Add test for AuthenticationMiddleware not being reached (and no user attribute on Request)

willstott101 · willstott101 · commit f5db669e87ee · 2021-11-05T10:16:03.000Z
diff --git a/django_session_jwt/settings.py b/django_session_jwt/settings.py
@@ -75,8 +75,9 @@
 )
 
 MIDDLEWARE = (
-    'django.middleware.common.CommonMiddleware',
     'django_session_jwt.middleware.SessionMiddleware',
+    # MiddlewareFailTestCase relies on this ordering.
+    'django.middleware.common.CommonMiddleware',
     'django.middleware.csrf.CsrfViewMiddleware',
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
diff --git a/django_session_jwt/tests.py b/django_session_jwt/tests.py
@@ -133,6 +133,16 @@ def test_unauthenicated_view(self):
                 r.cookies.get(settings.SESSION_COOKIE_NAME).value)
         self.assertNotEqual(jwt1['iat'], jwt2['iat'])
 
+    def test_middleware_early_return(self):
+        """
+        By passing an incorrect HOST, CommonMiddleware returns early before
+        AuthenticationMiddleware is reached. We test this to ensure we don't error in
+        process_response, and end up hiding the real error with a HTTP 500
+        """
+        response = self.client.post('/login/', {'username': 'john', 'password': 'password'},
+            HTTP_HOST="blahblah.com")
+        self.assertEqual(response.status_code, 400)
+
 
 class TestClientTestCase(BaseTestCase):
     def test_login(self):
