From 3f0025c18a08535ed39a64c24174f7e2d75b7b9e Mon Sep 17 00:00:00 2001 From: Chris Jerdonek Date: Tue, 17 Aug 2021 16:43:17 -0400 Subject: [PATCH] Refs #32800 -- Avoided use of _does_token_match() in some CSRF tests. --- tests/csrf_tests/test_context_processor.py | 7 ++++--- tests/csrf_tests/tests.py | 9 +++++---- tests/template_backends/test_dummy.py | 10 ++++++++-- 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/tests/csrf_tests/test_context_processor.py b/tests/csrf_tests/test_context_processor.py index ea1760f4b8..0949ed4e34 100644 --- a/tests/csrf_tests/test_context_processor.py +++ b/tests/csrf_tests/test_context_processor.py @@ -1,14 +1,15 @@ from django.http import HttpRequest -from django.middleware.csrf import _does_token_match as equivalent_tokens from django.template.context_processors import csrf from django.test import SimpleTestCase +from .tests import CsrfFunctionTestMixin -class TestContextProcessor(SimpleTestCase): + +class TestContextProcessor(CsrfFunctionTestMixin, SimpleTestCase): def test_force_token_to_string(self): request = HttpRequest() test_token = '1bcdefghij2bcdefghij3bcdefghij4bcdefghij5bcdefghij6bcdefghijABCD' request.META['CSRF_COOKIE'] = test_token token = csrf(request).get('csrf_token') - self.assertTrue(equivalent_tokens(str(token), test_token)) + self.assertMaskedSecretCorrect(token, 'lcccccccX2kcccccccY2jcccccccssIC') diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index 1ada6d9f18..60f1e32ba5 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -1396,13 +1396,14 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest @override_settings(ROOT_URLCONF='csrf_tests.csrf_token_error_handler_urls', DEBUG=False) -class CsrfInErrorHandlingViewsTests(SimpleTestCase): +class CsrfInErrorHandlingViewsTests(CsrfFunctionTestMixin, SimpleTestCase): def test_csrf_token_on_404_stays_constant(self): response = self.client.get('/does not exist/') # The error handler returns status code 599. self.assertEqual(response.status_code, 599) - token1 = response.content + token1 = response.content.decode('ascii') response = self.client.get('/does not exist/') self.assertEqual(response.status_code, 599) - token2 = response.content - self.assertTrue(_does_token_match(token1.decode('ascii'), token2.decode('ascii'))) + token2 = response.content.decode('ascii') + secret2 = _unmask_cipher_token(token2) + self.assertMaskedSecretCorrect(token1, secret2) diff --git a/tests/template_backends/test_dummy.py b/tests/template_backends/test_dummy.py index e945c23a78..8c8cef68ce 100644 --- a/tests/template_backends/test_dummy.py +++ b/tests/template_backends/test_dummy.py @@ -3,7 +3,7 @@ import re from django.forms import CharField, Form, Media from django.http import HttpRequest, HttpResponse from django.middleware.csrf import ( - CsrfViewMiddleware, _does_token_match as equivalent_tokens, get_token, + CSRF_TOKEN_LENGTH, CsrfViewMiddleware, _unmask_cipher_token, get_token, ) from django.template import TemplateDoesNotExist, TemplateSyntaxError from django.template.backends.dummy import TemplateStrings @@ -74,6 +74,12 @@ class TemplateStringsTests(SimpleTestCase): self.assertHTMLEqual(content, expected) + def check_tokens_equivalent(self, token1, token2): + self.assertEqual(len(token1), CSRF_TOKEN_LENGTH) + self.assertEqual(len(token2), CSRF_TOKEN_LENGTH) + token1, token2 = map(_unmask_cipher_token, (token1, token2)) + self.assertEqual(token1, token2) + def test_csrf_token(self): request = HttpRequest() CsrfViewMiddleware(lambda req: HttpResponse()).process_view(request, lambda r: None, (), {}) @@ -84,7 +90,7 @@ class TemplateStringsTests(SimpleTestCase): expected = '' match = re.match(expected, content) or re.match(expected.replace('"', "'"), content) self.assertTrue(match, "hidden csrftoken field not found in output") - self.assertTrue(equivalent_tokens(match[1], get_token(request))) + self.check_tokens_equivalent(match[1], get_token(request)) def test_no_directory_traversal(self): with self.assertRaises(TemplateDoesNotExist):