1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match().

This commit is contained in:
Chris Jerdonek 2021-06-30 12:17:58 -04:00 committed by Mariusz Felisiak
parent 4b6208ffdd
commit 7132341255
4 changed files with 8 additions and 8 deletions

View File

@ -138,7 +138,7 @@ def _sanitize_token(token):
return token
def _compare_masked_tokens(request_csrf_token, csrf_token):
def _does_token_match(request_csrf_token, csrf_token):
# Assume both arguments are sanitized -- that is, strings of
# length CSRF_TOKEN_LENGTH, all CSRF_ALLOWED_CHARS.
return constant_time_compare(
@ -369,7 +369,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
reason = self._bad_token_message(exc.reason, token_source)
raise RejectRequest(reason)
if not _compare_masked_tokens(request_csrf_token, csrf_token):
if not _does_token_match(request_csrf_token, csrf_token):
reason = self._bad_token_message('incorrect', token_source)
raise RejectRequest(reason)

View File

@ -1,5 +1,5 @@
from django.http import HttpRequest
from django.middleware.csrf import _compare_masked_tokens as equivalent_tokens
from django.middleware.csrf import _does_token_match as equivalent_tokens
from django.template.context_processors import csrf
from django.test import SimpleTestCase

View File

@ -7,8 +7,8 @@ from django.http import HttpRequest, HttpResponse, UnreadablePostError
from django.middleware.csrf import (
CSRF_ALLOWED_CHARS, CSRF_SESSION_KEY, CSRF_TOKEN_LENGTH, REASON_BAD_ORIGIN,
REASON_CSRF_TOKEN_MISSING, REASON_NO_CSRF_COOKIE, CsrfViewMiddleware,
RejectRequest, _compare_masked_tokens as equivalent_tokens,
_mask_cipher_secret, _unmask_cipher_token, get_token,
RejectRequest, _does_token_match, _mask_cipher_secret, _unmask_cipher_token,
get_token,
)
from django.test import SimpleTestCase, override_settings
from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
@ -209,7 +209,7 @@ class CsrfViewMiddlewareTestMixin:
match = re.search('name="csrfmiddlewaretoken" value="(.*?)"', text)
csrf_token = csrf_id or self._csrf_id_token
self.assertTrue(
match and equivalent_tokens(csrf_token, match[1]),
match and _does_token_match(csrf_token, match[1]),
"Could not find csrfmiddlewaretoken to match %s" % csrf_token
)
@ -1296,4 +1296,4 @@ class CsrfInErrorHandlingViewsTests(SimpleTestCase):
response = self.client.get('/does not exist/')
self.assertEqual(response.status_code, 599)
token2 = response.content
self.assertTrue(equivalent_tokens(token1.decode('ascii'), token2.decode('ascii')))
self.assertTrue(_does_token_match(token1.decode('ascii'), token2.decode('ascii')))

View File

@ -3,7 +3,7 @@ import re
from django.forms import CharField, Form, Media
from django.http import HttpRequest, HttpResponse
from django.middleware.csrf import (
CsrfViewMiddleware, _compare_masked_tokens as equivalent_tokens, get_token,
CsrfViewMiddleware, _does_token_match as equivalent_tokens, get_token,
)
from django.template import TemplateDoesNotExist, TemplateSyntaxError
from django.template.backends.dummy import TemplateStrings