Django user login error, all request from the same user
Im trying to login users using the default Login System, however when a user login it rewrites all requests from other users like it was from the user that just login to the platform
class CustomLoginView(LoginView):
def __init__(self, **kwargs: Any) -> None:
super().__init__(**kwargs)
i make some test to reproduce the error:
@patch('django.middleware.csrf.CsrfViewMiddleware.process_view')
@patch('djoser.views.settings.PERMISSIONS.user_delete')
def test_login_user_with_other_session_opened_with_3_users(self, mock_user_delete, mock_process_view):
mock_process_view.return_value = None
mock_user_delete.return_value = True
logger.debug("user created")
first_user = self.client.post(reverse('rest_framework:login'),data={"username":self.first_user.email, "password":"1am_th30nE"})
second_user = self.client.post(reverse('rest_framework:login'),data={"username":self.second_user.email, "password":"1am_th30nE"})
third_user = self.client.post(reverse('rest_framework:login'),data={"username":self.third_user.email, "password":"1am_th30nE"})
first_user = first_user.client.get(reverse('v1:auth-me'))
second_user = second_user.client.get(reverse('v1:auth-me'))
third_user = third_user.client.get(reverse('v1:auth-me'))
self.assertEqual(first_user.wsgi_request.user.email, self.first_user.email)
self.assertEqual(second_user.wsgi_request.user.email, self.second_user.email)
self.assertEqual(third_user.wsgi_request.user.email, self.third_user.email)
this returns a failure in all the cases bc the email in the wsgi request is always the mail of the second user
i dont have any idea about this is happening
In Django when you perform actions with the self.client object in tests, it uses the same session across all requests within the same test case, unless explicitly told to use different sessions. You can try something like this
# Create different client instances for each user
first_client = Client()
second_client = Client()
third_client = Client()
# Login with separate clients
first_user = first_client.post(reverse('rest_framework:login'), data={"username": self.first_user.email, "password": "1am_th30nE"})
second_user = second_client.post(reverse('rest_framework:login'), data={"username": self.second_user.email, "password": "1am_th30nE"})
third_user = third_client.post(reverse('rest_framework:login'), data={"username": self.third_user.email, "password": "1am_th30nE"})
# Fetch authenticated user info
first_user_data = first_client.get(reverse('v1:auth-me'))
second_user_data = second_client.get(reverse('v1:auth-me'))
third_user_data = third_client.get(reverse('v1:auth-me'))
# Assertions
self.assertEqual(first_user_data.wsgi_request.user.email, self.first_user.email)
self.assertEqual(second_user_data.wsgi_request.user.email, self.second_user.email)
self.assertEqual(third_user_data.wsgi_request.user.email, self.third_user.email)
Using different Client instances in test was better to avoid confussions in the request, but van osem was right it was a global state that was making this weird behavior, so the lesson here is you should avoid use global