1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Refs #32885 -- Used _read_csrf_cookie()/_set_csrf_cookie() in more CSRF tests.

This commit is contained in:
Chris Jerdonek 2021-06-29 10:18:17 -04:00 committed by Mariusz Felisiak
parent abc8795632
commit 43d1ea6e2f

View File

@ -349,7 +349,7 @@ class CsrfViewMiddlewareTestMixin:
A new token is sent if the csrf_cookie is the empty string.
"""
req = self._get_request()
req.COOKIES[settings.CSRF_COOKIE_NAME] = ""
self._set_csrf_cookie(req, '')
mw = CsrfViewMiddleware(token_view)
mw.process_view(req, token_view, (), {})
resp = token_view(req)
@ -881,7 +881,8 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
"""
req = self._get_request()
resp = ensure_csrf_cookie_view(req)
self.assertTrue(resp.cookies.get(settings.CSRF_COOKIE_NAME, False))
csrf_cookie = self._read_csrf_cookie(req, resp)
self.assertTrue(csrf_cookie)
self.assertIn('Cookie', resp.get('Vary', ''))
def test_ensures_csrf_cookie_with_middleware(self):
@ -893,7 +894,8 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
mw = CsrfViewMiddleware(ensure_csrf_cookie_view)
mw.process_view(req, ensure_csrf_cookie_view, (), {})
resp = mw(req)
self.assertTrue(resp.cookies.get(settings.CSRF_COOKIE_NAME, False))
csrf_cookie = self._read_csrf_cookie(req, resp)
self.assertTrue(csrf_cookie)
self.assertIn('Cookie', resp.get('Vary', ''))
def test_csrf_cookie_age(self):
@ -965,12 +967,12 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
created.
"""
req = self._get_request()
req.COOKIES[settings.CSRF_COOKIE_NAME] = 'x' * 100000
self._set_csrf_cookie(req, 'x' * 100000)
mw = CsrfViewMiddleware(token_view)
mw.process_view(req, token_view, (), {})
resp = mw(req)
csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, False)
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
csrf_cookie = self._read_csrf_cookie(req, resp)
self.assertEqual(len(csrf_cookie), CSRF_TOKEN_LENGTH)
def test_process_view_token_invalid_chars(self):
"""
@ -979,13 +981,13 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
"""
token = ('!@#' + self._csrf_id_token)[:CSRF_TOKEN_LENGTH]
req = self._get_request()
req.COOKIES[settings.CSRF_COOKIE_NAME] = token
self._set_csrf_cookie(req, token)
mw = CsrfViewMiddleware(token_view)
mw.process_view(req, token_view, (), {})
resp = mw(req)
csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, False)
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
self.assertNotEqual(csrf_cookie.value, token)
csrf_cookie = self._read_csrf_cookie(req, resp)
self.assertEqual(len(csrf_cookie), CSRF_TOKEN_LENGTH)
self.assertNotEqual(csrf_cookie, token)
def test_masked_unmasked_combinations(self):
"""
@ -1024,10 +1026,9 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
resp = mw.process_view(req, token_view, (), {})
self.assertIsNone(resp)
resp = mw(req)
self.assertIn(settings.CSRF_COOKIE_NAME, resp.cookies, "Cookie was not reset from bare secret")
csrf_cookie = resp.cookies[settings.CSRF_COOKIE_NAME]
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
self._check_token_present(resp, csrf_id=csrf_cookie.value)
csrf_cookie = self._read_csrf_cookie(req, resp)
self.assertEqual(len(csrf_cookie), CSRF_TOKEN_LENGTH)
self._check_token_present(resp, csrf_id=csrf_cookie)
@override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_COOKIE_DOMAIN='.example.com', USE_X_FORWARDED_PORT=True)
def test_https_good_referer_behind_proxy(self):
@ -1080,7 +1081,7 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
def _set_csrf_cookie(self, req, cookie):
req.session[CSRF_SESSION_KEY] = cookie
def _read_csrf_cookie(self, req, resp):
def _read_csrf_cookie(self, req, resp=None):
"""
Return the CSRF cookie as a string, or False if no cookie is present.
"""
@ -1124,7 +1125,8 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
"""The ensure_csrf_cookie() decorator works without middleware."""
req = self._get_request()
ensure_csrf_cookie_view(req)
self.assertTrue(req.session.get(CSRF_SESSION_KEY, False))
csrf_cookie = self._read_csrf_cookie(req)
self.assertTrue(csrf_cookie)
def test_session_modify(self):
"""The session isn't saved if the CSRF cookie is unchanged."""
@ -1132,7 +1134,8 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
mw = CsrfViewMiddleware(ensure_csrf_cookie_view)
mw.process_view(req, ensure_csrf_cookie_view, (), {})
mw(req)
self.assertIsNotNone(req.session.get(CSRF_SESSION_KEY))
csrf_cookie = self._read_csrf_cookie(req)
self.assertTrue(csrf_cookie)
req.session.modified = False
mw.process_view(req, ensure_csrf_cookie_view, (), {})
mw(req)
@ -1147,7 +1150,8 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
mw = CsrfViewMiddleware(ensure_csrf_cookie_view)
mw.process_view(req, ensure_csrf_cookie_view, (), {})
mw(req)
self.assertTrue(req.session.get(CSRF_SESSION_KEY, False))
csrf_cookie = self._read_csrf_cookie(req)
self.assertTrue(csrf_cookie)
@override_settings(
ALLOWED_HOSTS=['www.example.com'],