Using Basic HTTP access authentication in Django testing framework

Question

For some of my Django views I've created a decorator that performs Basic HTTP access authentication. However, while writing test cases in Django, it took me a while to work out how to authenticate to the view. Here's how I did it. I hope somebody finds this useful.

Gilles 'SO- stop being evil' · Accepted Answer · 2011-07-28 15:21:08Z

93

Here's how I did it:

from django.test import Client
import base64
auth_headers = {
    'HTTP_AUTHORIZATION': 'Basic ' + base64.b64encode('username:password'),
}
c = Client()
response = c.get('/my-protected-url/', **auth_headers)

Note: You will also need to create a user.

edited Jul 28, 2011 at 15:21

Gilles 'SO- stop being evil'

109k38 gold badges217 silver badges263 bronze badges

answered Mar 31, 2011 at 4:50

Humphrey

4,2182 gold badges30 silver badges27 bronze badges

Sign up to request clarification or add additional context in comments.

8 Comments

Jocelyn delalande Over a year ago

If you are manipulation unicode strings (typical eg: using py3) you'd need to do something like base64.b64encode('username:password'.encode()).decode() because base64 module do not handle unicode strings.

Moraes Over a year ago

@Jocelyndelalande more like base64.b64encode(bytes('username:password', 'utf8')).decode('utf8'),

lucastamoios Over a year ago

Great answer! Just complementing: Using python 3.5 I just made c.get('/my-protected-url/', HTTP_AUTHORIZATION='Basic username:password') as shown in django docs and CGI docs.

Daniel Gomez Rico Over a year ago

Why HTTP_AUTHORIZATION and not Authorization ?

djvg Over a year ago

@DanielGomezRico: Confusing, indeed. A bit late, but there's an explanation to be found in stackoverflow.com/q/15113248

|

Ryan Nowakowski · Accepted Answer · 2012-01-31 23:22:02Z

34

In your Django TestCase you can update the client defaults to contain your HTTP basic auth credentials.

import base64
from django.test import TestCase

class TestMyStuff(TestCase):

    def setUp(self):
        credentials = base64.b64encode('username:password')
        self.client.defaults['HTTP_AUTHORIZATION'] = 'Basic ' + credentials

answered Jan 31, 2012 at 23:22

Ryan Nowakowski

8397 silver badges10 bronze badges

2 Comments

Kurt Peek Over a year ago

This can also be done a bit more succinctly using the credentials() method of the Client object: self.client.credentials(HTTP_AUTHORIZATION='Basic ' + credentials) (cf. django-rest-framework.org/api-guide/testing/#credentialskwargs).

Salvioner Over a year ago

@KurtPeek that only works with django-rest-framework, not with the vanilla Django test client

smrf · Accepted Answer · 2020-04-14 15:09:17Z

8

For python3, you can base64-encode your username:password string:

base64.b64encode(b'username:password')

This returns bytes, so you need to transfer it into an ASCII string with .decode('ascii'):

Complete example:

import base64

from django.test import TestCase

class TestClass(TestCase):
   def test_authorized(self):
       headers = {
           'HTTP_AUTHORIZATION': 'Basic ' + 
                base64.b64encode(b'username:password').decode("ascii")
       }
       response = self.client.get('/', **headers)
       self.assertEqual(response.status_code, 200)

edited Apr 14, 2020 at 15:09

smrf

3613 silver badges17 bronze badges

answered May 30, 2017 at 15:56

markus-hinsche

1,43216 silver badges27 bronze badges

Comments

Thierry Lam · Accepted Answer · 2011-03-31 15:34:24Z

2

Assuming I have a login form, I use the following technique to login through the test framework:

    client = Client()
    client.post('/login/', {'username': 'john.smith', 'password': 'secret'})

I then carry the client around in my other tests since it's already authenticated. What is your question to this post?

answered Mar 31, 2011 at 15:34

Thierry Lam

46.5k43 gold badges122 silver badges146 bronze badges

2 Comments

Humphrey Over a year ago

Yeah, that's a nice solution Thierry. Although it does not work for HTTP Authorization as that works by sending the login creditials as HTTP headers. I'm doing it this way because the view is an API call rather than a regular view.

Beolap Over a year ago

This is the only solution that worked for me (for browser views). Even more straightforward: Django client login method

obotezat · Accepted Answer · 2019-10-11 13:29:07Z

2

(python3) I'm using this in a test:

credentials_string = '%s:%s' % ('invalid', 'invalid')
credentials = base64.b64encode(credentials_string.encode())
self.client.defaults['HTTP_AUTHORIZATION'] = 'Basic ' + credentials.decode()

and the following in a view:

import base64
[...]
type, auth = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
auth = base64.b64decode(auth.strip()).decode()

answered Oct 11, 2019 at 13:29

obotezat

1,13316 silver badges23 bronze badges

Comments

David Dahan · Accepted Answer · 2014-10-30 15:24:32Z

-1

Another way to do it is to bypass the Django Client() and use Requests instead.

class MyTest(TestCase):
    def setUp(self):
        AUTH = requests.auth.HTTPBasicAuth("username", "password")

    def some_test(self):
        resp = requests.get(BASE_URL + 'endpoint/', auth=AUTH)
        self.assertEqual(resp.status_code, 200)

answered Oct 30, 2014 at 15:24

David Dahan

11.2k14 gold badges76 silver badges157 bronze badges

2 Comments

fcurella Over a year ago

the response class from requests is not guaranteed to be 100% compatible with the one that django uses. For example, you won't have response.context available.

slinkp Over a year ago

This makes an actual http request across the network. This is almost never what you want to do in a unit test.

Collectives™ on Stack Overflow

Using Basic HTTP access authentication in Django testing framework

6 Answers 6

8 Comments

2 Comments

Comments

2 Comments

Comments

2 Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

6 Answers 6

8 Comments

2 Comments

Comments

2 Comments

Comments

2 Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related