diff options
Diffstat (limited to 'tests')
-rw-r--r-- | tests/admin_views/tests.py | 2 | ||||
-rw-r--r-- | tests/auth_tests/test_middleware.py | 37 | ||||
-rw-r--r-- | tests/auth_tests/test_views.py | 8 | ||||
-rw-r--r-- | tests/auth_tests/urls_custom_user_admin.py | 2 | ||||
-rw-r--r-- | tests/settings_tests/tests.py | 45 |
5 files changed, 12 insertions, 82 deletions
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 87d6f86ae4..7b7e09a25f 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -773,7 +773,7 @@ class AdminViewBasicTest(AdminViewBasicTestCase): user = User.objects.get(username='super') user.set_unusable_password() user.save() - + self.client.force_login(user) response = self.client.get(reverse('admin:index')) self.assertNotContains(response, reverse('admin:password_change'), msg_prefix='The "change password" link should not be displayed if a user does not have a usable password.') diff --git a/tests/auth_tests/test_middleware.py b/tests/auth_tests/test_middleware.py index e67a89ef26..9ebb1e46ee 100644 --- a/tests/auth_tests/test_middleware.py +++ b/tests/auth_tests/test_middleware.py @@ -4,47 +4,26 @@ from django.http import HttpRequest from django.test import TestCase -class TestSessionAuthenticationMiddleware(TestCase): +class TestAuthenticationMiddleware(TestCase): def setUp(self): - self.user_password = 'test_password' - self.user = User.objects.create_user('test_user', - 'test@example.com', - self.user_password) - + self.user = User.objects.create_user('test_user', 'test@example.com', 'test_password') self.middleware = AuthenticationMiddleware() - self.assertTrue(self.client.login( - username=self.user.username, - password=self.user_password, - )) + self.client.force_login(self.user) self.request = HttpRequest() self.request.session = self.client.session - def test_changed_password_doesnt_invalidate_session(self): - """ - Changing a user's password shouldn't invalidate the session if session - verification isn't activated. - """ - session_key = self.request.session.session_key + def test_no_password_change_doesnt_invalidate_session(self): + self.request.session = self.client.session self.middleware.process_request(self.request) self.assertIsNotNone(self.request.user) self.assertFalse(self.request.user.is_anonymous()) - # After password change, user should remain logged in. + def test_changed_password_invalidates_session(self): + # After password change, user should be anonymous self.user.set_password('new_password') self.user.save() self.middleware.process_request(self.request) self.assertIsNotNone(self.request.user) - self.assertFalse(self.request.user.is_anonymous()) - self.assertEqual(session_key, self.request.session.session_key) - - def test_changed_password_invalidates_session_with_middleware(self): - with self.modify_settings( - MIDDLEWARE_CLASSES={'append': ['django.contrib.auth.middleware.SessionAuthenticationMiddleware']}): - # After password change, user should be anonymous - self.user.set_password('new_password') - self.user.save() - self.middleware.process_request(self.request) - self.assertIsNotNone(self.request.user) - self.assertTrue(self.request.user.is_anonymous()) + self.assertTrue(self.request.user.is_anonymous()) # session should be flushed self.assertIsNone(self.request.session.session_key) diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index b23d895152..19a47a2697 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -24,7 +24,7 @@ from django.core.urlresolvers import NoReverseMatch, reverse, reverse_lazy from django.db import connection from django.http import HttpRequest, QueryDict from django.middleware.csrf import CsrfViewMiddleware, get_token -from django.test import TestCase, modify_settings, override_settings +from django.test import TestCase, override_settings from django.test.utils import patch_logger from django.utils.encoding import force_text from django.utils.http import urlquote @@ -506,9 +506,6 @@ class ChangePasswordTest(AuthViewsTestCase): self.assertURLEqual(response.url, '/password_reset/') -@modify_settings(MIDDLEWARE_CLASSES={ - 'append': 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', -}) class SessionAuthenticationTests(AuthViewsTestCase): def test_user_password_change_updates_session(self): """ @@ -876,9 +873,6 @@ class LogoutTest(AuthViewsTestCase): # Redirect in test_user_change_password will fail if session auth hash # isn't updated after password change (#21649) -@modify_settings(MIDDLEWARE_CLASSES={ - 'append': 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', -}) @override_settings( PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'], ROOT_URLCONF='auth_tests.urls_admin', diff --git a/tests/auth_tests/urls_custom_user_admin.py b/tests/auth_tests/urls_custom_user_admin.py index dc47be68c7..de33984fa5 100644 --- a/tests/auth_tests/urls_custom_user_admin.py +++ b/tests/auth_tests/urls_custom_user_admin.py @@ -10,8 +10,10 @@ class CustomUserAdmin(UserAdmin): def log_change(self, request, object, message): # LogEntry.user column doesn't get altered to expect a UUID, so set an # integer manually to avoid causing an error. + original_pk = request.user.pk request.user.pk = 1 super(CustomUserAdmin, self).log_change(request, object, message) + request.user.pk = original_pk site.register(get_user_model(), CustomUserAdmin) diff --git a/tests/settings_tests/tests.py b/tests/settings_tests/tests.py index 90b2b8e580..bf4f071c2f 100644 --- a/tests/settings_tests/tests.py +++ b/tests/settings_tests/tests.py @@ -12,7 +12,6 @@ from django.test import ( override_settings, signals, ) from django.utils import six -from django.utils.encoding import force_text @modify_settings(ITEMS={ @@ -489,47 +488,3 @@ class TestListSettings(unittest.TestCase): finally: del sys.modules['fake_settings_module'] delattr(settings_module, setting) - - -class TestSessionVerification(unittest.TestCase): - - def setUp(self): - self.settings_module = ModuleType('fake_settings_module') - self.settings_module.SECRET_KEY = 'foo' - - def tearDown(self): - if 'fake_settings_module' in sys.modules: - del sys.modules['fake_settings_module'] - - def test_session_verification_deprecation_no_verification(self): - self.settings_module.MIDDLEWARE_CLASSES = ['django.contrib.auth.middleware.AuthenticationMiddleware'] - sys.modules['fake_settings_module'] = self.settings_module - with warnings.catch_warnings(record=True) as warn: - warnings.filterwarnings('always') - Settings('fake_settings_module') - self.assertEqual( - force_text(warn[0].message), - "Session verification will become mandatory in Django 1.10. " - "Please add 'django.contrib.auth.middleware.SessionAuthenticationMiddleware' " - "to your MIDDLEWARE_CLASSES setting when you are ready to opt-in after " - "reading the upgrade considerations in the 1.8 release notes.", - ) - - def test_session_verification_deprecation_both(self): - self.settings_module.MIDDLEWARE_CLASSES = [ - 'django.contrib.auth.middleware.AuthenticationMiddleware', - 'django.contrib.auth.middleware.SessionAuthenticationMiddleware', - ] - sys.modules['fake_settings_module'] = self.settings_module - with warnings.catch_warnings(record=True) as warn: - warnings.filterwarnings('always') - Settings('fake_settings_module') - self.assertEqual(len(warn), 0) - - def test_session_verification_deprecation_neither(self): - self.settings_module.MIDDLEWARE_CLASSES = [] - sys.modules['fake_settings_module'] = self.settings_module - with warnings.catch_warnings(record=True) as warn: - warnings.filterwarnings('always') - Settings('fake_settings_module') - self.assertEqual(len(warn), 0) |