0001-api-restrict-API-to-authenticated-admin-users-fixes-.patch
| tests/conftest.py | ||
|---|---|---|
| 277 | 277 | |
| 278 | 278 | |
| 279 | 279 |
@pytest.fixture |
| 280 |
def app(request): |
|
| 280 |
def app(request, admin):
|
|
| 281 | 281 |
wtm = django_webtest.WebTestMixin() |
| 282 | 282 |
wtm._patch_settings() |
| 283 | 283 |
request.addfinalizer(wtm._unpatch_settings) |
| 284 |
return django_webtest.DjangoTestApp(extra_environ={'HTTP_HOST': 'localhost'})
|
|
| 284 |
app = django_webtest.DjangoTestApp(extra_environ={'HTTP_HOST': 'localhost'})
|
|
| 285 |
app.authorization = ('Basic', ('admin', 'admin'))
|
|
| 286 |
return app |
|
| 287 | ||
| 288 | ||
| 289 |
@pytest.fixture |
|
| 290 |
def app_noauth(request, admin): |
|
| 291 |
wtm = django_webtest.WebTestMixin() |
|
| 292 |
wtm._patch_settings() |
|
| 293 |
request.addfinalizer(wtm._unpatch_settings) |
|
| 294 |
app = django_webtest.DjangoTestApp(extra_environ={'HTTP_HOST': 'localhost'})
|
|
| 295 |
return app |
|
| 285 | 296 | |
| 286 | 297 | |
| 287 | 298 |
@pytest.fixture |
| tests/test_nanterre.py | ||
|---|---|---|
| 67 | 67 |
assert any(data['id'] == rsu[0].id for data in response.json['data']) |
| 68 | 68 | |
| 69 | 69 | |
| 70 |
def test_create_individu(settings, transactional_db, app, rsu_schema): |
|
| 70 |
def test_create_individu(settings, transactional_db, app, app_noauth, rsu_schema):
|
|
| 71 | 71 | |
| 72 | 72 |
def get_reseau(identifier): |
| 73 | 73 |
reseau_url = reverse('rsu-api-reseau', kwargs={
|
| ... | ... | |
| 791 | 791 | |
| 792 | 792 |
# test obtention de clés de fédération |
| 793 | 793 |
def get_federation(uuid, **kwargs): |
| 794 |
return app.get('/rsu/individu/%s/federation/technocarte/' % uuid, **kwargs).json
|
|
| 794 |
return app_noauth.get('/rsu/individu/%s/federation/technocarte/' % uuid, **kwargs).json
|
|
| 795 | 795 |
first = Entity.objects.get(id=first_id) |
| 796 | 796 |
first.content['cles_de_federation']['authentic'] = 'abcd' |
| 797 | 797 |
first.save() |
| zoo/settings.py | ||
|---|---|---|
| 187 | 187 |
# Rest Framework |
| 188 | 188 |
REST_FRAMEWORK = {
|
| 189 | 189 |
# 'EXCEPTION_HANDLER': 'zoo.utils.rest_exception_handler', |
| 190 |
'DEFAULT_AUTHENTICATION_CLASSES': (), |
|
| 191 |
'DEFAULT_PERMISSION_CLASSES': (), |
|
| 190 |
'DEFAULT_AUTHENTICATION_CLASSES': ( |
|
| 191 |
'rest_framework.authentication.BasicAuthentication', |
|
| 192 |
'rest_framework.authentication.SessionAuthentication', |
|
| 193 |
), |
|
| 194 |
'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',),
|
|
| 192 | 195 |
} |
| 193 | 196 | |
| 194 | 197 |
ZOO_NANTERRE_APPLICATIONS = {
|
| zoo/zoo_nanterre/api_views.py | ||
|---|---|---|
| 1464 | 1464 | |
| 1465 | 1465 | |
| 1466 | 1466 |
class Federation(IndividuViewMixin, APIView): |
| 1467 |
permission_classes = () |
|
| 1468 | ||
| 1467 | 1469 |
def get(self, request, identifier, application, format=None): |
| 1468 | 1470 |
app_dfn = utils.get_application(application) |
| 1469 | 1471 |
if not app_dfn: |
| 1470 |
- |
|