How to test an API endpoint with Django-rest-framework using Django-oauth-toolkit for authentication

0 votes

I have a Django-rest-framework viewset/router to define an API endpoint. The viewset is defined as such:

class DocumentViewSet(viewsets.ModelViewSet):
    permission_classes = [permissions.IsAuthenticated, TokenHasReadWriteScope]
    model = Document

And the router is defined as

router = DefaultRouter()
router.register(r'documents', viewsets.DocumentViewSet)

with url pattern url(r'^api/', include(router.urls))

I can hit this endpoint in the browser/through curl just fine by getting the right access token and using it for authorization. However, it's not clear how to write tests against this endpoint.

Here is what I've tried:

class DocumentAPITests(APITestCase):
    def test_get_all_documents(self):
        user = User.objects.create_user('test', 'test@test.com', 'test')
        client = APIClient()
        client.credentials(username="test", password="test")
        response = client.get("/api/documents/")
        self.assertEqual(response.status_code, 200) 

This fails with an HTTP 401 response from the client.get() call. What is the right way to test an API endpoint in DRF using django-oauth-toolkit for oauth2 authentication?

Jul 1, 2020 in Python by kartik
• 37,490 points
952 views

1 answer to this question.

0 votes

Hello @kartik,

You should avoid making unneeded API calls, especially for multi-part processes like OAuth, and only create the few model objects that are required.

def setUp(self):
    self.test_user = UserModel.objects.create_user("test_user", "test@user.com", "123456")

    self.application = Application(
        name="Test Application",
        redirect_uris="http://localhost",
        user=self.test_user,
        client_type=Application.CLIENT_CONFIDENTIAL,
        authorization_grant_type=Application.GRANT_AUTHORIZATION_CODE,
    )
    self.application.save()

def test_revoke_access_token(self):
    from datetime import datetime
    from django.utils import timezone

    tok = AccessToken.objects.create(
        user=self.test_user, token='1234567890',
        application=self.application, scope='read write',
        expires=timezone.now() + datetime.timedelta(days=1)
    )

From there you just need to authenticate using the token that has been generated. You can do this by injecting the Authorization header, or you can use the force_authenticate method provided by Django REST Framework.

Hope it works!!

Thank You!!

answered Jul 1, 2020 by Niroj
• 82,580 points

Related Questions In Python

0 votes
1 answer

How to secure APIs for Registration and Login in Django Rest Framework?

Hello @kartik, you cannot have an authentication system ...READ MORE

answered Jun 25, 2020 in Python by Niroj
• 82,580 points
1,518 views
0 votes
1 answer
0 votes
1 answer

How to create login user using Django Rest Framework?

Hello @Reebika , For you query you can refer ...READ MORE

answered Oct 12, 2020 in Python by Niroj
• 82,580 points
101 views
0 votes
1 answer

how to download and install Django rest framework?

To install Django, you can simply open ...READ MORE

answered Apr 24, 2018 in Python by Christine
• 15,830 points
632 views
0 votes
1 answer

How to temporarily disable a foreign key constraint in MySQL?

Hello @kartik, To turn off foreign key constraint ...READ MORE

answered Jun 23, 2020 in Python by Niroj
• 82,580 points
618 views
0 votes
1 answer

How do I use Django templates without the rest of Django?

Hello @kartik, Let's say you have this important ...READ MORE

answered Jun 23, 2020 in Python by Niroj
• 82,580 points
256 views
0 votes
1 answer

How to return the current user with Django Rest Framework?

Hello @kartik, The best way is to use ...READ MORE

answered Jun 25, 2020 in Python by Niroj
• 82,580 points
3,552 views
0 votes
1 answer

How to PATCH a single field using Django Rest Framework?

Hello @kartik, Serializers allow partial updates by specifying partial=True when initializing ...READ MORE

answered Jun 25, 2020 in Python by Niroj
• 82,580 points
3,057 views