Django测试客户端http基本身份验证用于发布请求

时间:2011-05-20 07:17:07

标签: django unit-testing

大家。我正在尝试使用带有http basic auth的django-tastypie为RESTful API编写测试。所以,我有以下代码:

def http_auth(username, password):
    credentials = base64.encodestring('%s:%s' % (username, password)).strip()
    auth_string = 'Basic %s' % credentials
    return auth_string

class FileApiTest(TestCase):

    fixtures = ['test/fixtures/test_users.json']

    def setUp(self):
        self.extra = {
            'HTTP_AUTHORIZATION': http_auth('testuser', 'qwerty')
        }

    def test_folder_resource(self):
        response = self.client.get('/api/1.0/folder/', **self.extra)
        self.assertEqual(response.status_code, 200)

    def test_folder_resource_post(self):
        response = self.client.post('/api/1.0/folder/', **self.extra)
        self.assertNotEqual(response.status_code, 401)

GET请求完成,返回状态代码200.但POST请求总是返回401.我确信我做错了。有什么建议吗?

3 个答案:

答案 0 :(得分:5)

结帐this question。我已经使用该代码进行了使用GET和POST的测试,并且它有效。我能看到的唯一区别是你使用了base64.encodestring而不是base64.b64encode。

否则,如果这不起作用,您如何执行HTTP身份验证?我编写并使用了这个函数装饰器:

import base64
from django.http import HttpResponse
from django.contrib.auth import authenticate, login

def http_auth(view, request, realm="", must_be='', *args, **kwargs):
    if 'HTTP_AUTHORIZATION' in request.META:
        auth = request.META['HTTP_AUTHORIZATION'].split()
        if len(auth) == 2:
            if auth[0].lower() == "basic":
                uname, passwd = base64.b64decode(auth[1]).split(':')
                if must_be in ('', uname):
                    user = authenticate(username=uname, password=passwd)
                    if user is not None and user.is_active:
                            login(request, user)
                            request.user = user
                            return view(request, *args, **kwargs)

    # They mustn't be logged in
    response = HttpResponse('Failed')
    response.status_code = 401
    response['WWW-Authenticate'] = 'Basic realm="%s"' % realm
    return response


def http_auth_required(realm="", must_be=''):
    """ Decorator that requires HTTP Basic authentication, eg API views. """
    def view_decorator(func):
        def wrapper(request, *args, **kwargs):
            return http_auth(func, request, realm, must_be, *args, **kwargs)
        return wrapper
    return view_decorator

答案 1 :(得分:1)

我找到了解决问题的原因。 DjangoAuthorization使用django premissions框架检查权限,因为我没有在我的项目中使用它 - 来自非超级用户的所有post / put / delete请求都是未经授权的。我的坏。

无论如何,非常感谢你们,各位回答。

答案 2 :(得分:0)

在Python 3上

@staticmethod
def http_auth(username, password):
    """
    Encode Basic Auth username:password.
    :param username:
    :param password:
    :return String:
    """
    data = f"{username}:{password}"
    credentials = base64.b64encode(data.encode("utf-8")).strip()
    auth_string = f'Basic {credentials.decode("utf-8")}'
    return auth_string


def post_json(self, url_name: AnyStr, url_kwargs: Dict, data: Dict):
    """
    Offers a shortcut alternative to doing this manually each time
    """
    header = {'HTTP_AUTHORIZATION': self.http_auth('username', 'password')}
    return self.post(
        reverse(url_name, kwargs=url_kwargs),
        json.dumps(data),
        content_type="application/json",
        **header
    )
相关问题
最新问题