1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Refs #32800 -- Made CsrfViewMiddlewareTestMixin._csrf_id_cookie and _csrf_id_token different.

This also renames CsrfViewMiddlewareTestMixin._csrf_id to _csrf_id_token.
This commit is contained in:
Chris Jerdonek 2021-06-02 03:34:47 -07:00 committed by Mariusz Felisiak
parent 2523c32d50
commit defa8d3d87

View File

@ -88,7 +88,7 @@ class CsrfViewMiddlewareTestMixin:
"""
_csrf_id_cookie = MASKED_TEST_SECRET1
_csrf_id = MASKED_TEST_SECRET1
_csrf_id_token = MASKED_TEST_SECRET2
def _get_GET_no_csrf_cookie_request(self):
req = TestingHttpRequest()
@ -125,12 +125,12 @@ class CsrfViewMiddlewareTestMixin:
def _get_POST_request_with_token(self, cookie=None):
"""The cookie argument defaults to this class's default test cookie."""
return self._get_POST_csrf_cookie_request(cookie=cookie, post_token=self._csrf_id)
return self._get_POST_csrf_cookie_request(cookie=cookie, post_token=self._csrf_id_token)
def _check_token_present(self, response, csrf_id=None):
text = str(response.content, response.charset)
match = re.search('name="csrfmiddlewaretoken" value="(.*?)"', text)
csrf_token = csrf_id or self._csrf_id
csrf_token = csrf_id or self._csrf_id_token
self.assertTrue(
match and equivalent_tokens(csrf_token, match[1]),
"Could not find csrfmiddlewaretoken to match %s" % csrf_token
@ -267,7 +267,7 @@ class CsrfViewMiddlewareTestMixin:
"""
The token may be passed in a header instead of in the form.
"""
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id)
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token)
mw = CsrfViewMiddleware(post_form_view)
mw.process_request(req)
resp = mw.process_view(req, post_form_view, (), {})
@ -279,7 +279,7 @@ class CsrfViewMiddlewareTestMixin:
settings.CSRF_HEADER_NAME can be used to customize the CSRF header name
"""
req = self._get_POST_csrf_cookie_request(
meta_token=self._csrf_id,
meta_token=self._csrf_id_token,
token_header='HTTP_X_CSRFTOKEN_CUSTOMIZED',
)
mw = CsrfViewMiddleware(post_form_view)
@ -310,14 +310,14 @@ class CsrfViewMiddlewareTestMixin:
"""
HTTP PUT and DELETE can get through with X-CSRFToken and a cookie.
"""
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id)
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token)
req.method = 'PUT'
mw = CsrfViewMiddleware(post_form_view)
mw.process_request(req)
resp = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(resp)
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id)
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token)
req.method = 'DELETE'
mw.process_request(req)
resp = mw.process_view(req, post_form_view, (), {})
@ -681,7 +681,7 @@ class CsrfViewMiddlewareTestMixin:
POST = property(_get_post, _set_post)
token = ('ABC' + self._csrf_id)[:CSRF_TOKEN_LENGTH]
token = ('ABC' + self._csrf_id_token)[:CSRF_TOKEN_LENGTH]
req = CsrfPostRequest(token, raise_error=False)
mw = CsrfViewMiddleware(post_form_view)
@ -965,7 +965,7 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
If the token contains non-alphanumeric characters, it is ignored and a
new token is created.
"""
token = ('!@#' + self._csrf_id)[:CSRF_TOKEN_LENGTH]
token = ('!@#' + self._csrf_id_token)[:CSRF_TOKEN_LENGTH]
req = self._get_GET_no_csrf_cookie_request()
req.COOKIES[settings.CSRF_COOKIE_NAME] = token
mw = CsrfViewMiddleware(token_view)