mirror of
https://github.com/django/django.git
synced 2024-12-22 17:16:24 +00:00
Refs #32800 -- Made CsrfViewMiddlewareTestMixin._csrf_id_cookie and _csrf_id_token different.
This also renames CsrfViewMiddlewareTestMixin._csrf_id to _csrf_id_token.
This commit is contained in:
parent
2523c32d50
commit
defa8d3d87
@ -88,7 +88,7 @@ class CsrfViewMiddlewareTestMixin:
|
||||
"""
|
||||
|
||||
_csrf_id_cookie = MASKED_TEST_SECRET1
|
||||
_csrf_id = MASKED_TEST_SECRET1
|
||||
_csrf_id_token = MASKED_TEST_SECRET2
|
||||
|
||||
def _get_GET_no_csrf_cookie_request(self):
|
||||
req = TestingHttpRequest()
|
||||
@ -125,12 +125,12 @@ class CsrfViewMiddlewareTestMixin:
|
||||
|
||||
def _get_POST_request_with_token(self, cookie=None):
|
||||
"""The cookie argument defaults to this class's default test cookie."""
|
||||
return self._get_POST_csrf_cookie_request(cookie=cookie, post_token=self._csrf_id)
|
||||
return self._get_POST_csrf_cookie_request(cookie=cookie, post_token=self._csrf_id_token)
|
||||
|
||||
def _check_token_present(self, response, csrf_id=None):
|
||||
text = str(response.content, response.charset)
|
||||
match = re.search('name="csrfmiddlewaretoken" value="(.*?)"', text)
|
||||
csrf_token = csrf_id or self._csrf_id
|
||||
csrf_token = csrf_id or self._csrf_id_token
|
||||
self.assertTrue(
|
||||
match and equivalent_tokens(csrf_token, match[1]),
|
||||
"Could not find csrfmiddlewaretoken to match %s" % csrf_token
|
||||
@ -267,7 +267,7 @@ class CsrfViewMiddlewareTestMixin:
|
||||
"""
|
||||
The token may be passed in a header instead of in the form.
|
||||
"""
|
||||
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id)
|
||||
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token)
|
||||
mw = CsrfViewMiddleware(post_form_view)
|
||||
mw.process_request(req)
|
||||
resp = mw.process_view(req, post_form_view, (), {})
|
||||
@ -279,7 +279,7 @@ class CsrfViewMiddlewareTestMixin:
|
||||
settings.CSRF_HEADER_NAME can be used to customize the CSRF header name
|
||||
"""
|
||||
req = self._get_POST_csrf_cookie_request(
|
||||
meta_token=self._csrf_id,
|
||||
meta_token=self._csrf_id_token,
|
||||
token_header='HTTP_X_CSRFTOKEN_CUSTOMIZED',
|
||||
)
|
||||
mw = CsrfViewMiddleware(post_form_view)
|
||||
@ -310,14 +310,14 @@ class CsrfViewMiddlewareTestMixin:
|
||||
"""
|
||||
HTTP PUT and DELETE can get through with X-CSRFToken and a cookie.
|
||||
"""
|
||||
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id)
|
||||
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token)
|
||||
req.method = 'PUT'
|
||||
mw = CsrfViewMiddleware(post_form_view)
|
||||
mw.process_request(req)
|
||||
resp = mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(resp)
|
||||
|
||||
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id)
|
||||
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token)
|
||||
req.method = 'DELETE'
|
||||
mw.process_request(req)
|
||||
resp = mw.process_view(req, post_form_view, (), {})
|
||||
@ -681,7 +681,7 @@ class CsrfViewMiddlewareTestMixin:
|
||||
|
||||
POST = property(_get_post, _set_post)
|
||||
|
||||
token = ('ABC' + self._csrf_id)[:CSRF_TOKEN_LENGTH]
|
||||
token = ('ABC' + self._csrf_id_token)[:CSRF_TOKEN_LENGTH]
|
||||
|
||||
req = CsrfPostRequest(token, raise_error=False)
|
||||
mw = CsrfViewMiddleware(post_form_view)
|
||||
@ -965,7 +965,7 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
||||
If the token contains non-alphanumeric characters, it is ignored and a
|
||||
new token is created.
|
||||
"""
|
||||
token = ('!@#' + self._csrf_id)[:CSRF_TOKEN_LENGTH]
|
||||
token = ('!@#' + self._csrf_id_token)[:CSRF_TOKEN_LENGTH]
|
||||
req = self._get_GET_no_csrf_cookie_request()
|
||||
req.COOKIES[settings.CSRF_COOKIE_NAME] = token
|
||||
mw = CsrfViewMiddleware(token_view)
|
||||
|
Loading…
Reference in New Issue
Block a user