Skip to content

Make APIClient.force_authenticate() work with user=None #8212

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Sep 15, 2022
Merged

Make APIClient.force_authenticate() work with user=None #8212

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0768339
Fix testing with token
willbeaufoy Oct 17, 2021
34c7c9a
Add unit test
willbeaufoy Oct 18, 2021
f43cd30
Split unit test into 3
willbeaufoy Jul 3, 2022
6149e9d
Fix linting error
willbeaufoy Sep 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion rest_framework/test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,7 @@ def force_authenticate(self, user=None, token=None):
"""
self.handler._force_user = user
self.handler._force_token = token
if user is None:
if user is None and token is None:
self.logout() # Also clear any possible session info if required

def request(self, **kwargs):
Expand Down
54 changes: 45 additions & 9 deletions tests/test_testing.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
from django.urls import path

from rest_framework import fields, serializers
from rest_framework.authtoken.models import Token
from rest_framework.decorators import api_view
from rest_framework.response import Response
from rest_framework.test import (
Expand All @@ -19,10 +20,12 @@

@api_view(['GET', 'POST', 'PUT', 'PATCH', 'DELETE', 'OPTIONS'])
def view(request):
return Response({
'auth': request.META.get('HTTP_AUTHORIZATION', b''),
'user': request.user.username
})
data = {'auth': request.META.get('HTTP_AUTHORIZATION', b'')}
if request.user:
data['user'] = request.user.username
if request.auth:
data['token'] = request.auth.key
return Response(data)


@api_view(['GET', 'POST'])
Expand Down Expand Up @@ -78,14 +81,46 @@ def test_credentials(self):
response = self.client.get('/view/')
assert response.data['auth'] == 'example'

def test_force_authenticate(self):
def test_force_authenticate_with_user(self):
"""
Setting `.force_authenticate()` forcibly authenticates each request.
Setting `.force_authenticate()` with a user forcibly authenticates each
request with that user.
"""
user = User.objects.create_user('example', '[email protected]')
self.client.force_authenticate(user)

self.client.force_authenticate(user=user)
response = self.client.get('/view/')

assert response.data['user'] == 'example'
assert 'token' not in response.data

def test_force_authenticate_with_token(self):
"""
Setting `.force_authenticate()` with a token forcibly authenticates each
request with that token.
"""
user = User.objects.create_user('example', '[email protected]')
token = Token.objects.create(key='xyz', user=user)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It'd be better, in my opinion at least, to have these as 3 individual tests.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to rerequest review from you, but the request failed for some reason. Anyway it's ready for review again.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@marksweb any chance of getting this merged?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@willbeaufoy I'm afraid I don't have the ability to do that. I was just reviewing to assist the maintainers.

Perhaps @tomchristie could take a look over this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@tomchristie any chance of merging this?


self.client.force_authenticate(token=token)
response = self.client.get('/view/')

assert response.data['token'] == 'xyz'
assert 'user' not in response.data

def test_force_authenticate_with_user_and_token(self):
"""
Setting `.force_authenticate()` with a user and token forcibly
authenticates each request with that user and token.
"""
user = User.objects.create_user('example', '[email protected]')
token = Token.objects.create(key='xyz', user=user)

self.client.force_authenticate(user=user, token=token)
response = self.client.get('/view/')

assert response.data['user'] == 'example'
assert response.data['token'] == 'xyz'

def test_force_authenticate_with_sessions(self):
"""
Expand All @@ -102,8 +137,9 @@ def test_force_authenticate_with_sessions(self):
response = self.client.get('/session-view/')
assert response.data['active_session'] is True

# Force authenticating as `None` should also logout the user session.
self.client.force_authenticate(None)
# Force authenticating with `None` user and token should also logout
# the user session.
self.client.force_authenticate(user=None, token=None)
response = self.client.get('/session-view/')
assert response.data['active_session'] is False

Expand Down