Initialized CsrfViewMiddleware once in csrf_tests.
This commit is contained in:
Florian Apolloner
Tim Graham
parent
46dcdf9a29
commit
77f82c4bf1
|
|
@ -39,6 +39,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
"""
|
||||
|
||||
_csrf_id = _csrf_id_cookie = '1bcdefghij2bcdefghij3bcdefghij4bcdefghij5bcdefghij6bcdefghijABCD'
|
||||
mw = CsrfViewMiddleware()
|
||||
|
||||
def _get_GET_no_csrf_cookie_request(self):
|
||||
return TestingHttpRequest()
|
||||
|
|
@ -83,9 +84,9 @@ class CsrfViewMiddlewareTestMixin:
|
|||
# does use the csrf request processor. By using this, we are testing
|
||||
# that the view processor is properly lazy and doesn't call get_token()
|
||||
# until needed.
|
||||
CsrfViewMiddleware().process_view(req, non_token_view_using_request_processor, (), {})
|
||||
self.mw.process_view(req, non_token_view_using_request_processor, (), {})
|
||||
resp = non_token_view_using_request_processor(req)
|
||||
resp2 = CsrfViewMiddleware().process_response(req, resp)
|
||||
resp2 = self.mw.process_response(req, resp)
|
||||
|
||||
csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)
|
||||
self.assertIs(csrf_cookie, False)
|
||||
|
|
@ -98,7 +99,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
"""
|
||||
with patch_logger('django.security.csrf', 'warning') as logger_calls:
|
||||
req = self._get_POST_no_csrf_cookie_request()
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertEqual(403, req2.status_code)
|
||||
self.assertEqual(logger_calls[0], 'Forbidden (%s): ' % REASON_NO_CSRF_COOKIE)
|
||||
|
||||
|
|
@ -109,7 +110,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
"""
|
||||
with patch_logger('django.security.csrf', 'warning') as logger_calls:
|
||||
req = self._get_POST_csrf_cookie_request()
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertEqual(403, req2.status_code)
|
||||
self.assertEqual(logger_calls[0], 'Forbidden (%s): ' % REASON_BAD_TOKEN)
|
||||
|
||||
|
|
@ -118,7 +119,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
If both a cookie and a token is present, the middleware lets it through.
|
||||
"""
|
||||
req = self._get_POST_request_with_token()
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(req2)
|
||||
|
||||
def test_process_request_csrf_cookie_no_token_exempt_view(self):
|
||||
|
|
@ -127,7 +128,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
has been applied to the view, the middleware lets it through
|
||||
"""
|
||||
req = self._get_POST_csrf_cookie_request()
|
||||
req2 = CsrfViewMiddleware().process_view(req, csrf_exempt(post_form_view), (), {})
|
||||
req2 = self.mw.process_view(req, csrf_exempt(post_form_view), (), {})
|
||||
self.assertIsNone(req2)
|
||||
|
||||
def test_csrf_token_in_header(self):
|
||||
|
|
@ -136,7 +137,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
"""
|
||||
req = self._get_POST_csrf_cookie_request()
|
||||
req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(req2)
|
||||
|
||||
@override_settings(CSRF_HEADER_NAME='HTTP_X_CSRFTOKEN_CUSTOMIZED')
|
||||
|
|
@ -146,7 +147,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
"""
|
||||
req = self._get_POST_csrf_cookie_request()
|
||||
