File: test_middleware.py

package info (click to toggle)
djangorestframework 3.16.1-3
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 19,092 kB
  • sloc: javascript: 31,965; python: 29,367; makefile: 32; sh: 6
file content (148 lines) | stat: -rw-r--r-- 4,779 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
 
import unittest

import django
from django.contrib.auth.models import User
from django.http import HttpRequest
from django.test import override_settings
from django.urls import include, path

from rest_framework import status
from rest_framework.authentication import TokenAuthentication
from rest_framework.authtoken.models import Token
from rest_framework.decorators import action, api_view
from rest_framework.request import is_form_media_type
from rest_framework.response import Response
from rest_framework.routers import SimpleRouter
from rest_framework.test import APITestCase
from rest_framework.views import APIView
from rest_framework.viewsets import GenericViewSet


class PostView(APIView):
    def post(self, request):
        return Response(data=request.data, status=200)


class GetAPIView(APIView):
    def get(self, request):
        return Response(data="OK", status=200)


@api_view(['GET'])
def get_func_view(request):
    return Response(data="OK", status=200)


class ListViewSet(GenericViewSet):

    def list(self, request, *args, **kwargs):
        response = Response()
        response.view = self
        return response

    @action(detail=False, url_path='list-action')
    def list_action(self, request, *args, **kwargs):
        response = Response()
        response.view = self
        return response


router = SimpleRouter()
router.register(r'view-set', ListViewSet, basename='view_set')

urlpatterns = [
    path('auth', APIView.as_view(authentication_classes=(TokenAuthentication,))),
    path('post', PostView.as_view()),
    path('get', GetAPIView.as_view()),
    path('get-func', get_func_view),
    path('api/', include(router.urls)),
]


class RequestUserMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        response = self.get_response(request)
        assert hasattr(request, 'user'), '`user` is not set on request'
        assert request.user.is_authenticated, '`user` is not authenticated'

        return response


class RequestPOSTMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        assert isinstance(request, HttpRequest)

        # Parse body with underlying Django request
        request.body

        # Process request with DRF view
        response = self.get_response(request)

        # Ensure request.POST is set as appropriate
        if is_form_media_type(request.content_type):
            assert request.POST == {'foo': ['bar']}
        else:
            assert request.POST == {}

        return response


@override_settings(ROOT_URLCONF='tests.test_middleware')
class TestMiddleware(APITestCase):

    @override_settings(MIDDLEWARE=('tests.test_middleware.RequestUserMiddleware',))
    def test_middleware_can_access_user_when_processing_response(self):
        user = User.objects.create_user('john', 'john@example.com', 'password')
        key = 'abcd1234'
        Token.objects.create(key=key, user=user)

        self.client.get('/auth', HTTP_AUTHORIZATION='Token %s' % key)

    @override_settings(MIDDLEWARE=('tests.test_middleware.RequestPOSTMiddleware',))
    def test_middleware_can_access_request_post_when_processing_response(self):
        response = self.client.post('/post', {'foo': 'bar'})
        assert response.status_code == 200

        response = self.client.post('/post', {'foo': 'bar'}, format='json')
        assert response.status_code == 200


@unittest.skipUnless(django.VERSION >= (5, 1), 'Only for Django 5.1+')
@override_settings(
    ROOT_URLCONF='tests.test_middleware',
    MIDDLEWARE=(
        # Needed for AuthenticationMiddleware
        'django.contrib.sessions.middleware.SessionMiddleware',
        # Needed for LoginRequiredMiddleware
        'django.contrib.auth.middleware.AuthenticationMiddleware',
        'django.contrib.auth.middleware.LoginRequiredMiddleware',
    ),
)
class TestLoginRequiredMiddlewareCompat(APITestCase):
    """
    Django's 5.1+ LoginRequiredMiddleware should NOT apply to DRF views.

    Instead, users should put IsAuthenticated in their
    DEFAULT_PERMISSION_CLASSES setting.
    """
    def test_class_based_view(self):
        response = self.client.get('/get')
        assert response.status_code == status.HTTP_200_OK

    def test_function_based_view(self):
        response = self.client.get('/get-func')
        assert response.status_code == status.HTTP_200_OK

    def test_viewset_list(self):
        response = self.client.get('/api/view-set/')
        assert response.status_code == status.HTTP_200_OK

    def test_viewset_list_action(self):
        response = self.client.get('/api/view-set/list-action/')
        assert response.status_code == status.HTTP_200_OK