On Thu, 2017-05-25 at 18:47 +1000, Andrew Donnellan wrote:
> Token authentication is generally viewed as a more secure option for
> API
> authentication than storing a username and password.
>
> Django REST Framework gives us a TokenAuthentication class and an
> authtoken
> app that we can use to
Token authentication is generally viewed as a more secure option for API
authentication than storing a username and password.
Django REST Framework gives us a TokenAuthentication class and an authtoken
app that we can use to generate random tokens and authenticate to API
endpoints.
Enable DRF's
api/rest.rst gives an example of how to POST parameters to the PatchDetail
view at api/patches/. However, the endpoint in question doesn't
support POST - you need to use PUT or PATCH. Change it to PATCH.
Signed-off-by: Andrew Donnellan
---
I have no idea whether
Commit 0b4f508a8438 ("views: Allow use of basic auth for bundle mboxes")
added support for using Django REST Framework's BasicAuthentication to
authenticate when accessing the bundle-mbox view.
To check the user's credentials, we call
BasicAuthentication.authenticate(), however, we don't check
Add some tests to check that owners can view their private bundles while
other authenticated users can't.
Signed-off-by: Andrew Donnellan
---
I'm not very familiar with writing Django tests, please flame away
---
patchwork/tests/test_bundles.py | 58
Andrew Donnellan writes:
> When starting the Docker environment, if the web container can't see the
> database immediately, it waits 5 seconds, tries again, then waits 15
> seconds more to account for first-time start-ups where it takes a bit
> longer for the