From baf096b3e72a98f981cb49f5a5ecdb75331b3355 Mon Sep 17 00:00:00 2001
From: Oliver Walters <oliver.henry.walters@gmail.com>
Date: Sun, 8 Sep 2019 00:28:12 +1000
Subject: [PATCH] Ensure token validation is working correctly

---
 InvenTree/InvenTree/test_api.py | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/InvenTree/InvenTree/test_api.py b/InvenTree/InvenTree/test_api.py
index 4ec173bf7d..0bb36db59f 100644
--- a/InvenTree/InvenTree/test_api.py
+++ b/InvenTree/InvenTree/test_api.py
@@ -11,6 +11,13 @@ from django.contrib.auth import get_user_model
 class APITests(APITestCase):
     """ Tests for the InvenTree API """
 
+    fixtures = [
+        'location',
+        'stock',
+        'part',
+        'category',
+    ]
+
     username = 'test_user'
     password = 'test_pass'
 
@@ -29,7 +36,7 @@ class APITests(APITestCase):
 
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
         self.assertFalse('token' in response.data)
-        
+
     def test_get_token_pass(self):
         """ Ensure that a valid user can request an API token """
 
@@ -43,3 +50,18 @@ class APITests(APITestCase):
         self.assertTrue('pk' in response.data)
         self.assertTrue(len(response.data['token']) > 0)
 
+        # Now, use the token to access other data
+        token = response.data['token']
+
+        part_url = reverse('api-part-list')
+
+        # Try to access without a token
+        response = self.client.get(part_url, format='json')
+
+        self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
+        
+        # Now, with the token
+        self.client.credentials(HTTP_AUTHORIZATION='Token ' + token)
+        response = self.client.get(part_url, format='json')
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK)