mirror of
https://github.com/paperless-ngx/paperless-ngx.git
synced 2025-08-12 00:19:48 +00:00
edb8c06e2a
* Chore(deps): Bump the django group across 1 directory with 9 updates Bumps the django group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [django](https://github.com/django/django) | `5.1.8` | `5.2.5` | | [django-auditlog](https://github.com/jazzband/django-auditlog) | `3.1.2` | `3.2.1` | | [django-guardian](https://github.com/django-guardian/django-guardian) | `2.4.0` | `3.0.3` | | [django-multiselectfield](https://github.com/goinnn/django-multiselectfield) | `0.1.13` | `1.0.1` | | [django-soft-delete](https://github.com/san4ezy/django_softdelete) | `1.0.18` | `1.0.19` | | [djangorestframework](https://github.com/encode/django-rest-framework) | `3.16.0` | `3.16.1` | | [djangorestframework-guardian](https://github.com/rpkilby/django-rest-framework-guardian) | `0.3.0` | `0.4.0` | | [drf-spectacular-sidecar](https://github.com/tfranzel/drf-spectacular-sidecar) | `2025.4.1` | `2025.8.1` | | [pytest-django](https://github.com/pytest-dev/pytest-django) | `4.10.0` | `4.11.1` | Updates `django` from 5.1.8 to 5.2.5 - [Commits](https://github.com/django/django/compare/5.1.8...5.2.5) Updates `django-auditlog` from 3.1.2 to 3.2.1 - [Release notes](https://github.com/jazzband/django-auditlog/releases) - [Changelog](https://github.com/jazzband/django-auditlog/blob/master/CHANGELOG.md) - [Commits](https://github.com/jazzband/django-auditlog/compare/v3.1.2...v3.2.1) Updates `django-guardian` from 2.4.0 to 3.0.3 - [Release notes](https://github.com/django-guardian/django-guardian/releases) - [Commits](https://github.com/django-guardian/django-guardian/compare/v2.4.0...3.0.3) Updates `django-multiselectfield` from 0.1.13 to 1.0.1 - [Release notes](https://github.com/goinnn/django-multiselectfield/releases) - [Changelog](https://github.com/goinnn/django-multiselectfield/blob/master/CHANGES.rst) - [Commits](https://github.com/goinnn/django-multiselectfield/compare/v0.1.13...v1.0.1) Updates `django-soft-delete` from 1.0.18 to 1.0.19 - [Changelog](https://github.com/san4ezy/django_softdelete/blob/master/CHANGELOG.md) - [Commits](https://github.com/san4ezy/django_softdelete/commits) Updates `djangorestframework` from 3.16.0 to 3.16.1 - [Release notes](https://github.com/encode/django-rest-framework/releases) - [Commits](https://github.com/encode/django-rest-framework/compare/3.16.0...3.16.1) Updates `djangorestframework-guardian` from 0.3.0 to 0.4.0 - [Changelog](https://github.com/rpkilby/django-rest-framework-guardian/blob/master/CHANGELOG) - [Commits](https://github.com/rpkilby/django-rest-framework-guardian/compare/0.3.0...0.4.0) Updates `drf-spectacular-sidecar` from 2025.4.1 to 2025.8.1 - [Commits](https://github.com/tfranzel/drf-spectacular-sidecar/compare/2025.4.1...2025.8.1) Updates `pytest-django` from 4.10.0 to 4.11.1 - [Release notes](https://github.com/pytest-dev/pytest-django/releases) - [Changelog](https://github.com/pytest-dev/pytest-django/blob/main/docs/changelog.rst) - [Commits](https://github.com/pytest-dev/pytest-django/compare/v4.10.0...v4.11.1) --- updated-dependencies: - dependency-name: django dependency-version: 5.2.5 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: django - dependency-name: django-auditlog dependency-version: 3.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: django - dependency-name: django-guardian dependency-version: 3.0.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: django - dependency-name: django-multiselectfield dependency-version: 1.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: django - dependency-name: django-soft-delete dependency-version: 1.0.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: django - dependency-name: djangorestframework dependency-version: 3.16.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: django - dependency-name: djangorestframework-guardian dependency-version: 0.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: django - dependency-name: drf-spectacular-sidecar dependency-version: 2025.8.