summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorHisham Mahmood <hishammahmood41@gmail.com>2024-05-05 11:21:28 +0500
committerSarah Boyce <42296566+sarahboyce@users.noreply.github.com>2024-05-22 08:51:17 +0200
commitc7fc9f20b49b5889a9a8f47de45165ac443c1a21 (patch)
tree113e55d5b047f479375638c1f17d9c127aedf618 /tests
parent7857507c7fc43350701700d4215a37baea7655f0 (diff)
Fixed #31405 -- Added LoginRequiredMiddleware.
Co-authored-by: Adam Johnson <me@adamj.eu> Co-authored-by: Mehmet İnce <mehmet@mehmetince.net> Co-authored-by: Sarah Boyce <42296566+sarahboyce@users.noreply.github.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/auth_tests/test_checks.py110
-rw-r--r--tests/auth_tests/test_decorators.py35
-rw-r--r--tests/auth_tests/test_middleware.py141
-rw-r--r--tests/auth_tests/test_views.py80
-rw-r--r--tests/auth_tests/urls.py53
-rw-r--r--tests/deprecation/test_middleware_mixin.py2
6 files changed, 415 insertions, 6 deletions
diff --git a/tests/auth_tests/test_checks.py b/tests/auth_tests/test_checks.py
index 5757946f95..3d70451e9d 100644
--- a/tests/auth_tests/test_checks.py
+++ b/tests/auth_tests/test_checks.py
@@ -1,5 +1,14 @@
-from django.contrib.auth.checks import check_models_permissions, check_user_model
+from django.contrib.auth.checks import (
+ check_middleware,
+ check_models_permissions,
+ check_user_model,
+)
+from django.contrib.auth.middleware import (
+ AuthenticationMiddleware,
+ LoginRequiredMiddleware,
+)
from django.contrib.auth.models import AbstractBaseUser
+from django.contrib.sessions.middleware import SessionMiddleware
from django.core import checks
from django.db import models
from django.db.models import Q, UniqueConstraint
@@ -345,3 +354,102 @@ class ModelsPermissionsChecksTests(SimpleTestCase):
default_permissions = ()
self.assertEqual(checks.run_checks(self.apps.get_app_configs()), [])
+
+
+class LoginRequiredMiddlewareSubclass(LoginRequiredMiddleware):
+ redirect_field_name = "redirect_to"
+
+
+class AuthenticationMiddlewareSubclass(AuthenticationMiddleware):
+ pass
+
+
+class SessionMiddlewareSubclass(SessionMiddleware):
+ pass
+
+
+@override_system_checks([check_middleware])
+class MiddlewareChecksTests(SimpleTestCase):
+ @override_settings(
+ MIDDLEWARE=[
+ "auth_tests.test_checks.SessionMiddlewareSubclass",
+ "auth_tests.test_checks.AuthenticationMiddlewareSubclass",
+ "auth_tests.test_checks.LoginRequiredMiddlewareSubclass",
+ ]
+ )
+ def test_middleware_subclasses(self):
+ errors = checks.run_checks()
+ self.assertEqual(errors, [])
+
+ @override_settings(
+ MIDDLEWARE=[
+ "auth_tests.test_checks",
+ "auth_tests.test_checks.NotExist",
+ ]
+ )
+ def test_invalid_middleware_skipped(self):
+ errors = checks.run_checks()
+ self.assertEqual(errors, [])
+
+ @override_settings(
+ MIDDLEWARE=[
+ "django.contrib.does.not.Exist",
+ "django.contrib.sessions.middleware.SessionMiddleware",
+ "django.contrib.auth.middleware.AuthenticationMiddleware",
+ "django.contrib.auth.middleware.LoginRequiredMiddleware",
+ ]
+ )
+ def test_check_ignores_import_error_in_middleware(self):
+ errors = checks.run_checks()
+ self.assertEqual(errors, [])
+
+ @override_settings(
+ MIDDLEWARE=[
+ "django.contrib.sessions.middleware.SessionMiddleware",
+ "django.contrib.auth.middleware.AuthenticationMiddleware",
+ "django.contrib.auth.middleware.LoginRequiredMiddleware",
+ ]
+ )
+ def test_correct_order_with_login_required_middleware(self):
+ errors = checks.run_checks()
+ self.assertEqual(errors, [])
+
+ @override_settings(
+ MIDDLEWARE=[
+ "django.contrib.auth.middleware.LoginRequiredMiddleware",
+ "django.contrib.auth.middleware.AuthenticationMiddleware",
+ "django.contrib.sessions.middleware.SessionMiddleware",
+ ]
+ )
+ def test_incorrect_order_with_login_required_middleware(self):
+ errors = checks.run_checks()
+ self.assertEqual(
+ errors,
+ [
+ checks.Error(
+ "In order to use django.contrib.auth.middleware."
