From defa8d3d87d5fcfd7675939b404ddc2bcdd13dcc Mon Sep 17 00:00:00 2001 From: Chris Jerdonek Date: Wed, 2 Jun 2021 03:34:47 -0700 Subject: [PATCH] Refs #32800 -- Made CsrfViewMiddlewareTestMixin._csrf_id_cookie and _csrf_id_token different. This also renames CsrfViewMiddlewareTestMixin._csrf_id to _csrf_id_token. --- tests/csrf_tests/tests.py | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index ab2d0dbff8..af801f8283 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -88,7 +88,7 @@ class CsrfViewMiddlewareTestMixin: """ _csrf_id_cookie = MASKED_TEST_SECRET1 - _csrf_id = MASKED_TEST_SECRET1 + _csrf_id_token = MASKED_TEST_SECRET2 def _get_GET_no_csrf_cookie_request(self): req = TestingHttpRequest() @@ -125,12 +125,12 @@ class CsrfViewMiddlewareTestMixin: def _get_POST_request_with_token(self, cookie=None): """The cookie argument defaults to this class's default test cookie.""" - return self._get_POST_csrf_cookie_request(cookie=cookie, post_token=self._csrf_id) + return self._get_POST_csrf_cookie_request(cookie=cookie, post_token=self._csrf_id_token) def _check_token_present(self, response, csrf_id=None): text = str(response.content, response.charset) match = re.search('name="csrfmiddlewaretoken" value="(.*?)"', text) - csrf_token = csrf_id or self._csrf_id + csrf_token = csrf_id or self._csrf_id_token self.assertTrue( match and equivalent_tokens(csrf_token, match[1]), "Could not find csrfmiddlewaretoken to match %s" % csrf_token @@ -267,7 +267,7 @@ class CsrfViewMiddlewareTestMixin: """ The token may be passed in a header instead of in the form. """ - req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id) + req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token) mw = CsrfViewMiddleware(post_form_view) mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) @@ -279,7 +279,7 @@ class CsrfViewMiddlewareTestMixin: settings.CSRF_HEADER_NAME can be used to customize the CSRF header name """ req = self._get_POST_csrf_cookie_request( - meta_token=self._csrf_id, + meta_token=self._csrf_id_token, token_header='HTTP_X_CSRFTOKEN_CUSTOMIZED', ) mw = CsrfViewMiddleware(post_form_view) @@ -310,14 +310,14 @@ class CsrfViewMiddlewareTestMixin: """ HTTP PUT and DELETE can get through with X-CSRFToken and a cookie. """ - req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id) + req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token) req.method = 'PUT' mw = CsrfViewMiddleware(post_form_view) mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) self.assertIsNone(resp) - req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id) + req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token) req.method = 'DELETE' mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) @@ -681,7 +681,7 @@ class CsrfViewMiddlewareTestMixin: POST = property(_get_post, _set_post) - token = ('ABC' + self._csrf_id)[:CSRF_TOKEN_LENGTH] + token = ('ABC' + self._csrf_id_token)[:CSRF_TOKEN_LENGTH] req = CsrfPostRequest(token, raise_error=False) mw = CsrfViewMiddleware(post_form_view) @@ -965,7 +965,7 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase): If the token contains non-alphanumeric characters, it is ignored and a new token is created. """ - token = ('!@#' + self._csrf_id)[:CSRF_TOKEN_LENGTH] + token = ('!@#' + self._csrf_id_token)[:CSRF_TOKEN_LENGTH] req = self._get_GET_no_csrf_cookie_request() req.COOKIES[settings.CSRF_COOKIE_NAME] = token mw = CsrfViewMiddleware(token_view)