Fixed #7776: Ensured that the test cookie is always deleted once a login has succeeded. Thanks for the report and fix, Mnewman.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8484 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-10-24 06:06:09 +00:00 · 2008-08-23 14:12:58 +00:00
parent 0f869f905e
commit a9ee1d4e28
2 changed files with 5 additions and 1 deletions
--- a/tests/regressiontests/admin_views/tests.py
+++ b/tests/regressiontests/admin_views/tests.py
@@ -237,6 +237,8 @@ class AdminViewPermissionsTest(TestCase):
        # Change User should not have access to add articles
        self.client.get('/test_admin/admin/')
        self.client.post('/test_admin/admin/', self.changeuser_login)
+        # make sure the view removes test cookie
+        self.failUnlessEqual(self.client.session.test_cookie_worked(), False)
        request = self.client.get('/test_admin/admin/admin_views/article/add/')
        self.failUnlessEqual(request.status_code, 403)
        # Try POST just to make sure
@@ -266,6 +268,8 @@ class AdminViewPermissionsTest(TestCase):
        self.assertContains(post, 'Please log in again, because your session has expired.')
        self.super_login['post_data'] = _encode_post_data(add_dict)
        post = self.client.post('/test_admin/admin/admin_views/article/add/', self.super_login)
+        # make sure the view removes test cookie
+        self.failUnlessEqual(self.client.session.test_cookie_worked(), False)
        self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
        self.failUnlessEqual(Article.objects.all().count(), 4)
        self.client.get('/test_admin/admin/logout/')