I have the following in app.yaml
handlers:
- url: /.*
script: app.application
secure: always
login: required
When running tests I'm using this testrunner as suggested by google.
class SearchTest(unittest.TestCase):
def setUp(self):
# Set up app simulator
app = webapp2.WSGIApplication([('/search', search.Search)], debug=True)
self.testapp = webtest.TestApp(app)
# Google testbed
self.testbed = testbed.Testbed()
self.testbed.activate()
self.testbed.init_user_stub()
self.testbed.init_datastore_v3_stub()
self.testbed.init_memcache_stub()
# Disable caching to prevent data from leaking between tests
ndb.get_context().set_cache_policy(False)
def testNotLoggedin(self):
# Test user is redirected to login when not logged in
assert not users.get_current_user()
response = self.testapp.get('/search')
self.assertEqual(response.status_int, 302)
assert response.headers['Location']
The testNotLoggedIn fails with 200 != 302. So it seems like the user is still allowed access even though login is required. Which makes me think that app.yaml isn't recognized in the test?
How can I make sure that app.yaml is recognized and that the user needs to be logged in?
This test code bypasses the app.yaml dispatch. On App Engine (and in a dev server), the HTTP request is routed to the WSGI application instance via app.yaml, and the frontend logic that handles login: required happens before the request handler is invoked. In this test code, you're going directly to the WSGI application: self.testapp.get('/search') is simply calling the WSGI app's own internal URL mapping to get to the search.Search request handler.
The condition you want to test is more like an integration test, and requires either a running dev server or a deployed App Engine test version. It's a fine idea, it's just larger than what testbed et al can do.