Admin and middleware tests

2026-03-16 22:10:32 +00:00 · 2015-01-02 15:15:34 -08:00 · 2015-01-02 15:15:34 -08:00 · 465e45a124
commit 465e45a124
parent 08bb7d12fb
1 changed files with 26 additions and 0 deletions
--- a/defender/tests.py
+++ b/defender/tests.py
@ -434,3 +434,29 @@ class AccessAttemptTest(TestCase):
        self.assertEqual(
            utils.get_user_attempts(req), ip_attempts
        )
+
+    def test_admin(self):
+        from .admin import AccessAttemptAdmin
+        AccessAttemptAdmin
+
+    @patch('defender.middleware.ViewDecoratorMiddleware.watched_logins',
+           (ADMIN_LOGIN_URL, ))
+    def test_decorator_middleware(self):
+        # because watch_login is called twice in this test (once by the
+        # middleware and once by the decorator) we have half as many attempts
+        # before getting locked out.
+        # FIXME: I tried making sure every request in only processed once but
+        # there seems to be an issue with django reusing request objects.
+        for i in range(0, config.FAILURE_LIMIT / 2):
+            response = self._login()
+            # Check if we are in the same login page
+            self.assertContains(response, LOGIN_FORM_KEY)
+
+        # So, we shouldn't have gotten a lock-out yet.
+        # But we should get one now
+        response = self._login()
+        self.assertContains(response, self.LOCKED_MESSAGE)
+
+        # doing a get should also get locked out message
+        response = self.client.get(ADMIN_LOGIN_URL)
+        self.assertContains(response, self.LOCKED_MESSAGE)