Commit c7ff657b by Jim Abramson

Merge pull request #531 from edx/hotfix/jsa/user_api_basic_auth

make user api work with basic auth
parents 45d7444e fc5d4aa7
import base64
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.test import TestCase from django.test import TestCase
from django.test.utils import override_settings from django.test.utils import override_settings
...@@ -31,6 +33,9 @@ class UserApiTestCase(TestCase): ...@@ -31,6 +33,9 @@ class UserApiTestCase(TestCase):
UserPreferenceFactory.create(user=self.users[1], key="key0") UserPreferenceFactory.create(user=self.users[1], key="key0")
] ]
def basic_auth(self, username, password):
return {'HTTP_AUTHORIZATION': 'Basic ' + base64.b64encode('%s:%s' % (username, password))}
def request_with_auth(self, method, *args, **kwargs): def request_with_auth(self, method, *args, **kwargs):
"""Issue a get request to the given URI with the API key header""" """Issue a get request to the given URI with the API key header"""
return getattr(self.client, method)(*args, HTTP_X_EDX_API_KEY=TEST_API_KEY, **kwargs) return getattr(self.client, method)(*args, HTTP_X_EDX_API_KEY=TEST_API_KEY, **kwargs)
...@@ -127,6 +132,15 @@ class UserViewSetTest(UserApiTestCase): ...@@ -127,6 +132,15 @@ class UserViewSetTest(UserApiTestCase):
def test_debug_auth(self): def test_debug_auth(self):
self.assertHttpOK(self.client.get(self.LIST_URI)) self.assertHttpOK(self.client.get(self.LIST_URI))
@override_settings(DEBUG=False)
@override_settings(EDX_API_KEY=TEST_API_KEY)
def test_basic_auth(self):
# ensure that having basic auth headers in the mix does not break anything
self.assertHttpOK(
self.request_with_auth("get", self.LIST_URI, **self.basic_auth('someuser', 'somepass')))
self.assertHttpForbidden(
self.client.get(self.LIST_URI, **self.basic_auth('someuser', 'somepass')))
def test_get_list_empty(self): def test_get_list_empty(self):
User.objects.all().delete() User.objects.all().delete()
result = self.get_json(self.LIST_URI) result = self.get_json(self.LIST_URI)
......
from django.conf import settings from django.conf import settings
from django.contrib.auth.models import User from django.contrib.auth.models import User
from rest_framework import authentication
from rest_framework import filters from rest_framework import filters
from rest_framework import permissions from rest_framework import permissions
from rest_framework import viewsets from rest_framework import viewsets
...@@ -25,6 +26,7 @@ class ApiKeyHeaderPermission(permissions.BasePermission): ...@@ -25,6 +26,7 @@ class ApiKeyHeaderPermission(permissions.BasePermission):
class UserViewSet(viewsets.ReadOnlyModelViewSet): class UserViewSet(viewsets.ReadOnlyModelViewSet):
authentication_classes = (authentication.SessionAuthentication,)
permission_classes = (ApiKeyHeaderPermission,) permission_classes = (ApiKeyHeaderPermission,)
queryset = User.objects.all() queryset = User.objects.all()
serializer_class = UserSerializer serializer_class = UserSerializer
...@@ -33,6 +35,7 @@ class UserViewSet(viewsets.ReadOnlyModelViewSet): ...@@ -33,6 +35,7 @@ class UserViewSet(viewsets.ReadOnlyModelViewSet):
class UserPreferenceViewSet(viewsets.ReadOnlyModelViewSet): class UserPreferenceViewSet(viewsets.ReadOnlyModelViewSet):
authentication_classes = (authentication.SessionAuthentication,)
permission_classes = (ApiKeyHeaderPermission,) permission_classes = (ApiKeyHeaderPermission,)
queryset = UserPreference.objects.all() queryset = UserPreference.objects.all()
filter_backends = (filters.DjangoFilterBackend,) filter_backends = (filters.DjangoFilterBackend,)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment