mirror of
https://github.com/django/django.git
synced 2025-01-03 15:06:09 +00:00
Refs #32800 -- Renamed _sanitize_token() to _check_token_format().
This commit is contained in:
parent
5d80843ebc
commit
3ff7f6cf07
@ -128,7 +128,7 @@ class InvalidTokenFormat(Exception):
|
|||||||
self.reason = reason
|
self.reason = reason
|
||||||
|
|
||||||
|
|
||||||
def _sanitize_token(token):
|
def _check_token_format(token):
|
||||||
"""
|
"""
|
||||||
Raise an InvalidTokenFormat error if the token has an invalid length or
|
Raise an InvalidTokenFormat error if the token has an invalid length or
|
||||||
characters that aren't allowed. The token argument can be a CSRF cookie
|
characters that aren't allowed. The token argument can be a CSRF cookie
|
||||||
@ -239,7 +239,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
|
|||||||
csrf_secret = None
|
csrf_secret = None
|
||||||
else:
|
else:
|
||||||
# This can raise InvalidTokenFormat.
|
# This can raise InvalidTokenFormat.
|
||||||
_sanitize_token(csrf_secret)
|
_check_token_format(csrf_secret)
|
||||||
if csrf_secret is None:
|
if csrf_secret is None:
|
||||||
return None
|
return None
|
||||||
# Django versions before 4.0 masked the secret before storing.
|
# Django versions before 4.0 masked the secret before storing.
|
||||||
@ -386,7 +386,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
|
|||||||
token_source = 'POST'
|
token_source = 'POST'
|
||||||
|
|
||||||
try:
|
try:
|
||||||
_sanitize_token(request_csrf_token)
|
_check_token_format(request_csrf_token)
|
||||||
except InvalidTokenFormat as exc:
|
except InvalidTokenFormat as exc:
|
||||||
reason = self._bad_token_message(exc.reason, token_source)
|
reason = self._bad_token_message(exc.reason, token_source)
|
||||||
raise RejectRequest(reason)
|
raise RejectRequest(reason)
|
||||||
|
@ -8,7 +8,7 @@ from django.middleware.csrf import (
|
|||||||
CSRF_ALLOWED_CHARS, CSRF_SECRET_LENGTH, CSRF_SESSION_KEY,
|
CSRF_ALLOWED_CHARS, CSRF_SECRET_LENGTH, CSRF_SESSION_KEY,
|
||||||
CSRF_TOKEN_LENGTH, REASON_BAD_ORIGIN, REASON_CSRF_TOKEN_MISSING,
|
CSRF_TOKEN_LENGTH, REASON_BAD_ORIGIN, REASON_CSRF_TOKEN_MISSING,
|
||||||
REASON_NO_CSRF_COOKIE, CsrfViewMiddleware, InvalidTokenFormat,
|
REASON_NO_CSRF_COOKIE, CsrfViewMiddleware, InvalidTokenFormat,
|
||||||
RejectRequest, _does_token_match, _mask_cipher_secret, _sanitize_token,
|
RejectRequest, _check_token_format, _does_token_match, _mask_cipher_secret,
|
||||||
_unmask_cipher_token, get_token, rotate_token,
|
_unmask_cipher_token, get_token, rotate_token,
|
||||||
)
|
)
|
||||||
from django.test import SimpleTestCase, override_settings
|
from django.test import SimpleTestCase, override_settings
|
||||||
@ -106,7 +106,7 @@ class CsrfFunctionTests(CsrfFunctionTestMixin, SimpleTestCase):
|
|||||||
self.assertNotEqual(cookie, TEST_SECRET)
|
self.assertNotEqual(cookie, TEST_SECRET)
|
||||||
self.assertIs(request.META['CSRF_COOKIE_NEEDS_UPDATE'], True)
|
self.assertIs(request.META['CSRF_COOKIE_NEEDS_UPDATE'], True)
|
||||||
|
|
||||||
def test_sanitize_token_valid(self):
|
def test_check_token_format_valid(self):
|
||||||
cases = [
|
cases = [
|
||||||
# A token of length CSRF_SECRET_LENGTH.
|
# A token of length CSRF_SECRET_LENGTH.
|
||||||
TEST_SECRET,
|
TEST_SECRET,
|
||||||
@ -116,10 +116,10 @@ class CsrfFunctionTests(CsrfFunctionTestMixin, SimpleTestCase):
|
|||||||
]
|
]
|
||||||
for token in cases:
|
for token in cases:
|
||||||
with self.subTest(token=token):
|
with self.subTest(token=token):
|
||||||
actual = _sanitize_token(token)
|
actual = _check_token_format(token)
|
||||||
self.assertIsNone(actual)
|
self.assertIsNone(actual)
|
||||||
|
|
||||||
def test_sanitize_token_invalid(self):
|
def test_check_token_format_invalid(self):
|
||||||
cases = [
|
cases = [
|
||||||
(64 * '*', 'has invalid characters'),
|
(64 * '*', 'has invalid characters'),
|
||||||
(16 * 'a', 'has incorrect length'),
|
(16 * 'a', 'has incorrect length'),
|
||||||
@ -127,7 +127,7 @@ class CsrfFunctionTests(CsrfFunctionTestMixin, SimpleTestCase):
|
|||||||
for token, expected_message in cases:
|
for token, expected_message in cases:
|
||||||
with self.subTest(token=token):
|
with self.subTest(token=token):
|
||||||
with self.assertRaisesMessage(InvalidTokenFormat, expected_message):
|
with self.assertRaisesMessage(InvalidTokenFormat, expected_message):
|
||||||
_sanitize_token(token)
|
_check_token_format(token)
|
||||||
|
|
||||||
def test_does_token_match(self):
|
def test_does_token_match(self):
|
||||||
cases = [
|
cases = [
|
||||||
|
Loading…
Reference in New Issue
Block a user