From c89277c8cdecd5ff8e27cb72457403d5fdcdad93 Mon Sep 17 00:00:00 2001 From: Brian Helba Date: Sat, 23 May 2026 11:49:50 -0400 Subject: [PATCH] WIP: Upgrade `django-ninja` --- isic/core/tests/test_isic_oauth_app.py | 81 +++++++++----------------- isic/urls.py | 1 - pyproject.toml | 7 +-- 3 files changed, 29 insertions(+), 60 deletions(-) diff --git a/isic/core/tests/test_isic_oauth_app.py b/isic/core/tests/test_isic_oauth_app.py index e3834504b..fcf7466e8 100644 --- a/isic/core/tests/test_isic_oauth_app.py +++ b/isic/core/tests/test_isic_oauth_app.py @@ -1,11 +1,11 @@ from datetime import timedelta from django.test import RequestFactory -from django.urls import path from django.utils import timezone from ninja import NinjaAPI from oauth2_provider.models import get_access_token_model, get_application_model import pytest +from resonant_utils.ninja import TestClient from isic import auth from isic.core.models.base import IsicOAuthApplication @@ -59,11 +59,8 @@ def test_redirect_uri_allowed(user, uri, allowed_uris, allowed): @pytest.fixture -def test_oauth_api_endpoints(request): - # this is pretty gross, but DOT requires a "more" real request object be created, meaning the - # ninja test client can't be used since it mocks it. using the django test client means we have - # to add real routes and then remove them. - api = NinjaAPI(urls_namespace=request.function.__name__, auth=auth.allow_any) +def api_client(request): + api = NinjaAPI(urls_namespace=request.node.name, auth=auth.allow_any) @api.get("/allow-any") def allow_any_view(request): @@ -77,16 +74,9 @@ def is_authenticated_view(request): def is_staff_view(request): return {} - urlpattern = path("test-oauth/", api.urls) + yield TestClient(api) - from isic.urls import urlpatterns - - urlpatterns.append(urlpattern) - - yield - - urlpatterns.remove(urlpattern) - NinjaAPI._registry.remove(request.function.__name__) + NinjaAPI._registry.remove(request.node.name) def get_bearer_token(user, oauth_token_factory): @@ -95,89 +85,72 @@ def get_bearer_token(user, oauth_token_factory): @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_allow_any_with_no_auth(client): - response = client.get("/test-oauth/allow-any") +def test_allow_any_with_no_auth(api_client): + response = api_client.get("/allow-any") assert response.status_code == 200 @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_allow_any_with_session_auth(client, user): - client.force_login(user) - response = client.get("/test-oauth/allow-any") +def test_allow_any_with_session_auth(api_client, user): + response = api_client.get("/allow-any", user=user) assert response.status_code == 200 @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_allow_any_with_bearer_token(client, user, oauth_token_factory): +def test_allow_any_with_bearer_token(api_client, user, oauth_token_factory): token = get_bearer_token(user, oauth_token_factory) - response = client.get("/test-oauth/allow-any", headers={"Authorization": f"Bearer {token}"}) + response = api_client.get("/allow-any", headers={"Authorization": f"Bearer {token}"}) assert response.status_code == 200 @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_is_authenticated_with_no_auth(client): - response = client.get("/test-oauth/is-authenticated") +def test_is_authenticated_with_no_auth(api_client): + response = api_client.get("/is-authenticated") assert response.status_code == 401 @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_is_authenticated_with_session_auth(client, user): - client.force_login(user) - response = client.get("/test-oauth/is-authenticated") +def test_is_authenticated_with_session_auth(api_client, user): + response = api_client.get("/is-authenticated", user=user) assert response.status_code == 200 @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_is_authenticated_with_bearer_token(client, user, oauth_token_factory): +def test_is_authenticated_with_bearer_token(api_client, user, oauth_token_factory): token = get_bearer_token(user, oauth_token_factory) - response = client.get( - "/test-oauth/is-authenticated", headers={"Authorization": f"Bearer {token}"} - ) + response = api_client.get("/is-authenticated", headers={"Authorization": f"Bearer {token}"}) assert response.status_code == 200 @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_is_staff_with_no_auth(client): - response = client.get("/test-oauth/is-staff") +def test_is_staff_with_no_auth(api_client): + response = api_client.get("/is-staff") assert response.status_code == 401 @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_is_staff_with_session_auth(client, staff_user): - client.force_login(staff_user) - response = client.get("/test-oauth/is-staff") +def test_is_staff_with_session_auth(api_client, staff_user): + response = api_client.get("/is-staff", user=staff_user) assert response.status_code == 200 @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_is_staff_with_bearer_token(client, staff_user, oauth_token_factory): +def test_is_staff_with_bearer_token(api_client, staff_user, oauth_token_factory): token = get_bearer_token(staff_user, oauth_token_factory) - response = client.get("/test-oauth/is-staff", headers={"Authorization": f"Bearer {token}"}) + response = api_client.get("/is-staff", headers={"Authorization": f"Bearer {token}"}) assert response.status_code == 200 @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_is_staff_with_nonstaff_user_session(client, nonstaff_user): - client.force_login(nonstaff_user) - response = client.get("/test-oauth/is-staff") +def test_is_staff_with_nonstaff_user_session(api_client, nonstaff_user): + response = api_client.get("/is-staff", user=nonstaff_user) assert response.status_code == 401 @pytest.mark.django_db -@pytest.mark.usefixtures("test_oauth_api_endpoints") -def test_is_staff_with_nonstaff_bearer_token(client, nonstaff_user, oauth_token_factory): +def test_is_staff_with_nonstaff_bearer_token(api_client, nonstaff_user, oauth_token_factory): token = get_bearer_token(nonstaff_user, oauth_token_factory) - response = client.get("/test-oauth/is-staff", headers={"Authorization": f"Bearer {token}"}) + response = api_client.get("/is-staff", headers={"Authorization": f"Bearer {token}"}) assert response.status_code == 401 diff --git a/isic/urls.py b/isic/urls.py index 72d187ea0..c6f6b8ac6 100644 --- a/isic/urls.py +++ b/isic/urls.py @@ -34,7 +34,6 @@ version="v2", docs_url=None, # we want to serve the docs next to the ninja root rather than under it auth=allow_any, - csrf=True, urls_namespace="api", ) swagger_view = partial(openapi_view, api=api) diff --git a/pyproject.toml b/pyproject.toml index f84ca73b5..a9c5517db 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -25,11 +25,11 @@ dependencies = [ "django-filter==25.2", "django-json-widget==2.1.1", "django-markdownify==0.9.7", - "django-ninja==1.4.5", + "django-ninja==1.6.2", "django-oauth-toolkit==1.7.1", "django-redis==6.0.0", "django-resonant-settings[allauth,celery]==0.51.0", - "django-resonant-utils[allauth,s3_storage]==0.19.0", + "django-resonant-utils[allauth,ninja,s3_storage]==0.19.0", "django-stubs-ext==5.2.9", "django-widget-tweaks==1.5.1", "gdal==3.11.0", @@ -265,9 +265,6 @@ filterwarnings = [ "error", # pytest often causes unclosed socket warnings 'ignore:unclosed