Replace all existing default Authentication() to MultiAuthentication(), with both basic and apikey authentication.
It will be as expected that a lot of our tests wouldn't pass if the test is sending GET/POST requests without specifying user auth info. This makes sense since, for instance, a random user can not just send POST request to modify other user's personal info.
With that being said, you also need to update the tests being affected. Search for get_credentials() in this sample code https://django-tastypie.readthedocs.io/en/latest/testing.html and see how to properly use api_client with authentication parameter to include user credentials in testing requests.
Feel free to push PR early if you get any confusing error.
duckmoll
commented
5 years ago
Look at how tastypie can easily enforce basic + apikey authentication with MultiAuthentication: https://django-tastypie.readthedocs.io/en/latest/authentication.html
Replace all existing default Authentication() to MultiAuthentication(), with both basic and apikey authentication.
It will be as expected that a lot of our tests wouldn't pass if the test is sending GET/POST requests without specifying user auth info. This makes sense since, for instance, a random user can not just send POST request to modify other user's personal info.
With that being said, you also need to update the tests being affected. Search for
get_credentials()in this sample code https://django-tastypie.readthedocs.io/en/latest/testing.html and see how to properly use api_client withauthenticationparameter to include user credentials in testing requests.Feel free to push PR early if you get any confusing error.