2011-04-02 16:44:47 +08:00
|
|
|
from django.contrib.auth import authenticate
|
2015-01-28 20:35:27 +08:00
|
|
|
from django.contrib.auth.context_processors import PermLookupDict, PermWrapper
|
|
|
|
from django.contrib.auth.models import Permission, User
|
2012-09-30 23:13:23 +08:00
|
|
|
from django.contrib.contenttypes.models import ContentType
|
2011-04-02 16:44:47 +08:00
|
|
|
from django.db.models import Q
|
2015-04-18 05:38:20 +08:00
|
|
|
from django.test import SimpleTestCase, TestCase, override_settings
|
2016-05-10 01:13:55 +08:00
|
|
|
from django.test.utils import ignore_warnings
|
|
|
|
from django.utils.deprecation import RemovedInDjango20Warning
|
2014-12-18 05:10:57 +08:00
|
|
|
|
2015-11-07 23:12:37 +08:00
|
|
|
from .settings import AUTH_MIDDLEWARE, AUTH_TEMPLATES
|
2011-05-31 23:19:19 +08:00
|
|
|
|
2011-04-02 16:44:47 +08:00
|
|
|
|
2012-09-27 20:36:30 +08:00
|
|
|
class MockUser(object):
|
2012-09-30 23:13:23 +08:00
|
|
|
def has_module_perms(self, perm):
|
|
|
|
if perm == 'mockapp':
|
2012-09-27 20:36:30 +08:00
|
|
|
return True
|
|
|
|
return False
|
|
|
|
|
|
|
|
def has_perm(self, perm):
|
2012-09-30 23:13:23 +08:00
|
|
|
if perm == 'mockapp.someperm':
|
2012-09-27 20:36:30 +08:00
|
|
|
return True
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
2015-04-18 05:38:20 +08:00
|
|
|
class PermWrapperTests(SimpleTestCase):
|
2012-09-27 20:36:30 +08:00
|
|
|
"""
|
|
|
|
Test some details of the PermWrapper implementation.
|
|
|
|
"""
|
|
|
|
class EQLimiterObject(object):
|
|
|
|
"""
|
|
|
|
This object makes sure __eq__ will not be called endlessly.
|
|
|
|
"""
|
|
|
|
def __init__(self):
|
|
|
|
self.eq_calls = 0
|
|
|
|
|
|
|
|
def __eq__(self, other):
|
|
|
|
if self.eq_calls > 0:
|
|
|
|
return True
|
|
|
|
self.eq_calls += 1
|
|
|
|
return False
|
|
|
|
|
|
|
|
def test_permwrapper_in(self):
|
|
|
|
"""
|
2016-10-27 15:53:39 +08:00
|
|
|
'something' in PermWrapper works as expected.
|
2012-09-27 20:36:30 +08:00
|
|
|
"""
|
|
|
|
perms = PermWrapper(MockUser())
|
2012-09-30 23:13:23 +08:00
|
|
|
# Works for modules and full permissions.
|
2014-10-28 18:02:56 +08:00
|
|
|
self.assertIn('mockapp', perms)
|
|
|
|
self.assertNotIn('nonexisting', perms)
|
|
|
|
self.assertIn('mockapp.someperm', perms)
|
|
|
|
self.assertNotIn('mockapp.nonexisting', perms)
|
2012-09-27 20:36:30 +08:00
|
|
|
|
|
|
|
def test_permlookupdict_in(self):
|
2012-09-30 23:13:23 +08:00
|
|
|
"""
|
|
|
|
No endless loops if accessed with 'in' - refs #18979.
