mirror of
https://github.com/django/django.git
synced 2024-12-22 17:16:24 +00:00
Fixed #32885 -- Removed cookie-based token specific logic from CsrfViewMiddlewareTestMixin.
This commit is contained in:
parent
e3d55eeb14
commit
abc8795632
@ -93,6 +93,12 @@ class CsrfViewMiddlewareTestMixin:
|
||||
def _set_csrf_cookie(self, req, cookie):
|
||||
raise NotImplementedError('This method must be implemented by a subclass.')
|
||||
|
||||
def _read_csrf_cookie(self, req, resp):
|
||||
"""
|
||||
Return the CSRF cookie as a string, or False if no cookie is present.
|
||||
"""
|
||||
raise NotImplementedError('This method must be implemented by a subclass.')
|
||||
|
||||
def _get_request(self, method=None, cookie=None):
|
||||
if method is None:
|
||||
method = 'GET'
|
||||
@ -164,7 +170,7 @@ class CsrfViewMiddlewareTestMixin:
|
||||
mw.process_view(req, non_token_view_using_request_processor, (), {})
|
||||
resp = mw(req)
|
||||
|
||||
csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, False)
|
||||
csrf_cookie = self._read_csrf_cookie(req, resp)
|
||||
self.assertIs(csrf_cookie, False)
|
||||
|
||||
def _check_bad_or_missing_cookie(self, cookie, expected):
|
||||
@ -391,8 +397,8 @@ class CsrfViewMiddlewareTestMixin:
|
||||
mw = CsrfViewMiddleware(token_view)
|
||||
mw.process_view(req, token_view, (), {})
|
||||
resp = mw(req)
|
||||
csrf_cookie = resp.cookies[settings.CSRF_COOKIE_NAME]
|
||||
self._check_token_present(resp, csrf_id=csrf_cookie.value)
|
||||
csrf_cookie = self._read_csrf_cookie(req, resp)
|
||||
self._check_token_present(resp, csrf_id=csrf_cookie)
|
||||
|
||||
def test_cookie_not_reset_on_accepted_request(self):
|
||||
"""
|
||||
@ -405,12 +411,11 @@ class CsrfViewMiddlewareTestMixin:
|
||||
mw.process_request(req)
|
||||
mw.process_view(req, token_view, (), {})
|
||||
resp = mw(req)
|
||||
csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, None)
|
||||
if csrf_cookie:
|
||||
self.assertEqual(
|
||||
csrf_cookie.value, self._csrf_id_cookie,
|
||||
"CSRF cookie was changed on an accepted request"
|
||||
)
|
||||
csrf_cookie = self._read_csrf_cookie(req, resp)
|
||||
self.assertEqual(
|
||||
csrf_cookie, self._csrf_id_cookie,
|
||||
'CSRF cookie was changed on an accepted request',
|
||||
)
|
||||
|
||||
@override_settings(DEBUG=True, ALLOWED_HOSTS=['www.example.com'])
|
||||
def test_https_bad_referer(self):
|
||||
@ -861,6 +866,15 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
||||
def _set_csrf_cookie(self, req, cookie):
|
||||
req.COOKIES[settings.CSRF_COOKIE_NAME] = cookie
|
||||
|
||||
def _read_csrf_cookie(self, req, resp):
|
||||
"""
|
||||
Return the CSRF cookie as a string, or False if no cookie is present.
|
||||
"""
|
||||
if settings.CSRF_COOKIE_NAME not in resp.cookies:
|
||||
return False
|
||||
csrf_cookie = resp.cookies[settings.CSRF_COOKIE_NAME]
|
||||
return csrf_cookie.value
|
||||
|
||||
def test_ensures_csrf_cookie_no_middleware(self):
|
||||
"""
|
||||
The ensure_csrf_cookie() decorator works without middleware.
|
||||
@ -1066,6 +1080,14 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
|
||||
def _set_csrf_cookie(self, req, cookie):
|
||||
req.session[CSRF_SESSION_KEY] = cookie
|
||||
|
||||
def _read_csrf_cookie(self, req, resp):
|
||||
"""
|
||||
Return the CSRF cookie as a string, or False if no cookie is present.
|
||||
"""
|
||||
if CSRF_SESSION_KEY not in req.session:
|
||||
return False
|
||||
return req.session[CSRF_SESSION_KEY]
|
||||
|
||||
def test_no_session_on_request(self):
|
||||
msg = (
|
||||
'CSRF_USE_SESSIONS is enabled, but request.session is not set. '
|
||||
@ -1127,18 +1149,6 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
|
||||
mw(req)
|
||||
self.assertTrue(req.session.get(CSRF_SESSION_KEY, False))
|
||||
|
||||
def test_token_node_with_new_csrf_cookie(self):
|
||||
"""
|
||||
CsrfTokenNode works when a CSRF cookie is created by the middleware
|
||||
(when one was not already present).
|
||||
"""
|
||||
req = self._get_request()
|
||||
mw = CsrfViewMiddleware(token_view)
|
||||
mw.process_view(req, token_view, (), {})
|
||||
resp = mw(req)
|
||||
csrf_cookie = req.session[CSRF_SESSION_KEY]
|
||||
self._check_token_present(resp, csrf_id=csrf_cookie)
|
||||
|
||||
@override_settings(
|
||||
ALLOWED_HOSTS=['www.example.com'],
|
||||
SESSION_COOKIE_DOMAIN='.example.com',
|
||||
|
Loading…
Reference in New Issue
Block a user