I'm using Django Axes with my Django project to ensure that if someone is trying to guess a password, their IP gets blocked for a while.
It's setup, and works great.
I want to write a Django test that makes sure that after X number of guesses, the user is really locked out.
The problem I'm having is that if you try to use the django test client to do a login as you normally would:
self.client.login(username="invalid_user", password="invalid_password")
Axes crashes, because it isn't getting a request arg:
Traceback (most recent call last):
File "/opt/my_project/website/login_app/tests/test_views.py", line 71, in test_brute_force_attempts
self.client.login(username="invalid_user", password="invalid_password")
File "/opt/my_project/venv3/lib/python3.6/site-packages/django/test/client.py", line 602, in login
user = authenticate(**credentials)
File "/opt/my_project/venv3/lib/python3.6/site-packages/django/contrib/auth/__init__.py", line 73, in authenticate
user = backend.authenticate(request, **credentials)
File "/opt/my_project/venv3/lib/python3.6/site-packages/axes/helpers.py", line 411, in inner
return func(*args, **kwargs)
File "/opt/my_project/venv3/lib/python3.6/site-packages/axes/backends.py", line 39, in authenticate
"AxesBackend requires a request as an argument to authenticate"
axes.exceptions.AxesBackendRequestParameterRequired: AxesBackend requires a request as an argument to authenticate
This is a known issue, and is discussed here: https://github.com/jazzband/django-axes/issues/433
As far as I can tell, you just need to pass self.client.login a request= arg, which it will pass to django.contrib.auth.authenticate, and it'll be happy. I can't figure out where to get this request within a test method. I tried this, but it didn't work either:
class TestBruteForceAttempts(TestCase):
def test_brute_force_attempts(self):
login_attempts_to_make = django_settings.AXES_FAILURE_LIMIT + 1
for i in range(login_attempts_to_make):
self.client.login(request=self.client.request(), username="invalid_user", password="invalid_password")
...
Is there any way to test Django Axes from a Django unit test? I'm clearly doing something wrong.
As stated in the Django Axes documentation, rather than using client.login you can directly call the Django authenticate function passing a mock request.
Something like this should do the trick:
from django.contrib.auth import authenticate
from django.http import HttpRequest
class TestBruteForceAttempts(TestCase):
def test_brute_force_attempts(self):
login_attempts_to_make = django_settings.AXES_FAILURE_LIMIT + 1
for i in range(login_attempts_to_make):
request = HttpRequest()
authenticate(request, username="invalid_user", password="invalid_password")
# Assert IP is blocked
You probably need to specify some information in the request, for example a fixed IP.
Alternatively, here you can see how the test you need is implemented in Django Axes, you could use the same approach.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments