16373093f7d4bbc3caa8032a /tests | |
| parent | 39ec59d6d0f136778d483a96f15b6806a2d50407 (diff) | |
Fixed #20916 -- Added Client.force_login() to bypass authentication.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_client/auth_backends.py | 5 | ||||
| -rw-r--r-- | tests/test_client/tests.py | 101 |
2 files changed, 106 insertions, 0 deletions
diff --git a/tests/test_client/auth_backends.py b/tests/test_client/auth_backends.py new file mode 100644 index 0000000000..c886dce336 --- /dev/null +++ b/tests/test_client/auth_backends.py @@ -0,0 +1,5 @@ +from django.contrib.auth.backends import ModelBackend + + +class TestClientBackend(ModelBackend): + pass diff --git a/tests/test_client/tests.py b/tests/test_client/tests.py index bef1146172..ae70f5c494 100644 --- a/tests/test_client/tests.py +++ b/tests/test_client/tests.py @@ -364,6 +364,20 @@ class ClientTest(TestCase): self.assertEqual(response.status_code, 200) self.assertEqual(response.context['user'].username, 'testclient') + def test_view_with_force_login(self): + "Request a page that is protected with @login_required" + # Get the page without logging in. Should result in 302. + response = self.client.get('/login_protected_view/') + self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/') + + # Log in + self.client.force_login(self.u1) + + # Request a page that requires a login + response = self.client.get('/login_protected_view/') + self.assertEqual(response.status_code, 200) + self.assertEqual(response.context['user'].username, 'testclient') + def test_view_with_method_login(self): "Request a page that is protected with a @login_required method" @@ -380,6 +394,20 @@ class ClientTest(TestCase): self.assertEqual(response.status_code, 200) self.assertEqual(response.context['user'].username, 'testclient') + def test_view_with_method_force_login(self): + "Request a page that is protected with a @login_required method" + # Get the page without logging in. Should result in 302. + response = self.client.get('/login_protected_method_view/') + self.assertRedirects(response, '/accounts/login/?next=/login_protected_method_view/') + + # Log in + self.client.force_login(self.u1) + + # Request a page that requires a login + response = self.client.get('/login_protected_method_view/') + self.assertEqual(response.status_code, 200) + self.assertEqual(response.context['user'].username, 'testclient') + def test_view_with_login_and_custom_redirect(self): "Request a page that is protected with @login_required(redirect_field_name='redirect_to')" @@ -396,6 +424,23 @@ class ClientTest(TestCase): self.assertEqual(response.status_code, 200) self.assertEqual(response.context['user'].username, 'testclient') + def test_view_with_force_login_and_custom_redirect(self): + """ + Request a page that is protected with + @login_required(redirect_field_name='redirect_to') + """ + # Get the page without logging in. Should result in 302. + response = self.client.get('/login_protected_view_custom_redirect/') + self.assertRedirects(response, '/accounts/login/?redirect_to=/login_protected_view_custom_redirect/') + + # Log in + self.client.force_login(self.u1) + + # Request a page that requires a login + response = self.client.get('/login_protected_view_custom_redirect/') + self.assertEqual(response.status_code, 200) + self.assertEqual(response.context['user'].username, 'testclient') + def test_view_with_bad_login(self): "Request a page that is protected with @login, but use bad credentials" @@ -408,6 +453,21 @@ class ClientTest(TestCase): login = self.client.login(username='inactive', password='password') self.assertFalse(login) + def test_view_with_inactive_force_login(self): + "Request a page that is protected with @login, but use an inactive login" + + # Get the page without logging in. Should result in 302. + response = self.client.get('/login_protected_view/') + self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/') + + # Log in + self.client.force_login(self.u2) + + # Request a page that requires a login + response = self.client.get('/login_protected_view/') + self.assertEqual(response.status_code, 200) + self.assertEqual(response.context['user'].username, 'inactive') + def test_logout(self): "Request a logout after logging in" # Log in @@ -425,6 +485,47 @@ class ClientTest(TestCase): response = self.client.get('/login_protected_view/') self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/') + def test_logout_with_force_login(self): + "Request a logout after logging in" + # Log in + self.client.force_login(self.u1) + + # Request a page that requires a login + response = self.client.get('/login_protected_view/') + self.assertEqual(response.status_code, 200) + self.assertEqual(response.context['user'].username, 'testclient') + + # Log out + self.client.logout() + + # Request a page that requires a login + response = self.client.get('/login_protected_view/') + self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/') + + @override_settings( + AUTHENTICATION_BACKENDS=[ + 'django.contrib.auth.backends.ModelBackend', + 'test_client.auth_backends.TestClientBackend', + ], + ) + def test_force_login_with_backend(self): + """ + Request a page that is protected with @login_required when using + force_login() and passing a backend. + """ + # Get the page without logging in. Should result in 302. + response = self.client.get('/login_protected_view/') + self.assertRedirects(response, '/accounts/login/?next=/login_protected_view/') + + # Log in + self.client.force_login(self.u1, backend='test_client.auth_backends.TestClientBackend') + self.assertEqual(self.u1.backend, 'test_client.auth_backends.TestClientBackend') + + # Request a page that requires a login + response = self.client.get('/login_protected_view/') + self.assertEqual(response.status_code, 200) + self.assertEqual(response.context['user'].username, 'testclient') + @override_settings(SESSION_ENGINE="django.contrib.sessions.backends.signed_cookies") def test_logout_cookie_sessions(self): self.test_logout() |
