Using Basic HTTP access authentication in Django testing framework

Asked 31/3, 2011 at 4:50 Answered 11/10, 2019 at 13:29

Solved python django unit-testing http-authentication django-testing

For some of my Django views I've created a decorator that performs Basic HTTP access authentication. However, while writing test cases in Django, it took me a while to work out how to authenticate to the view. Here's how I did it. I hope somebody finds this useful.

Detta answered 31/3, 2011 at 4:50 Comment(0)

Here's how I did it:

from django.test import Client
import base64
auth_headers = {
    'HTTP_AUTHORIZATION': 'Basic ' + base64.b64encode('username:password'),
}
c = Client()
response = c.get('/my-protected-url/', **auth_headers)

Note: You will also need to create a user.

Detta answered 31/3, 2011 at 4:50 Comment(8)

If you are manipulation unicode strings (typical eg: using py3) you'd need to do something like base64.b64encode('username:password'.encode()).decode() because base64 module do not handle unicode strings. – Helper 12/8, 2015 at 9:24

@Jocelyndelalande more like base64.b64encode(bytes('username:password', 'utf8')).decode('utf8'), – Parenteau 13/1, 2016 at 23:58

@vyscond up to your taste, because it's strictly the same processing. – Helper 17/1, 2016 at 10:2

Great answer! Just complementing: Using python 3.5 I just made c.get('/my-protected-url/', HTTP_AUTHORIZATION='Basic username:password') as shown in django docs and CGI docs. – Cavern 14/3, 2017 at 13:14

Why HTTP_AUTHORIZATION and not Authorization ? – Ledger 14/8, 2018 at 17:19

@DanielGomezRico: Confusing, indeed. A bit late, but there's an explanation to be found in https://mcmap.net/q/324055/-django-tokenauthentication-missing-the-39-authorization-39-http-header – Guesswork 17/9, 2020 at 7:20

The process for creating a valid Basic auth header, including the Base64 encoding, is described in RFC7617. – Guesswork 17/9, 2020 at 7:35

Same structure will work for token authorization also, just replace basic with Token – Respiration 19/11, 2020 at 6:33

In your Django TestCase you can update the client defaults to contain your HTTP basic auth credentials.

import base64
from django.test import TestCase

class TestMyStuff(TestCase):

    def setUp(self):
        credentials = base64.b64encode('username:password')
        self.client.defaults['HTTP_AUTHORIZATION'] = 'Basic ' + credentials

Historic answered 31/1, 2012 at 23:22 Comment(2)

This can also be done a bit more succinctly using the credentials() method of the Client object: self.client.credentials(HTTP_AUTHORIZATION='Basic ' + credentials) (cf. django-rest-framework.org/api-guide/testing/#credentialskwargs). – Dry 25/1, 2018 at 0:42

@KurtPeek that only works with django-rest-framework, not with the vanilla Django test client – Drippy 18/1, 2023 at 17:57

For python3, you can base64-encode your username:password string:

base64.b64encode(b'username:password')

This returns bytes, so you need to transfer it into an ASCII string with .decode('ascii'):

Complete example:

import base64

from django.test import TestCase

class TestClass(TestCase):
   def test_authorized(self):
       headers = {
           'HTTP_AUTHORIZATION': 'Basic ' + 
                base64.b64encode(b'username:password').decode("ascii")
       }
       response = self.client.get('/', **headers)
       self.assertEqual(response.status_code, 200)

Frailty answered 30/5, 2017 at 15:56 Comment(1)

Thanks for the answer. It's so helpful . – Boulware 4/2, 2021 at 6:2

Assuming I have a login form, I use the following technique to login through the test framework:

    client = Client()
    client.post('/login/', {'username': 'john.smith', 'password': 'secret'})

I then carry the client around in my other tests since it's already authenticated. What is your question to this post?

Kerenkeresan answered 31/3, 2011 at 15:34 Comment(2)

Yeah, that's a nice solution Thierry. Although it does not work for HTTP Authorization as that works by sending the login creditials as HTTP headers. I'm doing it this way because the view is an API call rather than a regular view. – Detta 4/4, 2011 at 23:32

This is the only solution that worked for me (for browser views). Even more straightforward: Django client login method – Radiosensitive 26/6, 2022 at 22:51

(python3) I'm using this in a test:

credentials_string = '%s:%s' % ('invalid', 'invalid')
credentials = base64.b64encode(credentials_string.encode())
self.client.defaults['HTTP_AUTHORIZATION'] = 'Basic ' + credentials.decode()

and the following in a view:

import base64
[...]
type, auth = request.META['HTTP_AUTHORIZATION'].split(' ', 1)
auth = base64.b64decode(auth.strip()).decode()

Lionhearted answered 11/10, 2019 at 13:29 Comment(0)

-1

Another way to do it is to bypass the Django Client() and use Requests instead.

class MyTest(TestCase):
    def setUp(self):
        AUTH = requests.auth.HTTPBasicAuth("username", "password")

    def some_test(self):
        resp = requests.get(BASE_URL + 'endpoint/', auth=AUTH)
        self.assertEqual(resp.status_code, 200)

Text answered 30/10, 2014 at 15:24 Comment(2)

the response class from requests is not guaranteed to be 100% compatible with the one that django uses. For example, you won't have response.context available. – Druse 20/7, 2016 at 16:58

This makes an actual http request across the network. This is almost never what you want to do in a unit test. – Bostic 23/10, 2017 at 5:30

Recommended topics

Hot tags