Testing login required views
707 kali dilihat
Langsung ke pesan pertama yang belum dibaca
Julien
20 Mei 2008, 21.19.2420/05/08
kepadaDjango users
Hi,
I have a site where pretty much all views (except for register, login
and logout) require the user to log in. Now that the number of views
has grown I'd like to test that I didn't forget to protect them with
the login_required decorator.
I'm looking for an automated way to do that. Is that achievable, and
if so, how?
I've started looking into unit testing but I'm struggling a bit and
I'm not sure if that could do the trick. What I'd like to do is test
all possible urls from the URLConf and spot those that are not
redirected to the login page.
Any hint?
Thank you,
Julien
I have a site where pretty much all views (except for register, login
and logout) require the user to log in. Now that the number of views
has grown I'd like to test that I didn't forget to protect them with
the login_required decorator.
I'm looking for an automated way to do that. Is that achievable, and
if so, how?
I've started looking into unit testing but I'm struggling a bit and
I'm not sure if that could do the trick. What I'd like to do is test
all possible urls from the URLConf and spot those that are not
redirected to the login page.
Any hint?
Thank you,
Julien
Julien
21 Mei 2008, 00.28.3521/05/08
kepadaDjango users
In another thread [1] James Bennett suggested to use a middleware to
require login for all views. That is indeed a very simple and elegant
way. Here's the code I ended up with:
from django.contrib.auth.decorators import login_required
from django.conf import settings
public_paths = ['/accounts/register/',
'/accounts/login/',
'/accounts/logout/',]
class AuthRequiredMiddleware(object):
def process_view(self, request, view_func, view_args,
view_kwargs):
if request.path.startswith(settings.MEDIA_URL) or request.path
in public_paths:
return None
else:
return login_required(view_func)(request, *view_args,
**view_kwargs)
Cheers!
Julien
[1] http://groups.google.com/group/django-users/browse_thread/thread/2ab080ac86d9b820/b59196f5a0ecbd85#b59196f5a0ecbd85
require login for all views. That is indeed a very simple and elegant
way. Here's the code I ended up with:
from django.contrib.auth.decorators import login_required
from django.conf import settings
public_paths = ['/accounts/register/',
'/accounts/login/',
'/accounts/logout/',]
class AuthRequiredMiddleware(object):
def process_view(self, request, view_func, view_args,
view_kwargs):
if request.path.startswith(settings.MEDIA_URL) or request.path
in public_paths:
return None
else:
return login_required(view_func)(request, *view_args,
**view_kwargs)
Cheers!
Julien
[1] http://groups.google.com/group/django-users/browse_thread/thread/2ab080ac86d9b820/b59196f5a0ecbd85#b59196f5a0ecbd85
Adam Gomaa
21 Mei 2008, 12.18.1521/05/08
kepadadjango...@googlegroups.com
Julien, I'd just use 'grep' for this:
grep -A 2 -R --include="*.py" -E "^def .*\(req" ./
That'll show two lines above a view definition - so just look for any
that are missing @login_required.
Course, that's hardly portable...
Adam
>
> Thank you,
>
> Julien
> >
Balas ke semua
Balas ke penulis
Teruskan
0 pesan baru