+ "LoginRequiredMiddleware, django.contrib.auth.middleware."
+ "AuthenticationMiddleware must be defined before it in MIDDLEWARE.",
+ id="auth.E013",
+ )
+ ],
+ )
+
+ @override_settings(
+ MIDDLEWARE=[
+ "django.contrib.auth.middleware.LoginRequiredMiddleware",
+ ]
+ )
+ def test_missing_authentication_with_login_required_middleware(self):
+ errors = checks.run_checks()
+ self.assertEqual(
+ errors,
+ [
+ checks.Error(
+ "In order to use django.contrib.auth.middleware."
+ "LoginRequiredMiddleware, django.contrib.auth.middleware."
+ "AuthenticationMiddleware must be defined before it in MIDDLEWARE.",
+ id="auth.E013",
+ )
+ ],
+ )
diff --git a/tests/auth_tests/test_decorators.py b/tests/auth_tests/test_decorators.py
index 48fa915c5c..e585b28bd5 100644
--- a/tests/auth_tests/test_decorators.py
+++ b/tests/auth_tests/test_decorators.py
@@ -5,6 +5,7 @@ from asgiref.sync import sync_to_async
from django.conf import settings
from django.contrib.auth import models
from django.contrib.auth.decorators import (
+ login_not_required,
login_required,
permission_required,
user_passes_test,
@@ -113,6 +114,40 @@ class LoginRequiredTestCase(AuthViewsTestCase):
await self.test_login_required_async_view(login_url="/somewhere/")
+class LoginNotRequiredTestCase(TestCase):
+ """
+ Tests the login_not_required decorators
+ """
+
+ def test_callable(self):
+ """
+ login_not_required is assignable to callable objects.
+ """
+
+ class CallableView:
+ def __call__(self, *args, **kwargs):
+ pass
+
+ login_not_required(CallableView())
+
+ def test_view(self):
+ """
+ login_not_required is assignable to normal views.
+ """
+
+ def normal_view(request):
+ pass
+
+ login_not_required(normal_view)
+
+ def test_decorator_marks_view_as_login_not_required(self):
+ @login_not_required
+ def view(request):
+ return HttpResponse()
+
+ self.assertFalse(view.login_required)
+
+
class PermissionsRequiredDecoratorTest(TestCase):
"""
Tests for the permission_required decorator
diff --git a/tests/auth_tests/test_middleware.py b/tests/auth_tests/test_middleware.py
index e7c5a525cd..a837eb8b96 100644
--- a/tests/auth_tests/test_middleware.py
+++ b/tests/auth_tests/test_middleware.py
@@ -1,8 +1,14 @@
-from django.contrib.auth.middleware import AuthenticationMiddleware
+from django.conf import settings
+from django.contrib.auth import REDIRECT_FIELD_NAME
+from django.contrib.auth.middleware import (
+ AuthenticationMiddleware,
+ LoginRequiredMiddleware,
+)
from django.contrib.auth.models import User
from django.core.exceptions import ImproperlyConfigured
from django.http import HttpRequest, HttpResponse
-from django.test import TestCase
+from django.test import TestCase, modify_settings, override_settings
+from django.urls import reverse
class TestAuthenticationMiddleware(TestCase):
@@ -50,3 +56,134 @@ class TestAuthenticationMiddleware(TestCase):
self.assertEqual(auser, self.user)
auser_second = await self.request.auser()
self.assertIs(auser, auser_second)
+
+
+@override_settings(ROOT_URLCONF="auth_tests.urls")
+@modify_settings(
+ MIDDLEWARE={"append": "django.contrib.auth.middleware.LoginRequiredMiddleware"}
+)
+class TestLoginRequiredMiddleware(TestCase):
+ @classmethod
+ def setUpTestData(cls):
+ cls.user = User.objects.create_user(
+ "test_user", "test@example.com", "test_password"
+ )
+
+ def setUp(self):
+ self.middleware = LoginRequiredMiddleware(lambda req: HttpResponse())