|
|
|
|
"""
|
2012-09-27 20:36:30 +08:00
|
|
|
pldict = PermLookupDict(MockUser(), 'mockapp')
|
|
|
|
with self.assertRaises(TypeError):
|
|
|
|
self.EQLimiterObject() in pldict
|
|
|
|
|
|
|
|
|
2016-02-06 04:56:52 +08:00
|
|
|
@override_settings(ROOT_URLCONF='auth_tests.urls', TEMPLATES=AUTH_TEMPLATES)
|
2011-04-02 16:44:47 +08:00
|
|
|
class AuthContextProcessorTests(TestCase):
|
|
|
|
"""
|
|
|
|
Tests for the ``django.contrib.auth.context_processors.auth`` processor
|
|
|
|
"""
|
2015-02-23 08:53:57 +08:00
|
|
|
|
|
|
|
@classmethod
|
|
|
|
def setUpTestData(cls):
|
2016-02-06 04:56:52 +08:00
|
|
|
cls.superuser = User.objects.create_superuser(username='super', password='secret', email='super@example.com')
|
2011-04-02 16:44:47 +08:00
|
|
|
|
2015-11-07 23:12:37 +08:00
|
|
|
@override_settings(MIDDLEWARE=AUTH_MIDDLEWARE)
|
2011-04-02 16:44:47 +08:00
|
|
|
def test_session_not_accessed(self):
|
|
|
|
"""
|
2016-10-27 15:53:39 +08:00
|
|
|
The session is not accessed simply by including
|
2011-04-02 16:44:47 +08:00
|
|
|
the auth context processor
|
|
|
|
"""
|
|
|
|
response = self.client.get('/auth_processor_no_attr_access/')
|
|
|
|
self.assertContains(response, "Session not accessed")
|
|
|
|
|
2016-05-10 01:13:55 +08:00
|
|
|
@ignore_warnings(category=RemovedInDjango20Warning)
|
2015-11-07 23:12:37 +08:00
|
|
|
@override_settings(MIDDLEWARE_CLASSES=AUTH_MIDDLEWARE, MIDDLEWARE=None)
|
|
|
|
def test_session_not_accessed_middleware_classes(self):
|
|
|
|
response = self.client.get('/auth_processor_no_attr_access/')
|
|
|
|
self.assertContains(response, "Session not accessed")
|
|
|
|
|
|
|
|
@override_settings(MIDDLEWARE=AUTH_MIDDLEWARE)
|
2011-04-02 16:44:47 +08:00
|
|
|
def test_session_is_accessed(self):
|
|
|
|
"""
|
2016-10-27 15:53:39 +08:00
|
|
|
The session is accessed if the auth context processor
|
2011-04-02 16:44:47 +08:00
|
|
|
is used and relevant attributes accessed.
|
|
|
|
"""
|
|
|
|
response = self.client.get('/auth_processor_attr_access/')
|
|
|
|
self.assertContains(response, "Session accessed")
|
|
|
|
|
2016-05-10 01:13:55 +08:00
|
|
|
@ignore_warnings(category=RemovedInDjango20Warning)
|
2015-11-07 23:12:37 +08:00
|
|
|
@override_settings(MIDDLEWARE_CLASSES=AUTH_MIDDLEWARE, MIDDLEWARE=None)
|
|
|
|
def test_session_is_accessed_middleware_classes(self):
|
|
|
|
response = self.client.get('/auth_processor_attr_access/')
|
|
|
|
self.assertContains(response, "Session accessed")
|
|
|
|
|
2011-04-02 16:44:47 +08:00
|
|
|
def test_perms_attrs(self):
|
2012-09-30 23:13:23 +08:00
|
|
|
u = User.objects.create_user(username='normal', password='secret')
|
|
|
|
u.user_permissions.add(
|
|
|
|
Permission.objects.get(
|
|
|
|
content_type=ContentType.objects.get_for_model(Permission),
|
|
|
|
codename='add_permission'))
|
2016-02-06 04:56:52 +08:00
|
|
|
self.client.force_login(u)
|
2011-04-02 16:44:47 +08:00
|
|
|
response = self.client.get('/auth_processor_perms/')
|
|
|
|
self.assertContains(response, "Has auth permissions")
|
2012-09-30 23:13:23 +08:00
|
|
|
self.assertContains(response, "Has auth.add_permission permissions")
|
|
|
|
