django/tests/auth_tests/test_middleware.py

from django.contrib.auth.middleware import AuthenticationMiddleware
from django.contrib.auth.models import User
from django.http import HttpRequest
from django.test import TestCase


class TestAuthenticationMiddleware(TestCase):
    def setUp(self):
        self.user = User.objects.create_user('test_user', 'test@example.com', 'test_password')
        self.middleware = AuthenticationMiddleware()
        self.client.force_login(self.user)
        self.request = HttpRequest()
        self.request.session = self.client.session

    def test_no_password_change_doesnt_invalidate_session(self):
        self.request.session = self.client.session
        self.middleware.process_request(self.request)
        self.assertIsNotNone(self.request.user)
        self.assertFalse(self.request.user.is_anonymous)

    def test_changed_password_invalidates_session(self):
        # After password change, user should be anonymous
        self.user.set_password('new_password')
        self.user.save()
        self.middleware.process_request(self.request)
        self.assertIsNotNone(self.request.user)
        self.assertTrue(self.request.user.is_anonymous)
        # session should be flushed
        self.assertIsNone(self.request.session.session_key)
Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review. 2014-12-03 20:33:44 +08:00			`from django.contrib.auth.middleware import AuthenticationMiddleware`
Fixed #21649 -- Added optional invalidation of sessions when user password changes. Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews. 2014-04-01 08:16:09 +08:00			`from django.contrib.auth.models import User`
			`from django.http import HttpRequest`
			`from django.test import TestCase`


Refs #23957 -- Required session verification per deprecation timeline. 2015-09-03 08:50:34 +08:00			`class TestAuthenticationMiddleware(TestCase):`
Fixed #21649 -- Added optional invalidation of sessions when user password changes. Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews. 2014-04-01 08:16:09 +08:00			`def setUp(self):`
Refs #23957 -- Required session verification per deprecation timeline. 2015-09-03 08:50:34 +08:00			`self.user = User.objects.create_user('test_user', 'test@example.com', 'test_password')`
Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review. 2014-12-03 20:33:44 +08:00			`self.middleware = AuthenticationMiddleware()`
Refs #23957 -- Required session verification per deprecation timeline. 2015-09-03 08:50:34 +08:00			`self.client.force_login(self.user)`
Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review. 2014-12-03 20:33:44 +08:00			`self.request = HttpRequest()`
			`self.request.session = self.client.session`

Refs #23957 -- Required session verification per deprecation timeline. 2015-09-03 08:50:34 +08:00			`def test_no_password_change_doesnt_invalidate_session(self):`
			`self.request.session = self.client.session`
Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review. 2014-12-03 20:33:44 +08:00			`self.middleware.process_request(self.request)`
			`self.assertIsNotNone(self.request.user)`
Fixed #25847 -- Made User.is_(anonymous\|authenticated) properties. 2016-04-02 19:18:26 +08:00			`self.assertFalse(self.request.user.is_anonymous)`
Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review. 2014-12-03 20:33:44 +08:00
Refs #23957 -- Required session verification per deprecation timeline. 2015-09-03 08:50:34 +08:00			`def test_changed_password_invalidates_session(self):`
			`# After password change, user should be anonymous`
Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review. 2014-12-03 20:33:44 +08:00			`self.user.set_password('new_password')`
			`self.user.save()`
			`self.middleware.process_request(self.request)`
			`self.assertIsNotNone(self.request.user)`
Fixed #25847 -- Made User.is_(anonymous\|authenticated) properties. 2016-04-02 19:18:26 +08:00			`self.assertTrue(self.request.user.is_anonymous)`
Fixed #23939 -- Moved session verification out of SessionAuthenticationMiddleware. Thanks andrewbadr for the report and Carl Meyer for the review. 2014-12-03 20:33:44 +08:00			`# session should be flushed`
			`self.assertIsNone(self.request.session.session_key)`