req.META['HTTP_X_CSRFTOKEN_CUSTOMIZED'] = self._csrf_id
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(req2)
|
||||
|
||||
def test_put_and_delete_rejected(self):
|
||||
|
|
@ -156,14 +157,14 @@ class CsrfViewMiddlewareTestMixin:
|
|||
req = TestingHttpRequest()
|
||||
req.method = 'PUT'
|
||||
with patch_logger('django.security.csrf', 'warning') as logger_calls:
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertEqual(403, req2.status_code)
|
||||
self.assertEqual(logger_calls[0], 'Forbidden (%s): ' % REASON_NO_CSRF_COOKIE)
|
||||
|
||||
req = TestingHttpRequest()
|
||||
req.method = 'DELETE'
|
||||
with patch_logger('django.security.csrf', 'warning') as logger_calls:
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertEqual(403, req2.status_code)
|
||||
self.assertEqual(logger_calls[0], 'Forbidden (%s): ' % REASON_NO_CSRF_COOKIE)
|
||||
|
||||
|
|
@ -174,13 +175,13 @@ class CsrfViewMiddlewareTestMixin:
|
|||
req = self._get_GET_csrf_cookie_request()
|
||||
req.method = 'PUT'
|
||||
req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(req2)
|
||||
|
||||
req = self._get_GET_csrf_cookie_request()
|
||||
req.method = 'DELETE'
|
||||
req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(req2)
|
||||
|
||||
# Tests for the template tag method
|
||||
|
|
@ -201,7 +202,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
"""
|
||||
req = self._get_GET_no_csrf_cookie_request()
|
||||
req.COOKIES[settings.CSRF_COOKIE_NAME] = ""
|
||||
CsrfViewMiddleware().process_view(req, token_view, (), {})
|
||||
self.mw.process_view(req, token_view, (), {})
|
||||
resp = token_view(req)
|
||||
|
||||
token = get_token(req)
|
||||
|
|
@ -213,7 +214,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
CsrfTokenNode works when a CSRF cookie is set.
|
||||
"""
|
||||
req = self._get_GET_csrf_cookie_request()
|
||||
CsrfViewMiddleware().process_view(req, token_view, (), {})
|
||||
self.mw.process_view(req, token_view, (), {})
|
||||
resp = token_view(req)
|
||||
self._check_token_present(resp)
|
||||
|
||||
|
|
@ -222,7 +223,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
get_token still works for a view decorated with 'csrf_exempt'.
|
||||
"""
|
||||
req = self._get_GET_csrf_cookie_request()
|
||||
CsrfViewMiddleware().process_view(req, csrf_exempt(token_view), (), {})
|
||||
self.mw.process_view(req, csrf_exempt(token_view), (), {})
|
||||
resp = token_view(req)
|
||||
self._check_token_present(resp)
|
||||
|
||||
|
|
@ -240,9 +241,9 @@ class CsrfViewMiddlewareTestMixin:
|
|||
the middleware (when one was not already present)
|
||||
"""
|
||||
req = self._get_GET_no_csrf_cookie_request()
|
||||
CsrfViewMiddleware().process_view(req, token_view, (), {})
|
||||
self.mw.process_view(req, token_view, (), {})
|
||||
resp = token_view(req)
|
||||
resp2 = CsrfViewMiddleware().process_response(req, resp)
|
||||
resp2 = self.mw.process_response(req, resp)
|
||||
csrf_cookie = resp2.cookies[settings.CSRF_COOKIE_NAME]
|
||||
self._check_token_present(resp, csrf_id=csrf_cookie.value)
|
||||
|
||||
|
|
@ -253,9 +254,9 @@ class CsrfViewMiddlewareTestMixin:
|
|||
requests. If it appears in the response, it should keep its value.
