Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Testing authentication in Django Rest Framework Views -- Cannot authenticate when testing

After struggling mightily with this issue, I've come asking for a bit of help. I'm writing a test for a Django Rest Framework view, testing whether or not I can access the data whilst authenticated, and not. However, even when I'm authenticated, I still get 401 UNAUTHORIZED every time. Here's my tests:

from django.test import TestCase
from django.contrib.auth.models import User

from rest_framework.authtoken.models import Token
from rest_framework.test import APIRequestFactory, APIClient

from apps.core import models, admin
from apps.rest import views


class TestAPIViews(TestCase):
    def setUp(self):
        self.factory = APIRequestFactory()
        self.client = APIClient()
        self.user = User.objects.create_user('testuser', email='[email protected]', password='testing')
        self.user.save()
        token = Token.objects.create(user=self.user)
        token.save()

    def _require_login(self):
        self.client.login(username='testuser', password='testing')

    def test_ListAccounts_not_authenticated(self):
        request = self.factory.get('/accounts/')
        view = views.ListAccounts.as_view()
        response = view(request)
        self.assertEqual(response.status_code, 401,
            'Expected Response Code 401, received {0} instead.'.format(response.status_code))

    def test_ListAccounts_authenticated(self):
        self.client._require_login()
        print(self.user.is_authenticated()) # returns True
        request = self.factory.get('/accounts/')
        view = views.ListAccounts.as_view()
        response = view(request)
        self.assertEqual(response.status_code, 200,
            'Expected Response Code 200, received {0} instead.'.format(response.status_code))

And here is the code for my DRF View:

from django.shortcuts import render
from django.contrib.auth import authenticate, login, logout
from django.db.models import Q


from apps.core import serializers, models
from apps.rest.permissions import IsAccountOwner

from rest_framework.views import APIView
from rest_framework import status, authentication, generics
from rest_framework.response import Response
from rest_framework.authtoken.models import Token
from rest_framework.authentication import SessionAuthentication, TokenAuthentication
from rest_framework.permissions import IsAuthenticated
from rest_framework.response import Response

from apps.core import serializers, models

'''
Auth Mixin for Account Admin Access
'''
class AuthMixin:
    authentication_classes = (authentication.TokenAuthentication,
                              authentication.SessionAuthentication)
    permission_classes = (IsAuthenticated,)


class GenericList(AuthMixin, generics.ListAPIView):
    def get_queryset(self):
        # Stubbed out - doing nothing special right now
        qs = self.model.objects.filter()
        return qs


class ListAccounts(GenericList):
    model = models.Account
    serializer_class = serializers.AccountSerializer

As one can see, I'm calling login in the test_ListAccounts_authenticated, and then printing out whether or not I'm authenticated (Which returns True), but I get a 401 UNAUTHORIZED Error no matter what. Anything I'm missing? Thanks in advance.

like image 530
James Rasmussen Avatar asked Dec 11 '13 20:12

James Rasmussen


People also ask

How does authentication work in Django?

The Django authentication system handles both authentication and authorization. Briefly, authentication verifies a user is who they claim to be, and authorization determines what an authenticated user is allowed to do. Here the term authentication is used to refer to both tasks.

Which statement is applicable for CSRF validation in REST framework?

As usual CSRF validation will only apply to any session authenticated views. This means CSRF validation will only occur if the client has been logged in by calling login() .


1 Answers

Instead of calling self.factory.get(), call self.client.get().

I'm guessing self.client.login has no effect on self.factory.

like image 88
paulmelnikow Avatar answered Oct 02 '22 10:10

paulmelnikow