Fixed #13152 -- Ensure the test client saves the session before writing the session key to the cookie, in case the session engine changes the session key.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12806 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2010-03-19 05:42:13 +00:00 · 2010-03-19 05:42:13 +00:00 · f081059b45
parent 003fe52225
commit f081059b45
3 changed files with 54 additions and 3 deletions
--- a/django/test/client.py
+++ b/django/test/client.py
@ -428,6 +428,9 @@ class Client(object):
                request.session = engine.SessionStore()
            login(request, user)

+            # Save the session values.
+            request.session.save()
+
            # Set the cookie to represent the session.
            session_cookie = settings.SESSION_COOKIE_NAME
            self.cookies[session_cookie] = request.session.session_key
@ -440,9 +443,6 @@ class Client(object):
            }
            self.cookies[session_cookie].update(cookie_data)

-            # Save the session values.
-            request.session.save()
-
            return True
        else:
            return False
--- a/tests/regressiontests/test_client_regress/models.py
+++ b/tests/regressiontests/test_client_regress/models.py
@ -493,6 +493,27 @@ class LoginTests(TestCase):
        # default client.
        self.assertRedirects(response, "http://testserver/test_client_regress/get_view/")

+
+class SessionEngineTests(TestCase):
+    fixtures = ['testdata']
+
+    def setUp(self):
+        self.old_SESSION_ENGINE = settings.SESSION_ENGINE
+        settings.SESSION_ENGINE = 'regressiontests.test_client_regress.session'
+
+    def tearDown(self):
+        settings.SESSION_ENGINE = self.old_SESSION_ENGINE
+
+    def test_login(self):
+        "A session engine that modifies the session key can be used to log in"
+        login = self.client.login(username='testclient', password='password')
+        self.failUnless(login, 'Could not log in')
+
+        # Try to access a login protected page.
+        response = self.client.get("/test_client/login_protected_view/")
+        self.assertEqual(response.status_code, 200)
+        self.assertEqual(response.context['user'].username, 'testclient')
+
 class URLEscapingTests(TestCase):
    def test_simple_argument_get(self):
        "Get a view that has a simple string argument"
--- a/tests/regressiontests/test_client_regress/session.py
+++ b/tests/regressiontests/test_client_regress/session.py
@ -0,0 +1,30 @@
+from django.contrib.sessions.backends.base import SessionBase
+
+class SessionStore(SessionBase):
+    """
+    A simple cookie-based session storage implemenation.
+
+    The session key is actually the session data, pickled and encoded.
+    This means that saving the session will change the session key.
+    """
+    def __init__(self, session_key=None):
+        super(SessionStore, self).__init__(session_key)
+
+    def exists(self, session_key):
+        return False
+
+    def create(self):
+        self.session_key = self.encode({})
+
+    def save(self, must_create=False):
+        self.session_key = self.encode(self._session)
+
+    def delete(self, session_key=None):
+        self.session_key = self.encode({})
+
+    def load(self):
+        try:
+            return self.decode(self.session_key)
+        except:
+            self.modified = True
+            return {}