Moved contrib.auth tests out of contrib.

author: Tim Graham <timograham@gmail.com> 2015-02-10 09:17:08 -0500
committer: Tim Graham <timograham@gmail.com> 2015-02-11 10:19:22 -0500
commit: 2d7aca3da0a46c09e9c70ebdb56ed340691a999f (patch)
tree: ac7c041d73e922d8e83a1944d56a27138875fe8e /tests/auth_tests/test_middleware.py
parent: 8192a164defa24d75672e6b10cec650489b8c748 (diff)
1 files changed, 49 insertions, 0 deletions
diff --git a/tests/auth_tests/test_middleware.py b/tests/auth_tests/test_middleware.py
new file mode 100644
index 0000000000..44372bce01
--- /dev/null
+++ b/tests/auth_tests/test_middleware.py
@@ -0,0 +1,49 @@
+from django.contrib.auth.middleware import AuthenticationMiddleware
+from django.contrib.auth.models import User
+from django.http import HttpRequest
+from django.test import TestCase
+
+
+class TestSessionAuthenticationMiddleware(TestCase):
+    def setUp(self):
+        self.user_password = 'test_password'
+        self.user = User.objects.create_user('test_user',
+                                             'test@example.com',
+                                             self.user_password)
+
+        self.middleware = AuthenticationMiddleware()
+        self.assertTrue(self.client.login(
+            username=self.user.username,
+            password=self.user_password,
+        ))
+        self.request = HttpRequest()
+        self.request.session = self.client.session
+
+    def test_changed_password_doesnt_invalidate_session(self):
+        """
+        Changing a user's password shouldn't invalidate the session if session
+        verification isn't activated.
+        """
+        session_key = self.request.session.session_key
+        self.middleware.process_request(self.request)
+        self.assertIsNotNone(self.request.user)
+        self.assertFalse(self.request.user.is_anonymous())
+
+        # After password change, user should remain logged in.
+        self.user.set_password('new_password')
+        self.user.save()
+        self.middleware.process_request(self.request)
+        self.assertIsNotNone(self.request.user)
+        self.assertFalse(self.request.user.is_anonymous())
+        self.assertEqual(session_key, self.request.session.session_key)
+
+    def test_changed_password_invalidates_session_with_middleware(self):
+        with self.modify_settings(MIDDLEWARE_CLASSES={'append': ['django.contrib.auth.middleware.SessionAuthenticationMiddleware']}):
+            # After password change, user should be anonymous
+            self.user.set_password('new_password')
+            self.user.save()
+            self.middleware.process_request(self.request)
+            self.assertIsNotNone(self.request.user)
+            self.assertTrue(self.request.user.is_anonymous())
+        # session should be flushed
+        self.assertIsNone(self.request.session.session_key)
author	Tim Graham <timograham@gmail.com>	2015-02-10 09:17:08 -0500
committer	Tim Graham <timograham@gmail.com>	2015-02-11 10:19:22 -0500
commit	2d7aca3da0a46c09e9c70ebdb56ed340691a999f (patch)
tree	ac7c041d73e922d8e83a1944d56a27138875fe8e /tests/auth_tests/test_middleware.py
parent	8192a164defa24d75672e6b10cec650489b8c748 (diff)