mirror of https://github.com/django/django.git
Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match().
This commit is contained in:
parent
4b6208ffdd
commit
7132341255
|
@ -138,7 +138,7 @@ def _sanitize_token(token):
|
||||||
return token
|
return token
|
||||||
|
|
||||||
|
|
||||||
def _compare_masked_tokens(request_csrf_token, csrf_token):
|
def _does_token_match(request_csrf_token, csrf_token):
|
||||||
# Assume both arguments are sanitized -- that is, strings of
|
# Assume both arguments are sanitized -- that is, strings of
|
||||||
# length CSRF_TOKEN_LENGTH, all CSRF_ALLOWED_CHARS.
|
# length CSRF_TOKEN_LENGTH, all CSRF_ALLOWED_CHARS.
|
||||||
return constant_time_compare(
|
return constant_time_compare(
|
||||||
|
@ -369,7 +369,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
|
||||||
reason = self._bad_token_message(exc.reason, token_source)
|
reason = self._bad_token_message(exc.reason, token_source)
|
||||||
raise RejectRequest(reason)
|
raise RejectRequest(reason)
|
||||||
|
|
||||||
if not _compare_masked_tokens(request_csrf_token, csrf_token):
|
if not _does_token_match(request_csrf_token, csrf_token):
|
||||||
reason = self._bad_token_message('incorrect', token_source)
|
reason = self._bad_token_message('incorrect', token_source)
|
||||||
raise RejectRequest(reason)
|
raise RejectRequest(reason)
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
from django.http import HttpRequest
|
from django.http import HttpRequest
|
||||||
from django.middleware.csrf import _compare_masked_tokens as equivalent_tokens
|
from django.middleware.csrf import _does_token_match as equivalent_tokens
|
||||||
from django.template.context_processors import csrf
|
from django.template.context_processors import csrf
|
||||||
from django.test import SimpleTestCase
|
from django.test import SimpleTestCase
|
||||||
|
|
||||||
|
|
|
@ -7,8 +7,8 @@ from django.http import HttpRequest, HttpResponse, UnreadablePostError
|
||||||
from django.middleware.csrf import (
|
from django.middleware.csrf import (
|
||||||
CSRF_ALLOWED_CHARS, CSRF_SESSION_KEY, CSRF_TOKEN_LENGTH, REASON_BAD_ORIGIN,
|
CSRF_ALLOWED_CHARS, CSRF_SESSION_KEY, CSRF_TOKEN_LENGTH, REASON_BAD_ORIGIN,
|
||||||
REASON_CSRF_TOKEN_MISSING, REASON_NO_CSRF_COOKIE, CsrfViewMiddleware,
|
REASON_CSRF_TOKEN_MISSING, REASON_NO_CSRF_COOKIE, CsrfViewMiddleware,
|
||||||
RejectRequest, _compare_masked_tokens as equivalent_tokens,
|
RejectRequest, _does_token_match, _mask_cipher_secret, _unmask_cipher_token,
|
||||||
_mask_cipher_secret, _unmask_cipher_token, get_token,
|
get_token,
|
||||||
)
|
)
|
||||||
from django.test import SimpleTestCase, override_settings
|
from django.test import SimpleTestCase, override_settings
|
||||||
from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
|
from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
|
||||||
|
@ -209,7 +209,7 @@ class CsrfViewMiddlewareTestMixin:
|
||||||
match = re.search('name="csrfmiddlewaretoken" value="(.*?)"', text)
|
match = re.search('name="csrfmiddlewaretoken" value="(.*?)"', text)
|
||||||
csrf_token = csrf_id or self._csrf_id_token
|
csrf_token = csrf_id or self._csrf_id_token
|
||||||
self.assertTrue(
|
self.assertTrue(
|
||||||
match and equivalent_tokens(csrf_token, match[1]),
|
match and _does_token_match(csrf_token, match[1]),
|
||||||
"Could not find csrfmiddlewaretoken to match %s" % csrf_token
|
"Could not find csrfmiddlewaretoken to match %s" % csrf_token
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -1296,4 +1296,4 @@ class CsrfInErrorHandlingViewsTests(SimpleTestCase):
|
||||||
response = self.client.get('/does not exist/')
|
response = self.client.get('/does not exist/')
|
||||||
self.assertEqual(response.status_code, 599)
|
self.assertEqual(response.status_code, 599)
|
||||||
token2 = response.content
|
token2 = response.content
|
||||||
self.assertTrue(equivalent_tokens(token1.decode('ascii'), token2.decode('ascii')))
|
self.assertTrue(_does_token_match(token1.decode('ascii'), token2.decode('ascii')))
|
||||||
|
|
|
@ -3,7 +3,7 @@ import re
|
||||||
from django.forms import CharField, Form, Media
|
from django.forms import CharField, Form, Media
|
||||||
from django.http import HttpRequest, HttpResponse
|
from django.http import HttpRequest, HttpResponse
|
||||||
from django.middleware.csrf import (
|
from django.middleware.csrf import (
|
||||||
CsrfViewMiddleware, _compare_masked_tokens as equivalent_tokens, get_token,
|
CsrfViewMiddleware, _does_token_match as equivalent_tokens, get_token,
|
||||||
)
|
)
|
||||||
from django.template import TemplateDoesNotExist, TemplateSyntaxError
|
from django.template import TemplateDoesNotExist, TemplateSyntaxError
|
||||||
from django.template.backends.dummy import TemplateStrings
|
from django.template.backends.dummy import TemplateStrings
|
||||||
|
|
Loading…
Reference in New Issue