Search code examples
djangodjango-rest-frameworkdjango-testing

How to pass the user token for API testing in django rest framework?

I'm writing some tests to check the connection to my API.

I've put in place identification via tokens and I am successful with retrieving a token for a specific test user with :

token = Token.objects.get(user__username='testuser')

What I'm struggling with is to use that token to create a successful API request as this one :

client = APIClient(HTTP_AUTHORIZATION='Token ' + token.key)
response = client.get('/patientFull/1/',headers={'Authorization': 'Token ' + token.key})

I have been looking at many ways to make this work and these are some ways I tried to do it :

response = requests.get('http://127.0.0.1:8000/patientFull/1/',headers={'Authorization': 'Token ' + token.key} )


client = APIClient()
client.credentials(HTTP_AUTHORIZATION='Token ' + token.key)
response = client.get('/patientFull/1/')

The test is a simple assert to check response has a 200 OK HTTP answer from the server.

All of these ways above returns a 403 HTTP response.

here's the full code of my test (I'm using fixtures to populate my test database with testing data):

import json
import requests
from rest_framework.authtoken.models import Token
from rest_framework.test import APIRequestFactory, APITestCase, APIClient


class CustomerAPITestBack(APITestCase):
    fixtures = ['new-fixtures.json']

    def testDE(self):
        token = Token.objects.get(user__username='jpmichel')
        client = APIClient(HTTP_AUTHORIZATION='Token ' + token.key)
        response = client.get('/patientFull/1/',headers={'Authorization': 'Token ' + token.key})
        self.assertEqual(200, response.status_code)

I have configured my settings.py file as so for the tokens :

REST_FRAMEWORK = {
    'DEFAULT_AUTHENTICATION_CLASSES': (
        'rest_framework.authentication.BasicAuthentication',
        'rest_framework.authentication.SessionAuthentication',
        'PHCAdmin.authentication.tokenAuthentication.ExpiringTokenAuthentication',
    ),
    'EXCEPTION_HANDLER': 'PHCAdmin.functions.pxlth_exception_handler',
}

REST_FRAMEWORK_EXPIRY_TIME = 12 # in hours
REST_FRAMEWORK_PASSWORD_RENEWALS = 90 # in days

If I disable the token authentication, this test passes (the GET returns a 200 OK)

How should I do my GET request so that it uses the token to identify as a valid user and returns a 200 OK HTTP response?

Solution

  • Just to close this question: after some research, I found out the token on the server was not the same as on the local machine, I just needed to update tokens on both side. The code above works fine.