Opened 5 years ago

Closed 4 years ago

#14350 closed (duplicate)

Please add a login method to the test Client that doesn't depend on passwords

Reported by: James Westby <jw+debian@…> Owned by: nobody
Component: Testing framework Version: 1.2
Severity: Keywords:
Cc: hv@… Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description (last modified by ramiro)

Hi,

Requiring passwords in tests that don't test the login is unnecessary and
binds them too tightly to implementation that they don't care about.

I suggest something like the following:

      def login_user(self, user):
          if not 'django.contrib.sessions' in settings.INSTALLED_APPS:
              raise AssertionError("Unable to login without django.contrib.sessions in INSTALLED_APPS")
          user.backend = "%s.%s" % ("django.contrib.auth.backends",
                                    "ModelBackend")
          engine = import_module(settings.SESSION_ENGINE)

          # Create a fake request to store login details.
          request = HttpRequest()
          if self.session:
              request.session = self.session
          else:
              request.session = engine.SessionStore()
          login(request, user)

          # Set the cookie to represent the session.
          session_cookie = settings.SESSION_COOKIE_NAME
          self.cookies[session_cookie] = request.session.session_key
          cookie_data = {
              'max-age': None,
              'path': '/',
              'domain': settings.SESSION_COOKIE_DOMAIN,
              'secure': settings.SESSION_COOKIE_SECURE or None,
              'expires': None,
          }
          self.cookies[session_cookie].update(cookie_data)

          # Save the session values.
          request.session.save()

refactoring with the common code in other methods.

That would allow you to just login with a User object.

Thanks,

James

Attachments (1)

login_user.txt (1.0 KB) - added by James Westby <jw+debian@…> 5 years ago.
Suggested approach

Download all attachments as: .zip

Change History (6)

Changed 5 years ago by James Westby <jw+debian@…>

Suggested approach

comment:1 Changed 5 years ago by James Westby <jw+debian@…>

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Attached the code as I messed up the formatting.

Thanks,

James

comment:2 Changed 5 years ago by ramiro

  • Description modified (diff)

Re-formatted description.

comment:3 Changed 5 years ago by gabrielhurley

  • Component changed from Uncategorized to Testing framework

comment:4 Changed 5 years ago by guettli

  • Cc hv@… added

I had this idea some time ago, but it was rejected. I hope this ticket has more luck than mine #5938

comment:5 Changed 4 years ago by russellm

  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #5938, which was previously wontfixed. If you want to make your case for this, start a discussion on django-dev and make your case.

For the record, I would argue that login() doesn't bind you to passwords. It binds you to the authentication mechanism of your stack, which is what the test client is testing.

Note: See TracTickets for help on using tickets.
Back to Top