Testing login required views
707 views
Skip to first unread message
Julien
May 20, 2008, 9:19:24 PM5/20/08
to Django users
Hi,
I have a site where pretty much all views (except for register, login
and logout) require the user to log in. Now that the number of views
has grown I'd like to test that I didn't forget to protect them with
the login_required decorator.
I'm looking for an automated way to do that. Is that achievable, and
if so, how?
I've started looking into unit testing but I'm struggling a bit and
I'm not sure if that could do the trick. What I'd like to do is test
all possible urls from the URLConf and spot those that are not
redirected to the login page.
Any hint?
Thank you,
Julien
I have a site where pretty much all views (except for register, login
and logout) require the user to log in. Now that the number of views
has grown I'd like to test that I didn't forget to protect them with
the login_required decorator.
I'm looking for an automated way to do that. Is that achievable, and
if so, how?
I've started looking into unit testing but I'm struggling a bit and
I'm not sure if that could do the trick. What I'd like to do is test
all possible urls from the URLConf and spot those that are not
redirected to the login page.
Any hint?
Thank you,
Julien
Julien
May 21, 2008, 12:28:35 AM5/21/08
to Django users
In another thread [1] James Bennett suggested to use a middleware to
require login for all views. That is indeed a very simple and elegant
way. Here's the code I ended up with:
from django.contrib.auth.decorators import login_required
from django.conf import settings
public_paths = ['/accounts/register/',
'/accounts/login/',
'/accounts/logout/',]
class AuthRequiredMiddleware(object):
def process_view(self, request, view_func, view_args,
view_kwargs):
if request.path.startswith(settings.MEDIA_URL) or request.path
in public_paths:
return None
else:
return login_required(view_func)(request, *view_args,
**view_kwargs)
Cheers!
Julien
[1] http://groups.google.com/group/django-users/browse_thread/thread/2ab080ac86d9b820/b59196f5a0ecbd85#b59196f5a0ecbd85
require login for all views. That is indeed a very simple and elegant
way. Here's the code I ended up with:
from django.contrib.auth.decorators import login_required
from django.conf import settings
public_paths = ['/accounts/register/',
'/accounts/login/',
'/accounts/logout/',]
class AuthRequiredMiddleware(object):
def process_view(self, request, view_func, view_args,
view_kwargs):
if request.path.startswith(settings.MEDIA_URL) or request.path
in public_paths:
return None
else:
return login_required(view_func)(request, *view_args,
**view_kwargs)
Cheers!
Julien
[1] http://groups.google.com/group/django-users/browse_thread/thread/2ab080ac86d9b820/b59196f5a0ecbd85#b59196f5a0ecbd85
Adam Gomaa
May 21, 2008, 12:18:15 PM5/21/08
to django...@googlegroups.com
Julien, I'd just use 'grep' for this:
grep -A 2 -R --include="*.py" -E "^def .*\(req" ./
That'll show two lines above a view definition - so just look for any
that are missing @login_required.
Course, that's hardly portable...
Adam
>
> Thank you,
>
> Julien
> >
Reply all
Reply to author
Forward
0 new messages