+ self.request = HttpRequest()
+
+ def test_public_paths(self):
+ paths = ["public_view", "public_function_view"]
+ for path in paths:
+ response = self.client.get(f"/{path}/")
+ self.assertEqual(response.status_code, 200)
+
+ def test_protected_paths(self):
+ paths = ["protected_view", "protected_function_view"]
+ for path in paths:
+ response = self.client.get(f"/{path}/")
+ self.assertRedirects(
+ response,
+ settings.LOGIN_URL + f"?next=/{path}/",
+ fetch_redirect_response=False,
+ )
+
+ def test_login_required_paths(self):
+ paths = ["login_required_cbv_view", "login_required_decorator_view"]
+ for path in paths:
+ response = self.client.get(f"/{path}/")
+ self.assertRedirects(
+ response,
+ "/custom_login/" + f"?step=/{path}/",
+ fetch_redirect_response=False,
+ )
+
+ def test_admin_path(self):
+ admin_url = reverse("admin:index")
+ response = self.client.get(admin_url)
+ self.assertRedirects(
+ response,
+ reverse("admin:login") + f"?next={admin_url}",
+ target_status_code=200,
+ )
+
+ def test_non_existent_path(self):
+ response = self.client.get("/non_existent/")
+ self.assertEqual(response.status_code, 404)
+
+ def test_paths_with_logged_in_user(self):
+ paths = [
+ "public_view",
+ "public_function_view",
+ "protected_view",
+ "protected_function_view",
+ "login_required_cbv_view",
+ "login_required_decorator_view",
+ ]
+ self.client.login(username="test_user", password="test_password")
+ for path in paths:
+ response = self.client.get(f"/{path}/")
+ self.assertEqual(response.status_code, 200)
+
+ def test_get_login_url_from_view_func(self):
+ def view_func(request):
+ return HttpResponse()
+
+ view_func.login_url = "/custom_login/"
+ login_url = self.middleware.get_login_url(view_func)
+ self.assertEqual(login_url, "/custom_login/")
+
+ @override_settings(LOGIN_URL="/settings_login/")
+ def test_get_login_url_from_settings(self):
+ login_url = self.middleware.get_login_url(lambda: None)
+ self.assertEqual(login_url, "/settings_login/")
+
+ @override_settings(LOGIN_URL=None)
+ def test_get_login_url_no_login_url(self):
+ with self.assertRaises(ImproperlyConfigured) as e:
+ self.middleware.get_login_url(lambda: None)
+ self.assertEqual(
+ str(e.exception),
+ "No login URL to redirect to. Define settings.LOGIN_URL or provide "
+ "a login_url via the 'django.contrib.auth.decorators.login_required' "
+ "decorator.",
+ )
+
+ def test_get_redirect_field_name_from_view_func(self):
+ def view_func(request):
+ return HttpResponse()
+
+ view_func.redirect_field_name = "next_page"
+ redirect_field_name = self.middleware.get_redirect_field_name(view_func)
+ self.assertEqual(redirect_field_name, "next_page")
+
+ @override_settings(
+ MIDDLEWARE=[
+ "django.contrib.sessions.middleware.SessionMiddleware",
+ "django.contrib.auth.middleware.AuthenticationMiddleware",
+ "auth_tests.test_checks.LoginRequiredMiddlewareSubclass",
+ ],
+ LOGIN_URL="/settings_login/",
+ )
+ def test_login_url_resolve_logic(self):
+ paths = ["login_required_cbv_view", "login_required_decorator_view"]
+ for path in paths:
+ response = self.client.get(f"/{path}/")
+ self.assertRedirects(
+ response,
+ "/custom_login/" + f"?step=/{path}/",
+ fetch_redirect_response=False,
+ )
+ paths = ["protected_view", "protected_function_view"]
+ for path in paths:
+ response = self.client.get(f"/{path}/")
+ self.assertRedirects(
+ response,
+ f"/settings_login/?redirect_to=/{path}/",
+ fetch_redirect_response=False,
+ )
+
+ def test_get_redirect_field_name_default(self):
+ redirect_field_name = self.middleware.get_redirect_field_name(lambda: None)
+ self.assertEqual(redirect_field_name, REDIRECT_FIELD_NAME)
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index 53e33785b0..97d0448ab1 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -32,7 +32,7 @@ from django.core.exceptions import ImproperlyConfigured
from django.db import connection
from django.http import HttpRequest, HttpResponse
from django.middleware.csrf import CsrfViewMiddleware, get_token
-from django.test import Client, TestCase, override_settings
+from django.test import Client, TestCase, modify_settings, override_settings
from django.test.client import RedirectCycleError
from django.urls import NoReverseMatch, reverse, reverse_lazy
from django.utils.http import urlsafe_base64_encode
@@ -472,6 +472,29 @@ class PasswordResetTest(AuthViewsTestCase):
with self.assertRaisesMessage(ImproperlyConfigured, msg):
self.client.get("/reset/missing_parameters/")
+ @modify_settings(
+ MIDDLEWARE={"append": "django.contrib.auth.middleware.LoginRequiredMiddleware"}
+ )
+ def test_access_under_login_required_middleware(self):
+ reset_urls = [
+ reverse("password_reset"),
+ reverse("password_reset_done"),
+ reverse("password_reset_confirm", kwargs={"uidb64": "abc", "token": "def"}),
+ reverse("password_reset_complete"),
+ ]
+
+ for url in reset_urls:
+ with self.subTest(url=url):
+ response = self.client.get(url)
+ self.assertEqual(response.status_code, 200)
+
+ response = self.client.post(
+ "/password_reset/", {"email": "staffmember@example.com"}
+ )
+ self.assertRedirects(
+ response, "/password_reset/done/", fetch_redirect_response=False
+ )
+
@override_settings(AUTH_USER_MODEL="auth_tests.CustomUser")
class CustomUserPasswordResetTest(AuthViewsTestCase):
@@ -661,6 +684,38 @@ class ChangePasswordTest(AuthViewsTestCase):
response, "/password_reset/", fetch_redirect_response=False
)
+ @modify_settings(
+ MIDDLEWARE={"append": "django.contrib.auth.middleware.LoginRequiredMiddleware"}
+ )
+ def test_access_under_login_required_middleware(self):
+ response = self.client.post(
+ "/password_change/",
+ {
+ "old_password": "password",
+ "new_password1": "password1",
+ "new_password2": "password1",
+ },
+ )
+ self.assertRedirects(
+ response,
+ settings.LOGIN_URL + "?next=/password_change/",
+ fetch_redirect_response=False,
+ )
+
+ self.login()
+
+ response = self.client.post(
+ "/password_change/",
+ {
+ "old_password": "password",
+ "new_password1": "password1",
+ "new_password2": "password1",
+ },
+ )
+ self.assertRedirects(
+ response, "/password_change/done/", fetch_redirect_response=False
+ )
+
class SessionAuthenticationTests(AuthViewsTestCase):
def test_user_password_change_updates_session(self):
@@ -904,6 +959,13 @@ class LoginTest(AuthViewsTestCase):
response = self.login(url="/login/get_default_redirect_url/?next=/test/")
self.assertRedirects(response, "/test/", fetch_redirect_response=False)
+ @modify_settings(
+ MIDDLEWARE={"append": "django.contrib.auth.middleware.LoginRequiredMiddleware"}
+ )
+ def test_access_under_login_required_middleware(self):
+ response = self.client.get(reverse("login"))
+ self.assertEqual(response.status_code, 200)
+
class LoginURLSettings(AuthViewsTestCase):
"""Tests for settings.LOGIN_URL."""
