Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match().
This commit is contained in:
parent
4b6208ffdd
commit
7132341255
|
@ -138,7 +138,7 @@ def _sanitize_token(token):
|
|||
return token
|
||||
|
||||
|
||||
def _compare_masked_tokens(request_csrf_token, csrf_token):
|
||||
def _does_token_match(request_csrf_token, csrf_token):
|
||||
# Assume both arguments are sanitized -- that is, strings of
|
||||
# length CSRF_TOKEN_LENGTH, all CSRF_ALLOWED_CHARS.
|
||||
return constant_time_compare(
|
||||
|
@ -369,7 +369,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
|
|||
reason = self._bad_token_message(exc.reason, token_source)
|
||||
raise RejectRequest(reason)
|
||||
|
||||
if not _compare_masked_tokens(request_csrf_token, csrf_token):
|
||||
if not _does_token_match(request_csrf_token, csrf_token):
|
||||
reason = self._bad_token_message('incorrect', token_source)
|
||||
raise RejectRequest(reason)
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
from django.http import HttpRequest
|
||||
from django.middleware.csrf import _compare_masked_tokens as equivalent_tokens
|
||||
from django.middleware.csrf import _does_token_match as equivalent_tokens
|
||||
from django.template.context_processors import csrf
|
||||
from django.test import SimpleTestCase
|
||||
|
||||
|
|
|
@ -7,8 +7,8 @@ from django.http import HttpRequest, HttpResponse, UnreadablePostError
|
|||
from django.middleware.csrf import (
|
||||
CSRF_ALLOWED_CHARS, CSRF_SESSION_KEY, CSRF_TOKEN_LENGTH, REASON_BAD_ORIGIN,
|
||||
REASON_CSRF_TOKEN_MISSING, REASON_NO_CSRF_COOKIE, CsrfViewMiddleware,
|
||||
RejectRequest, _compare_masked_tokens as equivalent_tokens,
|
||||
_mask_cipher_secret, _unmask_cipher_token, get_token,
|
||||
RejectRequest, _does_token_match, _mask_cipher_secret, _unmask_cipher_token,
|
||||
get_token,
|
||||
)
|
||||
from django.test import SimpleTestCase, override_settings
|
||||
from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
|
||||
|
@ -209,7 +209,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
match = re.search('name="csrfmiddlewaretoken" value="(.*?)"', text)
|
||||
csrf_token = csrf_id or self._csrf_id_token
|
||||
self.assertTrue(
|
||||
match and equivalent_tokens(csrf_token, match[1]),
|
||||
match and _does_token_match(csrf_token, match[1]),
|
||||
"Could not find csrfmiddlewaretoken to match %s" % csrf_token
|
||||
)
|
||||
|
||||
|
@ -1296,4 +1296,4 @@ class CsrfInErrorHandlingViewsTests(SimpleTestCase):
|
|||
response = self.client.get('/does not exist/')
|
||||
self.assertEqual(response.status_code, 599)
|
||||
token2 = response.content
|
||||
self.assertTrue(equivalent_tokens(token1.decode('ascii'), token2.decode('ascii')))
|
||||
self.assertTrue(_does_token_match(token1.decode('ascii'), token2.decode('ascii')))
|
||||
|
|
|
@ -3,7 +3,7 @@ import re
|
|||
from django.forms import CharField, Form, Media
|
||||
from django.http import HttpRequest, HttpResponse
|
||||
from django.middleware.csrf import (
|
||||
CsrfViewMiddleware, _compare_masked_tokens as equivalent_tokens, get_token,
|
||||
CsrfViewMiddleware, _does_token_match as equivalent_tokens, get_token,
|
||||
)
|
||||
from django.template import TemplateDoesNotExist, TemplateSyntaxError
|
||||
from django.template.backends.dummy import TemplateStrings
|
||||
|
|
Loading…
Reference in New Issue