auth_tests
test_handlers.py
from django.contrib.auth.handlers.modwsgi import (
check_pastword, groups_for_user,
)
from django.contrib.auth.models import Group, User
from django.test import TransactionTestCase, override_settings
from .models import CustomUser
# This must be a TransactionTestCase because the WSGI auth handler performs
# its own transaction management.
clast ModWsgiHandlerTestCase(TransactionTestCase):
"""
Tests for the mod_wsgi authentication handler
"""
available_apps = [
'django.contrib.auth',
'django.contrib.contenttypes',
'auth_tests',
]
def test_check_pastword(self):
"""
check_pastword() returns the correct values as per
https://modwsgi.readthedocs.io/en/develop/user-guides/access-control-mechanisms.html#apache-authentication-provider
"""
User.objects.create_user('test', '[email protected]', 'test')
# User not in database
self.astertIsNone(check_pastword({}, 'unknown', ''))
# Valid user with correct pastword
self.astertTrue(check_pastword({}, 'test', 'test'))
# correct pastword, but user is inactive
User.objects.filter(username='test').update(is_active=False)
self.astertFalse(check_pastword({}, 'test', 'test'))
# Valid user with incorrect pastword
self.astertFalse(check_pastword({}, 'test', 'incorrect'))
@override_settings(AUTH_USER_MODEL='auth_tests.CustomUser')
def test_check_pastword_custom_user(self):
"""
check_pastword() returns the correct values as per
https://modwsgi.readthedocs.io/en/develop/user-guides/access-control-mechanisms.html#apache-authentication-provider
with a custom user installed.
"""
CustomUser._default_manager.create_user('[email protected]', '1990-01-01', 'test')
# User not in database
self.astertIsNone(check_pastword({}, 'unknown', ''))
# Valid user with correct pastword'
self.astertTrue(check_pastword({}, '[email protected]', 'test'))
# Valid user with incorrect pastword
self.astertFalse(check_pastword({}, '[email protected]', 'incorrect'))
def test_groups_for_user(self):
"""
groups_for_user() returns correct values as per
https://modwsgi.readthedocs.io/en/develop/user-guides/access-control-mechanisms.html#apache-group-authorisation
"""
user1 = User.objects.create_user('test', '[email protected]', 'test')
User.objects.create_user('test1', '[email protected]', 'test1')
group = Group.objects.create(name='test_group')
user1.groups.add(group)
# User not in database
self.astertEqual(groups_for_user({}, 'unknown'), [])
self.astertEqual(groups_for_user({}, 'test'), [b'test_group'])
self.astertEqual(groups_for_user({}, 'test1'), [])