Django Testing Client POST Request, Getting 403 Error-CodePudding

I'm trying to test some client requests for the first time, and I am able to successfully sent a POST request to register a new user. However, when I attempt to login, I receive a 403 error and I'm not sure what is causing it... thinking maybe I've missed something in the test? I am successfully able to login on my deployed app.

Error message:

======================================================================
FAIL: test_user_login_POST (jwt_auth.tests.TestUsers)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/jz/Development/BetterCred/jwt_auth/tests.py", line 32, in test_user_login_POST
    self.assertEqual(response.status_code, 202)
AssertionError: 403 != 202

----------------------------------------------------------------------
Ran 3 tests in 1.416s

Test:

def setUp(self):
        User.objects.create(
            username = 'JohnnyBoy',
            password = 'pass123!',
            email = "[email protected]",
            first_name = "John",
            last_name = "Smith",
        )

def test_user_login_POST(self):
        req_url = reverse('user-login')
        login_details = {
            'username': 'JohnnyBoy',
            'password': 'pass123!'
        }

        response = self.client.post(req_url, login_details, content_type="application/json")

        print(response)
        self.assertEqual(response.status_code, 202)

View (I added code=404 to see if my test was hitting that point, but doesn't seem like it):

class LoginView(APIView):

    # POST - Login a user and return a token
    def post(self, request):

        username = request.data.get('username')
        password = request.data.get('password')

        try:
            user_to_login = User.objects.get(username = username)
        except User.DoesNotExist:
            raise PermissionDenied('Invalid credentials.', code = 404)
        
        if not User.check_password(user_to_login, password):
            raise PermissionDenied('Invalid credentials.', code = 404)
        
        exp_time = datetime.now()   timedelta(weeks = 1)

        token = jwt.encode(
            {
                'sub': user_to_login.id,
                'exp': int(exp_time.strftime('%s')),
            }, 
            settings.SECRET_KEY,
            'HS256'
        )

        return Response(
            { 
                'message': f'Welcome back {user_to_login.first_name}!',
                'token': token,
            },
            status.HTTP_202_ACCEPTED
        )

I appreciate any suggestions or tips!

CodePudding user response：

After reading the Django testing documentation further, I learned that I can't simply set the password of the User I created for testing directly using 'password': 'pass123!', but instead need to use .set_password(), as the password needs to be stored in a correctly hashed format.

Snippet of the relevant Django documentation below for anyone who runs into a similar issue as me in the future!:

Remember that if you want your test user to have a password, you can’t set the user’s password by setting the password attribute directly – you must use the set_password() function to store a correctly hashed password. Alternatively, you can use the create_user() helper method to create a new user with a correctly hashed password.