diff options
Diffstat (limited to 'tests/auth_tests/test_checks.py')
-rw-r--r-- | tests/auth_tests/test_checks.py | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/tests/auth_tests/test_checks.py b/tests/auth_tests/test_checks.py index 3ff78d9851..962444fb60 100644 --- a/tests/auth_tests/test_checks.py +++ b/tests/auth_tests/test_checks.py @@ -83,6 +83,39 @@ class UserModelChecksTests(SimpleTestCase): ), ]) + @override_settings(AUTH_USER_MODEL='auth_tests.BadUser') + def test_is_anonymous_authenticated_methods(self): + """ + <User Model>.is_anonymous/is_authenticated must not be methods. + """ + class BadUser(AbstractBaseUser): + username = models.CharField(max_length=30, unique=True) + USERNAME_FIELD = 'username' + + def is_anonymous(self): + return True + + def is_authenticated(self): + return True + + errors = checks.run_checks(app_configs=self.apps.get_app_configs()) + self.assertEqual(errors, [ + checks.Critical( + '%s.is_anonymous must be an attribute or property rather than ' + 'a method. Ignoring this is a security issue as anonymous ' + 'users will be treated as authenticated!' % BadUser, + obj=BadUser, + id='auth.C009', + ), + checks.Critical( + '%s.is_authenticated must be an attribute or property rather ' + 'than a method. Ignoring this is a security issue as anonymous ' + 'users will be treated as authenticated!' % BadUser, + obj=BadUser, + id='auth.C010', + ), + ]) + @isolate_apps('auth_tests', attr_name='apps') @override_system_checks([check_models_permissions]) |