jpadilla · jpadilla · Jan 22, 2014 · Jan 22, 2014
diff --git a/rest_framework_jwt/runtests/settings.py b/rest_framework_jwt/runtests/settings.py
@@ -23,6 +23,17 @@
     'django.contrib.staticfiles',
 )
 
+# OAuth2 is optional and won't work if there is no provider & oauth2
+try:
+    import provider
+except ImportError:
+    pass
+else:
+    INSTALLED_APPS += (
+        'provider',
+        'provider.oauth2',
+    )
+
 MIDDLEWARE_CLASSES = (
     'django.contrib.sessions.middleware.SessionMiddleware',
     'django.middleware.common.CommonMiddleware',

diff --git a/rest_framework_jwt/tests/test_authentication.py b/rest_framework_jwt/tests/test_authentication.py
@@ -1,13 +1,17 @@
-from django.test import TestCase
-from django.http import HttpResponse
 from django.contrib.auth.models import User
+from django.http import HttpResponse
+from django.test import TestCase
+from django.utils import unittest
+
 from rest_framework import permissions, status
+from rest_framework.authentication import OAuth2Authentication
+from rest_framework.compat import oauth2_provider, oauth2_provider_models
 from rest_framework.compat import patterns
 from rest_framework.test import APIRequestFactory, APIClient
 from rest_framework.views import APIView
 
-from rest_framework_jwt.authentication import JSONWebTokenAuthentication
 from rest_framework_jwt import utils
+from rest_framework_jwt.authentication import JSONWebTokenAuthentication
 
 
 factory = APIRequestFactory()
@@ -27,6 +31,10 @@ def post(self, request):
     '',
     (r'^jwt/$', MockView.as_view(
      authentication_classes=[JSONWebTokenAuthentication])),
+    (r'^jwt-oauth2/$', MockView.as_view(
+     authentication_classes=[JSONWebTokenAuthentication, OAuth2Authentication])),
+    (r'^oauth2-jwt/$', MockView.as_view(
+     authentication_classes=[OAuth2Authentication, JSONWebTokenAuthentication])),
 )
 
 
@@ -149,3 +157,43 @@ def test_post_invalid_token_failing_jwt_auth(self):
         self.assertEqual(response.data['detail'], msg)
         self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
         self.assertEqual(response['WWW-Authenticate'], 'Bearer realm="api"')
+
+    @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
+    def test_post_passing_jwt_auth_with_oauth2_priority(self):
+        """
+        Ensure POSTing over JWT auth with correct credentials
+        passes and does not require CSRF when OAuth2Authentication
+        has priority on authentication_classes
+        """
+        payload = utils.jwt_payload_handler(self.user)
+        token = utils.jwt_encode_handler(payload)
+
+        auth = 'Bearer {0}'.format(token)
+        response = self.csrf_client.post(
+            '/oauth2-jwt/', {'example': 'example'},
+            HTTP_AUTHORIZATION=auth, format='json')
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK, response)
+
+    @unittest.skipUnless(oauth2_provider, 'django-oauth2-provider not installed')
+    def test_post_passing_oauth2_with_jwt_auth_priority(self):
+        """
+        Ensure POSTing over OAuth2 with correct credentials
+        passes and does not require CSRF when JSONWebTokenAuthentication
+        has priority on authentication_classes
+        """
+        oauth2_client = oauth2_provider_models.Client.objects.create(
+            user=self.user,
+            client_type=0,
+        )
+        access_token = oauth2_provider_models.AccessToken.objects.create(
+            user=self.user,
+            client=oauth2_client,
+        )
+
+        auth = 'Bearer {0}'.format(access_token.token)
+        response = self.csrf_client.post(
+            '/jwt-oauth2/', {'example': 'example'},
+            HTTP_AUTHORIZATION=auth, format='json')
+
+        self.assertEqual(response.status_code, status.HTTP_200_OK, response)
diff --git a/tox.ini b/tox.ini
@@ -0,0 +1,8 @@
+[tox]
+envlist = py27
+
+[testenv]
+deps = -rrequirements.txt
+	   django-oauth2-provider
+commands = {envpython} rest_framework_jwt/runtests/runtests.py
+