Ensure token validation is working correctly

2024-08-30 18:33:04 +00:00 · 2019-09-08 00:28:12 +10:00 · 2019-09-08 00:28:12 +10:00 · baf096b3e7
commit baf096b3e7
parent 576226ad30
1 changed files with 23 additions and 1 deletions
--- a/InvenTree/InvenTree/test_api.py
+++ b/InvenTree/InvenTree/test_api.py
@ -11,6 +11,13 @@ from django.contrib.auth import get_user_model
 class APITests(APITestCase):
    """ Tests for the InvenTree API """

+    fixtures = [
+        'location',
+        'stock',
+        'part',
+        'category',
+    ]
+
    username = 'test_user'
    password = 'test_pass'

@ -29,7 +36,7 @@ class APITests(APITestCase):

        self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
        self.assertFalse('token' in response.data)
-        
+
    def test_get_token_pass(self):
        """ Ensure that a valid user can request an API token """

@ -43,3 +50,18 @@ class APITests(APITestCase):
        self.assertTrue('pk' in response.data)
        self.assertTrue(len(response.data['token']) > 0)

+        # Now, use the token to access other data
+        token = response.data['token']
+
+        part_url = reverse('api-part-list')
+
+        # Try to access without a token
+        response = self.client.get(part_url, format='json')
+
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        
+        # Now, with the token
+        self.client.credentials(HTTP_AUTHORIZATION='Token ' + token)
+        response = self.client.get(part_url, format='json')
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)