django test client?

106 views

Skip to first unread message

Nick Farrell

unread,

Sep 18, 2017, 7:16:45 PM9/18/17

to django-otp

I'm just setting this up now, and it's working well with my manual testing. I am using the agent to persist tokens across sessions, and have made some simple middleware to require is_verified for all but a whitelisted list of URLs.

I'd like to extend my tests to cover the 2fa workflows, and was wondering if there was any support for it, or any tips. The native django test client is a bit magical with its login() method, and it's not trivial (to my eyes) to see how to register a device for a test user, and enable it. django_otp's login() method requires a request object, which you don't seem to have in the test_client context.

Does anyone have an idea how best to proceed? I have created a simple StaticDevice generator for a given test user and have the token, but am not sure how to associate it with the test client.

Thanks for any ideas.

Nick

Peter Sagerson

unread,

Sep 18, 2017, 8:36:16 PM9/18/17

to djang...@googlegroups.com

TestClient.login() just ensures that the session store and associated cookie are set up as if the user had logged in.[1] It looks like a lot of the complexity comes from initializing the session if it hasn't been already. I suspect something like this would do the trick:[2]

from django_otp import DEVICE_ID_SESSION_KEY

class MyTestCase(TestCase):

def test_verified(self):

user = <load/create a test user with a TOTPDevice>

self.client.force_login(user)

self.client.session[DEVICE_ID_SESSION_KEY] = user.totp_device_set.first().persistent_id

self.client.session.save()

...

Assuming that works, it would probably make sense for django-otp to expose an API and/or TestClient mixin to document this and make it a little easier.

Thanks,

Peter

[1] https://github.com/django/django/blob/master/django/test/client.py#L576

[2] https://docs.djangoproject.com/en/1.11/topics/testing/tools/#django.test.Client.session

--
You received this message because you are subscribed to the Google Groups "django-otp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-otp+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages