-
Notifications
You must be signed in to change notification settings - Fork 7
/
test_authentication.py
133 lines (90 loc) · 4.14 KB
/
test_authentication.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
import pytest
from django.contrib.auth.models import User
from django.test import TestCase
from pretend import stub
from rest_framework import status
from rest_framework.exceptions import AuthenticationFailed
from rest_framework.response import Response
from rest_framework.test import APIRequestFactory, APITestCase
from rest_framework.views import APIView
from rest_framework_hmac.authentication import HMACAuthentication
from rest_framework_hmac.client import HMACSigner
from tests import factory
request_factory = APIRequestFactory()
ISO8601 = '%Y-%m-%dT%H:%M:%SZ'
class BasicView(APIView):
authentication_classes = (HMACAuthentication,)
def get(self, request, *args, **kwargs):
return Response(data={'foo': 'bar'})
def post(self, request, *args, **kwargs):
return Response(data=request.data)
def put(self, request, *args, **kwargs):
return Response(data=request.data)
def delete(self, request, *args, **kwargs):
return Response(data={'message': 'ok'})
class HMACAuthenticationUnitTests(TestCase):
def test_get_user(self):
user = User.objects.create_user('bob')
request = stub(META={'Key': user.hmac_key.key})
ret = HMACAuthentication().get_user(request)
assert ret == user
def test_get_user__fail_if_key_not_sent(self):
request = stub(META={})
with pytest.raises(AuthenticationFailed):
HMACAuthentication().get_user(request)
def test_get_user__fail_if_invalid_key(self):
request = stub(META={'Key': 'invalid'})
with pytest.raises(AuthenticationFailed):
HMACAuthentication().get_user(request)
def test_get_signature(self):
signature = b'my-signature'
request = stub(META={'Signature': signature})
ret = HMACAuthentication().get_signature(request)
assert ret == signature
def test_get_signature__fail_if_key_not_sent(self):
request = stub(META={})
with pytest.raises(AuthenticationFailed):
HMACAuthentication().get_signature(request)
def test_get_signature__fail_if_not_bytes(self):
signature = 'str'
request = stub(META={'Signature': signature})
with pytest.raises(AuthenticationFailed):
HMACAuthentication().get_signature(request)
class HMACAuthenticationIntegrationTests(APITestCase):
def setUp(self):
self.post_data = {'foo': 'bar'}
self.user = User.objects.create_user('bob')
self.view = BasicView.as_view()
self.extras = {'Key': self.user.hmac_key.key, 'Timestamp': factory.TIME}
def test_post_200(self):
self.extras['Signature'] = HMACSigner(self.user).calc_signature(
factory.post_headers, self.post_data)
request = request_factory.post(
'/', self.post_data, format='json', **self.extras)
response = self.view(request)
assert response.status_code == status.HTTP_200_OK
def test_post_400__invalid_signature(self):
self.extras['Signature'] = b'invalid'
request = request_factory.post(
'/', self.post_data, format='json', **self.extras)
response = self.view(request)
assert response.status_code == status.HTTP_403_FORBIDDEN
def test_get_200(self):
self.extras['Signature'] = HMACSigner(self.user).calc_signature(
factory.get_headers)
request = request_factory.get('/', format='json', **self.extras)
response = self.view(request)
assert response.status_code == status.HTTP_200_OK
def test_put_200(self):
data = {'biz': 'baz'}
self.extras['Signature'] = HMACSigner(self.user).calc_signature(
factory.put_headers, data)
request = request_factory.put('/', data, format='json', **self.extras)
response = self.view(request)
assert response.status_code == status.HTTP_200_OK
def test_delete_200(self):
self.extras['Signature'] = HMACSigner(self.user).calc_signature(
factory.delete_headers)
request = request_factory.delete('/', format='json', **self.extras)
response = self.view(request)
assert response.status_code == status.HTTP_200_OK