Code

Opened 4 years ago

Closed 4 years ago

#14350 closed (duplicate)

Please add a login method to the test Client that doesn't depend on passwords

Reported by: James Westby <jw+debian@…> Owned by: nobody
Component: Testing framework Version: 1.2
Severity: Keywords:
Cc: hv@… Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description (last modified by ramiro)

Hi,

Requiring passwords in tests that don't test the login is unnecessary and
binds them too tightly to implementation that they don't care about.

I suggest something like the following:

      def login_user(self, user):
          if not 'django.contrib.sessions' in settings.INSTALLED_APPS:
              raise AssertionError("Unable to login without django.contrib.sessions in INSTALLED_APPS")
          user.backend = "%s.%s" % ("django.contrib.auth.backends",
                                    "ModelBackend")
          engine = import_module(settings.SESSION_ENGINE)

          # Create a fake request to store login details.
          request = HttpRequest()
          if self.session:
              request.session = self.session
          else:
              request.session = engine.SessionStore()
          login(request, user)

          # Set the cookie to represent the session.
          session_cookie = settings.SESSION_COOKIE_NAME
          self.cookies[session_cookie] = request.session.session_key
          cookie_data = {
              'max-age': None,
              'path': '/',
              'domain': settings.SESSION_COOKIE_DOMAIN,
              'secure': settings.SESSION_COOKIE_SECURE or None,
              'expires': None,
          }
          self.cookies[session_cookie].update(cookie_data)

          # Save the session values.
          request.session.save()

refactoring with the common code in other methods.

That would allow you to just login with a User object.

Thanks,

James

Attachments (1)

login_user.txt (1.0 KB) - added by James Westby <jw+debian@…> 4 years ago.
Suggested approach

Download all attachments as: .zip

Change History (6)

Changed 4 years ago by James Westby <jw+debian@…>

Suggested approach

comment:1 Changed 4 years ago by James Westby <jw+debian@…>

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Attached the code as I messed up the formatting.

Thanks,

James

comment:2 Changed 4 years ago by ramiro

  • Description modified (diff)

Re-formatted description.

comment:3 Changed 4 years ago by gabrielhurley

  • Component changed from Uncategorized to Testing framework

comment:4 Changed 4 years ago by guettli

  • Cc hv@… added

I had this idea some time ago, but it was rejected. I hope this ticket has more luck than mine #5938

comment:5 Changed 4 years ago by russellm

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #5938, which was previously wontfixed. If you want to make your case for this, start a discussion on django-dev and make your case.

For the record, I would argue that login() doesn't bind you to passwords. It binds you to the authentication mechanism of your stack, which is what the test client is testing.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.