我尝试使用带有login_required的Django REST框架API的ModelViewSet装饰器替换现有的基于函数的视图。但是,看起来认证的工作方式有点不同。
为了尝试使我的单元测试适应Django REST框架案例,我克隆了https://github.com/encode/rest-framework-tutorial并在顶级目录中添加了tests.py:
import json
from django.contrib.auth.models import User
from django.test import TestCase, Client
from snippets.models import Snippet
class SnippetTestCase(TestCase):
def setUp(self):
self.username = 'john_doe'
self.password = 'foobar'
self.user = User.objects.create(username=self.username, password=self.password)
self.client = Client()
self.snippet = Snippet.objects.create(owner=self.user, code="Foo Bar")
def test_1(self):
self.client.login(username=self.username, password=self.password)
response = self.client.post(
path='http://localhost:8000/snippets/1/',
data=json.dumps({'code': 'New code'}),
content_type="application/json")
self.assertEqual(response.status_code, 201)
但是,这会返回403 Forbidden响应:
Kurts-MacBook-Pro:rest-framework-tutorial kurtpeek$ python manage.py test
Creating test database for alias 'default'...
System check identified no issues (0 silenced).
F
======================================================================
FAIL: test_1 (tutorial.tests.SnippetTestCase)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/kurtpeek/Documents/source/rest-framework-tutorial/tutorial/tests.py", line 23, in test_1
self.assertEqual(response.status_code, 201)
AssertionError: 403 != 201
----------------------------------------------------------------------
Ran 1 test in 0.049s
FAILED (failures=1)
Destroying test database for alias 'default'...
另一方面,使用带有-a标志的HTTPie可以正常工作:
Kurts-MacBook-Pro:rest-framework-tutorial kurtpeek$ http -a kurtpeek:foobar123 POST http://localhost:8000/snippets/ code="print 123"
HTTP/1.1 201 Created
Allow: GET, POST, HEAD, OPTIONS
Content-Length: 212
Content-Type: application/json
Date: Thu, 25 Jan 2018 00:11:59 GMT
Location: http://localhost:8000/snippets/2/
Server: WSGIServer/0.2 CPython/3.6.4
Vary: Accept, Cookie
X-Frame-Options: SAMEORIGIN
{
"code": "print 123",
"highlight": "http://localhost:8000/snippets/2/highlight/",
"id": 2,
"language": "python",
"linenos": false,
"owner": "kurtpeek",
"style": "friendly",
"title": "",
"url": "http://localhost:8000/snippets/2/"
}
在我看来,这个测试应该满足IsOwnerOrReadonly权限类的要求:
from rest_framework import permissions
class IsOwnerOrReadOnly(permissions.BasePermission):
"""
Custom permission to only allow owners of an object to edit it.
"""
def has_object_permission(self, request, view, obj):
# Read permissions are allowed to any request,
# so we'll always allow GET, HEAD or OPTIONS requests.
if request.method in permissions.SAFE_METHODS:
return True
# Write permissions are only allowed to the owner of the snippet.
return obj.owner == request.user
因为相同的User也是代码段的owner。任何想法为什么这不起作用,或者我如何构建传递的测试用例?
答案 0 :(得分:1)
我发现Django REST框架有自己的一套测试工具。目前,我正在从rest_framework.test.APITestCase而不是django.test.TestCase进行子类化,并在如此创建的.force_authenticate上调用self.client方法:
import json
from django.contrib.auth.models import User
from django.test import TestCase
from rest_framework.test import APITestCase, force_authenticate
from snippets.models import Snippet
class SnippetTestCase(APITestCase):
def setUp(self):
self.username = 'john_doe'
self.password = 'foobar'
self.user = User.objects.create(username=self.username, password=self.password)
self.client.force_authenticate(user=self.user)
def test_1(self):
response = self.client.post('/snippets/', {'code': 'Foo Bar'}, format='json')
self.assertEqual(response.status_code, 201)
测试现在通过了。