innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Refs #32843 -- Added CsrfViewMiddlewareTestMixin._get_csrf_cookie_request() hook.

This commit is contained in:
Chris Jerdonek 2021-06-23 10:34:48 -04:00 committed by Mariusz Felisiak
parent c8439d1dba
commit 594d6e9407
1 changed files with 25 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
tests/csrf_tests/tests.py
View File

@ -102,34 +102,37 @@ class CsrfViewMiddlewareTestMixin:
self._set_csrf_cookie(req, cookie) self._set_csrf_cookie(req, cookie)
return req return req
def _get_GET_csrf_cookie_request(self, cookie=None): def _get_csrf_cookie_request(
"""The cookie argument defaults to the valid test cookie.""" self, method=None, cookie=None, post_token=None, meta_token=None,
if cookie is None: token_header=None,
cookie = self._csrf_id_cookie
req = self._get_request()
self._set_csrf_cookie(req, cookie)
return req
def _get_POST_csrf_cookie_request(
self, cookie=None, post_token=None, meta_token=None, token_header=None,
): ):
""" """
The cookie argument defaults to this class's default test cookie. The The method argument defaults to "GET". The cookie argument defaults to
post_token and meta_token arguments are included in the request's this class's default test cookie. The post_token and meta_token
req.POST and req.META headers, respectively, when that argument is arguments are included in the request's req.POST and req.META headers,
provided and non-None. The token_header argument is the header key to respectively, when that argument is provided and non-None. The
use for req.META, defaults to "HTTP_X_CSRFTOKEN". token_header argument is the header key to use for req.META, defaults
to "HTTP_X_CSRFTOKEN".
""" """
if cookie is None:
cookie = self._csrf_id_cookie
if token_header is None: if token_header is None:
token_header = 'HTTP_X_CSRFTOKEN' token_header = 'HTTP_X_CSRFTOKEN'
req = self._get_GET_csrf_cookie_request(cookie=cookie) req = self._get_request(method=method, cookie=cookie)
req.method = "POST"
if post_token is not None: if post_token is not None:
req.POST['csrfmiddlewaretoken'] = post_token req.POST['csrfmiddlewaretoken'] = post_token
if meta_token is not None: if meta_token is not None:
req.META[token_header] = meta_token req.META[token_header] = meta_token
return req return req
def _get_POST_csrf_cookie_request(
self, cookie=None, post_token=None, meta_token=None, token_header=None,
):
return self._get_csrf_cookie_request(
method='POST', cookie=cookie, post_token=post_token,
meta_token=meta_token, token_header=token_header,
)
def _get_POST_request_with_token(self, cookie=None): def _get_POST_request_with_token(self, cookie=None):
"""The cookie argument defaults to this class's default test cookie.""" """The cookie argument defaults to this class's default test cookie."""
return self._get_POST_csrf_cookie_request(cookie=cookie, post_token=self._csrf_id_token) return self._get_POST_csrf_cookie_request(cookie=cookie, post_token=self._csrf_id_token)
@ -312,15 +315,13 @@ class CsrfViewMiddlewareTestMixin:
""" """
HTTP PUT and DELETE can get through with X-CSRFToken and a cookie. HTTP PUT and DELETE can get through with X-CSRFToken and a cookie.
""" """
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token) req = self._get_csrf_cookie_request(method='PUT', meta_token=self._csrf_id_token)
req.method = 'PUT'
mw = CsrfViewMiddleware(post_form_view) mw = CsrfViewMiddleware(post_form_view)
mw.process_request(req) mw.process_request(req)
resp = mw.process_view(req, post_form_view, (), {}) resp = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(resp) self.assertIsNone(resp)
req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token) req = self._get_csrf_cookie_request(method='DELETE', meta_token=self._csrf_id_token)
req.method = 'DELETE'
mw.process_request(req) mw.process_request(req)
resp = mw.process_view(req, post_form_view, (), {}) resp = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(resp) self.assertIsNone(resp)
@ -355,7 +356,7 @@ class CsrfViewMiddlewareTestMixin:
""" """
CsrfTokenNode works when a CSRF cookie is set. CsrfTokenNode works when a CSRF cookie is set.
""" """
req = self._get_GET_csrf_cookie_request() req = self._get_csrf_cookie_request()
mw = CsrfViewMiddleware(token_view) mw = CsrfViewMiddleware(token_view)
mw.process_request(req) mw.process_request(req)
mw.process_view(req, token_view, (), {}) mw.process_view(req, token_view, (), {})
@ -366,7 +367,7 @@ class CsrfViewMiddlewareTestMixin:
""" """
get_token still works for a view decorated with 'csrf_exempt'. get_token still works for a view decorated with 'csrf_exempt'.
""" """
req = self._get_GET_csrf_cookie_request() req = self._get_csrf_cookie_request()
mw = CsrfViewMiddleware(token_view) mw = CsrfViewMiddleware(token_view)
mw.process_request(req) mw.process_request(req)
mw.process_view(req, csrf_exempt(token_view), (), {}) mw.process_view(req, csrf_exempt(token_view), (), {})
@ -377,7 +378,7 @@ class CsrfViewMiddlewareTestMixin:
""" """
get_token() works for a view decorated solely with requires_csrf_token. get_token() works for a view decorated solely with requires_csrf_token.
""" """
req = self._get_GET_csrf_cookie_request() req = self._get_csrf_cookie_request()
resp = requires_csrf_token(token_view)(req) resp = requires_csrf_token(token_view)(req)
self._check_token_present(resp) self._check_token_present(resp)