summaryrefslogtreecommitdiff
path: root/tests/auth_tests/test_remote_user.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/auth_tests/test_remote_user.py')
-rw-r--r--tests/auth_tests/test_remote_user.py23
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/auth_tests/test_remote_user.py b/tests/auth_tests/test_remote_user.py
index d0f3f2283f..a413b97ee4 100644
--- a/tests/auth_tests/test_remote_user.py
+++ b/tests/auth_tests/test_remote_user.py
@@ -232,3 +232,26 @@ class CustomHeaderRemoteUserTest(RemoteUserTest):
'auth_tests.test_remote_user.CustomHeaderMiddleware'
)
header = 'HTTP_AUTHUSER'
+
+
+class PersistentRemoteUserTest(RemoteUserTest):
+ """
+ PersistentRemoteUserMiddleware keeps the user logged in even if the
+ subsequent calls do not contain the header value.
+ """
+ middleware = 'django.contrib.auth.middleware.PersistentRemoteUserMiddleware'
+ require_header = False
+
+ def test_header_disappears(self):
+ """
+ A logged in user is kept logged in even if the REMOTE_USER header
+ disappears during the same browser session.
+ """
+ User.objects.create(username='knownuser')
+ # Known user authenticates
+ response = self.client.get('/remote_user/', **{self.header: self.known_user})
+ self.assertEqual(response.context['user'].username, 'knownuser')
+ # Should stay logged in if the REMOTE_USER header disappears.
+ response = self.client.get('/remote_user/')
+ self.assertEqual(response.context['user'].is_anonymous(), False)
+ self.assertEqual(response.context['user'].username, 'knownuser')
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 02:10:56 +0000