@@ -1355,6 +1417,22 @@ class LogoutTest(AuthViewsTestCase):
self.assertContains(response, "Logged out")
self.confirm_logged_out()
+ @modify_settings(
+ MIDDLEWARE={"append": "django.contrib.auth.middleware.LoginRequiredMiddleware"}
+ )
+ def test_access_under_login_required_middleware(self):
+ response = self.client.post("/logout/")
+ self.assertRedirects(
+ response,
+ settings.LOGIN_URL + "?next=/logout/",
+ fetch_redirect_response=False,
+ )
+
+ self.login()
+
+ response = self.client.post("/logout/")
+ self.assertEqual(response.status_code, 200)
+
def get_perm(Model, perm):
ct = ContentType.objects.get_for_model(Model)
diff --git a/tests/auth_tests/urls.py b/tests/auth_tests/urls.py
index 99fa22e4f4..cb6a0ed1cf 100644
--- a/tests/auth_tests/urls.py
+++ b/tests/auth_tests/urls.py
@@ -1,6 +1,10 @@
from django.contrib import admin
from django.contrib.auth import views
-from django.contrib.auth.decorators import login_required, permission_required
+from django.contrib.auth.decorators import (
+ login_not_required,
+ login_required,
+ permission_required,
+)
from django.contrib.auth.forms import AuthenticationForm
from django.contrib.auth.urls import urlpatterns as auth_urlpatterns
from django.contrib.auth.views import LoginView
@@ -9,6 +13,8 @@ from django.http import HttpRequest, HttpResponse
from django.shortcuts import render
from django.template import RequestContext, Template
from django.urls import path, re_path, reverse_lazy
+from django.utils.decorators import method_decorator
+from django.views import View
from django.views.decorators.cache import never_cache
from django.views.i18n import set_language
@@ -88,6 +94,42 @@ class CustomDefaultRedirectURLLoginView(LoginView):
return "/custom/"
+class EmptyResponseBaseView(View):
+ def get(self, request, *args, **kwargs):
+ return HttpResponse()
+
+
+@method_decorator(login_not_required, name="dispatch")
+class PublicView(EmptyResponseBaseView):
+ pass
+
+
+class ProtectedView(EmptyResponseBaseView):
+ pass
+
+
+@method_decorator(
+ login_required(login_url="/custom_login/", redirect_field_name="step"),
+ name="dispatch",
+)
+class ProtectedViewWithCustomLoginRequired(EmptyResponseBaseView):
+ pass
+
+
+@login_not_required
+def public_view(request):
+ return HttpResponse()
+
+
+def protected_view(request):
+ return HttpResponse()
+
+
+@login_required(login_url="/custom_login/", redirect_field_name="step")
+def protected_view_with_login_required_decorator(request):
+ return HttpResponse()
+
+
# special urls for auth test cases
urlpatterns = auth_urlpatterns + [
path(
@@ -198,7 +240,14 @@ urlpatterns = auth_urlpatterns + [
"login_and_permission_required_exception/",
login_and_permission_required_exception,
),
+ path("public_view/", PublicView.as_view()),
+ path("public_function_view/", public_view),
+ path("protected_view/", ProtectedView.as_view()),
+ path("protected_function_view/", protected_view),
+ path(
+ "login_required_decorator_view/", protected_view_with_login_required_decorator
+ ),
+ path("login_required_cbv_view/", ProtectedViewWithCustomLoginRequired.as_view()),
path("setlang/", set_language, name="set_language"),
- # This line is only required to render the password reset with is_admin=True
path("admin/", admin.site.urls),
]
diff --git a/tests/deprecation/test_middleware_mixin.py b/tests/deprecation/test_middleware_mixin.py
index 3b6ad6d8ee..f4eafc14e3 100644
--- a/tests/deprecation/test_middleware_mixin.py
+++ b/tests/deprecation/test_middleware_mixin.py
@@ -5,6 +5,7 @@ from asgiref.sync import async_to_sync, iscoroutinefunction
from django.contrib.admindocs.middleware import XViewMiddleware
from django.contrib.auth.middleware import (
AuthenticationMiddleware,
+ LoginRequiredMiddleware,
RemoteUserMiddleware,
)
from django.contrib.flatpages.middleware import FlatpageFallbackMiddleware
@@ -34,6 +35,7 @@ from django.utils.deprecation import MiddlewareMixin
class MiddlewareMixinTests(SimpleTestCase):
middlewares = [
AuthenticationMiddleware,
+ LoginRequiredMiddleware,
BrokenLinkEmailsMiddleware,
CacheMiddleware,
CommonMiddleware,