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: django - dependency-name: pytest-django dependency-version: 4.11.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: django ... Signed-off-by: dependabot[bot] <support@github.com> * Fix log matches related to newlines, add newlines to stdout.writelines * Fix disable api remote auth test, Django 5.2 no longer uses process_request * Remove postgres version check * Update administration.md * Handle django-multiselectfield v1.0 changes * Update administration.md --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
146 lines
4.0 KiB
Python
146 lines
4.0 KiB
Python
import os
|
|
from unittest import mock
|
|
|
|
from django.conf import settings
|
|
from django.contrib.auth.models import User
|
|
from django.test import override_settings
|
|
from rest_framework import status
|
|
from rest_framework.test import APITestCase
|
|
|
|
from documents.tests.utils import DirectoriesMixin
|
|
from paperless.settings import _parse_remote_user_settings
|
|
|
|
|
|
class TestRemoteUser(DirectoriesMixin, APITestCase):
|
|
def setUp(self):
|
|
super().setUp()
|
|
|
|
self.user = User.objects.create_superuser(
|
|
username="temp_admin",
|
|
)
|
|
|
|
def test_remote_user(self):
|
|
"""
|
|
GIVEN:
|
|
- Configured user
|
|
- Remote user auth is enabled
|
|
WHEN:
|
|
- Call is made to root
|
|
THEN:
|
|
- Call succeeds
|
|
"""
|
|
|
|
with mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
"PAPERLESS_ENABLE_HTTP_REMOTE_USER": "True",
|
|
},
|
|
):
|
|
_parse_remote_user_settings()
|
|
|
|
response = self.client.get("/documents/")
|
|
|
|
self.assertEqual(
|
|
response.status_code,
|
|
status.HTTP_302_FOUND,
|
|
)
|
|
|
|
response = self.client.get(
|
|
"/documents/",
|
|
headers={
|
|
"Remote-User": self.user.username,
|
|
},
|
|
)
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
def test_remote_user_api(self):
|
|
"""
|
|
GIVEN:
|
|
- Configured user
|
|
- Remote user auth is enabled for the API
|
|
WHEN:
|
|
- API call is made to get documents
|
|
THEN:
|
|
- Call succeeds
|
|
"""
|
|
|
|
with mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
"PAPERLESS_ENABLE_HTTP_REMOTE_USER_API": "True",
|
|
},
|
|
):
|
|
_parse_remote_user_settings()
|
|
|
|
response = self.client.get("/api/documents/")
|
|
|
|
# 403 testing locally, 401 on ci...
|
|
self.assertIn(
|
|
response.status_code,
|
|
[status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN],
|
|
)
|
|
|
|
response = self.client.get(
|
|
"/api/documents/",
|
|
headers={
|
|
"Remote-User": self.user.username,
|
|
},
|
|
)
|
|
|
|
self.assertEqual(response.status_code, status.HTTP_200_OK)
|
|
|
|
@override_settings(
|
|
REST_FRAMEWORK={
|
|
**settings.REST_FRAMEWORK,
|
|
"DEFAULT_AUTHENTICATION_CLASSES": [
|
|
"rest_framework.authentication.BasicAuthentication",
|
|
"rest_framework.authentication.TokenAuthentication",
|
|
"rest_framework.authentication.SessionAuthentication",
|
|
],
|
|
},
|
|
)
|
|
def test_remote_user_api_disabled(self):
|
|
"""
|
|
GIVEN:
|
|
- Configured user
|
|
- Remote user auth enabled for frontend but disabled for the API
|
|
- Note that REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] is set in settings.py in production
|
|
WHEN:
|
|
- API call is made to get documents
|
|
THEN:
|
|
- Call fails
|
|
"""
|
|
response = self.client.get(
|
|
"/api/documents/",
|
|
headers={
|
|
"Remote-User": self.user.username,
|
|
},
|
|
)
|
|
|
|
self.assertIn(
|
|
response.status_code,
|
|
[status.HTTP_401_UNAUTHORIZED, status.HTTP_403_FORBIDDEN],
|
|
)
|
|
|
|
def test_remote_user_header_setting(self):
|
|
"""
|
|
GIVEN:
|
|
- Remote user header name is set
|
|
WHEN:
|
|
- Settings are parsed
|
|
THEN:
|
|
- Correct header name is returned
|
|
"""
|
|
|
|
with mock.patch.dict(
|
|
os.environ,
|
|
{
|
|
"PAPERLESS_ENABLE_HTTP_REMOTE_USER": "True",
|
|
"PAPERLESS_HTTP_REMOTE_USER_HEADER_NAME": "HTTP_FOO",
|
|
},
|
|
):
|
|
header_name = _parse_remote_user_settings()
|
|
|
|
self.assertEqual(header_name, "HTTP_FOO")
|