diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index a79015ae07..4f9fb2637e 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -138,7 +138,7 @@ def _sanitize_token(token): return token -def _compare_masked_tokens(request_csrf_token, csrf_token): +def _does_token_match(request_csrf_token, csrf_token): # Assume both arguments are sanitized -- that is, strings of # length CSRF_TOKEN_LENGTH, all CSRF_ALLOWED_CHARS. return constant_time_compare( @@ -369,7 +369,7 @@ class CsrfViewMiddleware(MiddlewareMixin): reason = self._bad_token_message(exc.reason, token_source) raise RejectRequest(reason) - if not _compare_masked_tokens(request_csrf_token, csrf_token): + if not _does_token_match(request_csrf_token, csrf_token): reason = self._bad_token_message('incorrect', token_source) raise RejectRequest(reason) diff --git a/tests/csrf_tests/test_context_processor.py b/tests/csrf_tests/test_context_processor.py index 62bde2d085..ea1760f4b8 100644 --- a/tests/csrf_tests/test_context_processor.py +++ b/tests/csrf_tests/test_context_processor.py @@ -1,5 +1,5 @@ from django.http import HttpRequest -from django.middleware.csrf import _compare_masked_tokens as equivalent_tokens +from django.middleware.csrf import _does_token_match as equivalent_tokens from django.template.context_processors import csrf from django.test import SimpleTestCase diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index 6ec0c6326a..830ad3e841 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -7,8 +7,8 @@ from django.http import HttpRequest, HttpResponse, UnreadablePostError from django.middleware.csrf import ( CSRF_ALLOWED_CHARS, CSRF_SESSION_KEY, CSRF_TOKEN_LENGTH, REASON_BAD_ORIGIN, REASON_CSRF_TOKEN_MISSING, REASON_NO_CSRF_COOKIE, CsrfViewMiddleware, - RejectRequest, _compare_masked_tokens as equivalent_tokens, - _mask_cipher_secret, _unmask_cipher_token, get_token, + RejectRequest, _does_token_match, _mask_cipher_secret, _unmask_cipher_token, + get_token, ) from django.test import SimpleTestCase, override_settings from django.views.decorators.csrf import csrf_exempt, requires_csrf_token @@ -209,7 +209,7 @@ class CsrfViewMiddlewareTestMixin: match = re.search('name="csrfmiddlewaretoken" value="(.*?)"', text) csrf_token = csrf_id or self._csrf_id_token self.assertTrue( - match and equivalent_tokens(csrf_token, match[1]), + match and _does_token_match(csrf_token, match[1]), "Could not find csrfmiddlewaretoken to match %s" % csrf_token ) @@ -1296,4 +1296,4 @@ class CsrfInErrorHandlingViewsTests(SimpleTestCase): response = self.client.get('/does not exist/') self.assertEqual(response.status_code, 599) token2 = response.content - self.assertTrue(equivalent_tokens(token1.decode('ascii'), token2.decode('ascii'))) + self.assertTrue(_does_token_match(token1.decode('ascii'), token2.decode('ascii'))) diff --git a/tests/template_backends/test_dummy.py b/tests/template_backends/test_dummy.py index 4a181d8cff..e945c23a78 100644 --- a/tests/template_backends/test_dummy.py +++ b/tests/template_backends/test_dummy.py @@ -3,7 +3,7 @@ import re from django.forms import CharField, Form, Media from django.http import HttpRequest, HttpResponse from django.middleware.csrf import ( - CsrfViewMiddleware, _compare_masked_tokens as equivalent_tokens, get_token, + CsrfViewMiddleware, _does_token_match as equivalent_tokens, get_token, ) from django.template import TemplateDoesNotExist, TemplateSyntaxError from django.template.backends.dummy import TemplateStrings