2

我正在使用 Django REST Framework 构建简单的 API,使用 curl 和 API Web admin 时一切正常,但是如果我运行以下测试:

class OrderTest(APITestCase):
    username = 'admin'
    password = '12345'

    def setUp(self):
        User.objects.create(
            username=self.username,
            password=self.password,
            email='demo@demo.com',
            is_superuser=True,
            is_staff=True
        )

    def test_create_order_by_admin(self):
        url = '/api/orders/'
        data = {
            'name': 'John Doe',
            'phone': '380000000000',
            'status': 1,
            'email': 'jonhn.doe@gmail.com',
            'date': datetime.now(),
        }
        # Cheking if user exist
        self.assertEqual(User.objects.get(pk=1).username, self.username)
        self.client.login(
            username=self.username,
            password=self.password,
        )
        response = self.client.post(url, data, format='json')

        self.assertEqual(response.status_code, status.HTTP_201_CREATED)
        self.assertEqual(Order.objects.count(), 1)

        for key, value in data.items():
            self.assertEqual(Order.objects.get().key, value)

它失败并出现以下错误:

Failure
Traceback (most recent call last):
  File "/home/linevich/projects/swebion.com/project/order_form/tests.py", line 71, in test_create_order_by_admin
    self.assertEqual(response.status_code, status.HTTP_201_CREATED)
AssertionError: 403 != 201

这意味着client.login()不起作用。有任何想法吗?

4

3 回答 3

2

您不应该直接设置密码。这将以明文形式存储密码,而 Django 将在尝试登录时尝试哈希算法。请参阅set_password以将其加密存储。

于 2016-03-29T18:16:15.287 回答
1

问题在于使用User.objects.create()insetad of User.objects.create_superuser(),感谢@C14L

于 2016-03-30T18:41:48.593 回答
1

使用身份验证功能代替client.login

在这里,我使用基于通用类的视图来登录用户..

class Login(generics.CreateAPIView): ''' API 用于 SignIn 以返回用户模型以及访问令牌。'''

    def post(self, request, *args, **kwargs):
        username = self.request.data.get('email', None)
        password = self.request.data.get('password', None)
        user = authenticate(username=username, password=password)
        response = {}
        if user:
            access = AppCustomMethods()
            access_token = access.create_access_token(user, request,
                                                      settings.XAMARIN_APPLICATION_NAME)
            response_data = {}
            response_data['access_token'] = access_token
            signup_serializer = serializers.GetUserWithAllBusinesses(user)
            response_data[settings.USER] = signup_serializer.data
            response = GetAccesUtility.data_wrapper(response_data)
            return Response(response, status=status.HTTP_200_OK)
        else:
            response['error'] = Messages.NOT_AUTHENTICATED  # error_data
            response["status_code"] = settings.HTTP_USER_ERROR
            return Response(response)

用户=验证(用户名=用户名,密码=密码)

Django验证函数验证用户的用户名或密码并返回用户信息。如果它返回用户,则生成一个新的访问令牌并以状态 200 作为响应返回,否则如果用户未通过身份验证函数返回,则错误消息作为响应返回。

于 2016-03-30T04:01:27.857 回答