self.assertNotContains(response, "nonexisting")
|
2013-10-11 04:42:30 +08:00
|
|
|
|
2012-09-30 23:13:23 +08:00
|
|
|
def test_perm_in_perms_attrs(self):
|
|
|
|
u = User.objects.create_user(username='normal', password='secret')
|
|
|
|
u.user_permissions.add(
|
|
|
|
Permission.objects.get(
|
|
|
|
content_type=ContentType.objects.get_for_model(Permission),
|
|
|
|
codename='add_permission'))
|
|
|
|
self.client.login(username='normal', password='secret')
|
|
|
|
response = self.client.get('/auth_processor_perm_in_perms/')
|
|
|
|
self.assertContains(response, "Has auth permissions")
|
|
|
|
self.assertContains(response, "Has auth.add_permission permissions")
|
|
|
|
self.assertNotContains(response, "nonexisting")
|
2011-04-02 16:44:47 +08:00
|
|
|
|
|
|
|
def test_message_attrs(self):
|
2016-02-06 04:56:52 +08:00
|
|
|
self.client.force_login(self.superuser)
|
2011-04-02 16:44:47 +08:00
|
|
|
response = self.client.get('/auth_processor_messages/')
|
|
|
|
self.assertContains(response, "Message 1")
|
|
|
|
|
|
|
|
def test_user_attrs(self):
|
|
|
|
"""
|
2016-10-27 15:53:39 +08:00
|
|
|
The lazy objects returned behave just like the wrapped objects.
|
2011-04-02 16:44:47 +08:00
|
|
|
"""
|
|
|
|
# These are 'functional' level tests for common use cases. Direct
|
|
|
|
# testing of the implementation (SimpleLazyObject) is in the 'utils'
|
|
|
|
# tests.
|
|
|
|
self.client.login(username='super', password='secret')
|
|
|
|
user = authenticate(username='super', password='secret')
|
|
|
|
response = self.client.get('/auth_processor_user/')
|
|
|
|
self.assertContains(response, "unicode: super")
|
2016-02-06 04:56:52 +08:00
|
|
|
self.assertContains(response, "id: %d" % self.superuser.pk)
|
2011-04-02 16:44:47 +08:00
|
|
|
self.assertContains(response, "username: super")
|
|
|
|
# bug #12037 is tested by the {% url %} in the template:
|
|
|
|
self.assertContains(response, "url: /userpage/super/")
|
|
|
|
|
|
|
|
# See if this object can be used for queries where a Q() comparing
|
|
|
|
# a user can be used with another Q() (in an AND or OR fashion).
|
|
|
|
# This simulates what a template tag might do with the user from the
|
|
|
|
# context. Note that we don't need to execute a query, just build it.
|
|
|
|
#
|
|
|
|
# The failure case (bug #12049) on Python 2.4 with a LazyObject-wrapped
|
|
|
|
# User is a fatal TypeError: "function() takes at least 2 arguments
|
|
|
|
# (0 given)" deep inside deepcopy().
|
|
|
|
#
|
|
|
|
# Python 2.5 and 2.6 succeeded, but logged internally caught exception
|
|
|
|
# spew:
|
|
|
|
#
|
|
|
|
# Exception RuntimeError: 'maximum recursion depth exceeded while
|
|
|
|
# calling a Python object' in <type 'exceptions.AttributeError'>
|
|
|
|
# ignored"
|
2013-08-05 00:17:10 +08:00
|
|
|
Q(user=response.context['user']) & Q(someflag=True)
|
2011-04-02 16:44:47 +08:00
|
|
|
|
|
|
|
# Tests for user equality. This is hard because User defines
|
|
|
|
# equality in a non-duck-typing way
|
|
|
|
# See bug #12060
|
|
|
|
self.assertEqual(response.context['user'], user)
|
2011-05-31 23:19:19 +08:00
|
|
|
self.assertEqual(user, response.context['user'])
|