def test_header_disappears(self):
"""
A logged in user is logged out automatically when
the REMOTE_USER header disappears during the same browser session.
"""
# first we must add another authentication backend to settings
self.patched_settings = modify_settings(
AUTHENTICATION_BACKENDS={'append': 'django.contrib.auth.backends.ModelBackend'},
)
self.patched_settings.enable()
self.headers[self.header] = self.known_user.username
# Known user authenticates
response = self.client.get('/remote_user/', **self.headers)
self.assertEqual(response.context['user'].username, 'knownuser')
# During the session, the REMOTE_USER header disappears. Should trigger logout.
response = self.client.get('/remote_user/')
# Django 1.10 and up deprecated is_anonymous() and use the is_anonymous property instead
if django_1_10:
self.assertTrue(response.context['user'].is_anonymous)
else:
self.assertTrue(response.context['user'].is_anonymous())
# verify the remoteuser middleware will not remove a user
# authenticated via another backend
User.objects.create_user(username='modeluser', password='foo')
self.client.login(username='modeluser', password='foo')
auth.authenticate(username='modeluser', password='foo')
response = self.client.get('/remote_user/')
self.assertEqual(response.context['user'].username, 'modeluser')
if django_1_10:
self.assertFalse(response.context['user'].is_anonymous)
else:
self.assertFalse(response.context['user'].is_anonymous())
微信
公众号
扫码关注公众号