|
||||
"""
|
||||
req = self._get_POST_request_with_token()
|
||||
CsrfViewMiddleware().process_view(req, token_view, (), {})
|
||||
self.mw.process_view(req, token_view, (), {})
|
||||
resp = token_view(req)
|
||||
resp = CsrfViewMiddleware().process_response(req, resp)
|
||||
resp = self.mw.process_response(req, resp)
|
||||
csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, None)
|
||||
if csrf_cookie:
|
||||
self.assertEqual(
|
||||
|
|
@ -273,7 +274,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
req.META['HTTP_HOST'] = 'www.example.com'
|
||||
req.META['HTTP_REFERER'] = 'https://www.evil.org/somepage'
|
||||
req.META['SERVER_PORT'] = '443'
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertContains(
|
||||
response,
|
||||
'Referer checking failed - https://www.evil.org/somepage does not '
|
||||
|
|
@ -290,7 +291,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
req = self._get_POST_request_with_token()
|
||||
req._is_secure_override = True
|
||||
req.META['HTTP_REFERER'] = 'http://http://www.example.com/'
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertContains(
|
||||
response,
|
||||
'Referer checking failed - Referer is insecure while host is secure.',
|
||||
|
|
@ -298,23 +299,23 @@ class CsrfViewMiddlewareTestMixin:
|
|||
)
|
||||
# Empty
|
||||
req.META['HTTP_REFERER'] = ''
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertContains(response, malformed_referer_msg, status_code=403)
|
||||
# Non-ASCII
|
||||
req.META['HTTP_REFERER'] = 'ØBöIß'
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertContains(response, malformed_referer_msg, status_code=403)
|
||||
# missing scheme
|
||||
# >>> urlparse('//example.com/')
|
||||
# ParseResult(scheme='', netloc='example.com', path='/', params='', query='', fragment='')
|
||||
req.META['HTTP_REFERER'] = '//example.com/'
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertContains(response, malformed_referer_msg, status_code=403)
|
||||
# missing netloc
|
||||
# >>> urlparse('https://')
|
||||
# ParseResult(scheme='https', netloc='', path='', params='', query='', fragment='')
|
||||
req.META['HTTP_REFERER'] = 'https://'
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertContains(response, malformed_referer_msg, status_code=403)
|
||||
|
||||
@override_settings(ALLOWED_HOSTS=['www.example.com'])
|
||||
|
|
@ -326,7 +327,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
req._is_secure_override = True
|
||||
req.META['HTTP_HOST'] = 'www.example.com'
|
||||
req.META['HTTP_REFERER'] = 'https://www.example.com/somepage'
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(req2)
|
||||
|
||||
@override_settings(ALLOWED_HOSTS=['www.example.com'])
|
||||
|
|
@ -340,7 +341,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
req._is_secure_override = True
|
||||
req.META['HTTP_HOST'] = 'www.example.com'
|
||||
req.META['HTTP_REFERER'] = 'https://www.example.com'
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(req2)
|
||||
|
||||
def _test_https_good_referer_behind_proxy(self):
|
||||
|
|
@ -353,7 +354,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
'HTTP_X_FORWARDED_HOST': 'www.example.com',
|
||||
'HTTP_X_FORWARDED_PORT': '443',
|
||||
})
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(req2)
|
||||
|
||||
@override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_TRUSTED_ORIGINS=['dashboard.example.com'])
|
||||
|
|
@ -366,7 +367,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
req._is_secure_override = True
|
||||
req.META['HTTP_HOST'] = 'www.example.com'
|
||||
req.META['HTTP_REFERER'] = 'https://dashboard.example.com'
|
||||
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
req2 = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(req2)
|
||||
|
||||
@override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_TRUSTED_ORIGINS=['.example.com'])
|
||||
|
|
@ -379,7 +380,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
req._is_secure_override = True
|
||||
req.META['HTTP_HOST'] = 'www.example.com'
|
||||
req.META['HTTP_REFERER'] = 'https://dashboard.example.com'
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(response)
|
||||
|
||||
def _test_https_good_referer_matches_cookie_domain(self):
|
||||
|
|
@ -387,7 +388,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
req._is_secure_override = True
|
||||
req.META['HTTP_REFERER'] = 'https://foo.example.com/'
|
||||
req.META['SERVER_PORT'] = '443'
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(response)
|
||||
|
||||
def _test_https_good_referer_matches_cookie_domain_with_different_port(self):
|
||||
|
|
@ -396,7 +397,7 @@ class CsrfViewMiddlewareTestMixin:
|
|||
req.META['HTTP_HOST'] = 'www.example.com'
|
||||
req.META['HTTP_REFERER'] = 'https://foo.example.com:4443/'
|
||||
req.META['SERVER_PORT'] = '4443'
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(response)
|
||||
|
||||
def test_ensures_csrf_cookie_no_logging(self):
|
||||
|
|
@ -460,12 +461,12 @@ class CsrfViewMiddlewareTestMixin:
|
|||
token = ('ABC' + self._csrf_id)[:CSRF_TOKEN_LENGTH]
|
||||
|
||||
req = CsrfPostRequest(token, raise_error=False)
|
||||
resp = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
resp = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertIsNone(resp)
|
||||
|
||||
req = CsrfPostRequest(token, raise_error=True)
|
||||
with patch_logger('django.security.csrf', 'warning') as logger_calls:
|
||||
resp = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
resp = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertEqual(resp.status_code, 403)
|
||||
self.assertEqual(logger_calls[0], 'Forbidden (%s): ' % REASON_BAD_TOKEN)
|
||||
|
||||
|
|
@ -502,9 +503,9 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
|||
enabled.
|
||||
"""
|
||||
req = self._get_GET_no_csrf_cookie_request()
|
||||
CsrfViewMiddleware().process_view(req, ensure_csrf_cookie_view, (), {})
|
||||
self.mw.process_view(req, ensure_csrf_cookie_view, (), {})
|
||||
resp = ensure_csrf_cookie_view(req)
|
||||
resp2 = CsrfViewMiddleware().process_response(req, resp)
|
||||
resp2 = self.mw.process_response(req, resp)
|
||||
self.assertTrue(resp2.cookies.get(settings.CSRF_COOKIE_NAME, False))
|
||||
self.assertIn('Cookie', resp2.get('Vary', ''))
|
||||
|
||||
|
|
@ -522,10 +523,10 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
|||
CSRF_COOKIE_SECURE=True,
|
||||
CSRF_COOKIE_HTTPONLY=True):
|
||||
# token_view calls get_token() indirectly
|
||||
CsrfViewMiddleware().process_view(req, token_view, (), {})
|
||||
self.mw.process_view(req, token_view, (), {})
|
||||
resp = token_view(req)
|
||||
|
||||
resp2 = CsrfViewMiddleware().process_response(req, resp)
|
||||
resp2 = self.mw.process_response(req, resp)
|
||||
max_age = resp2.cookies.get('csrfcookie').get('max-age')
|
||||
self.assertEqual(max_age, MAX_AGE)
|
||||
|
||||
|
|
@ -544,10 +545,10 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
|||
CSRF_COOKIE_SECURE=True,
|
||||
CSRF_COOKIE_HTTPONLY=True):
|
||||
# token_view calls get_token() indirectly
|
||||
CsrfViewMiddleware().process_view(req, token_view, (), {})
|
||||
self.mw.process_view(req, token_view, (), {})
|
||||
resp = token_view(req)
|
||||
|
||||
resp2 = CsrfViewMiddleware().process_response(req, resp)
|
||||
resp2 = self.mw.process_response(req, resp)
|
||||
max_age = resp2.cookies.get('csrfcookie').get('max-age')
|
||||
self.assertEqual(max_age, '')
|
||||
|
||||
|
|
@ -558,9 +559,9 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
|||
"""
|
||||
req = self._get_GET_no_csrf_cookie_request()
|
||||
req.COOKIES[settings.CSRF_COOKIE_NAME] = 'x' * 100000
|
||||
CsrfViewMiddleware().process_view(req, token_view, (), {})
|
||||
self.mw.process_view(req, token_view, (), {})
|
||||
resp = token_view(req)
|
||||
resp2 = CsrfViewMiddleware().process_response(req, resp)
|
||||
resp2 = self.mw.process_response(req, resp)
|
||||
csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)
|
||||
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
|
||||
|
||||
|
|
@ -572,9 +573,9 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
|||
token = ('!@#' + self._csrf_id)[:CSRF_TOKEN_LENGTH]
|
||||
req = self._get_GET_no_csrf_cookie_request()
|
||||
req.COOKIES[settings.CSRF_COOKIE_NAME] = token
|
||||
CsrfViewMiddleware().process_view(req, token_view, (), {})
|
||||
self.mw.process_view(req, token_view, (), {})
|
||||
resp = token_view(req)
|
||||
resp2 = CsrfViewMiddleware().process_response(req, resp)
|
||||
resp2 = self.mw.process_response(req, resp)
|
||||
csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)
|
||||
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
|
||||
self.assertNotEqual(csrf_cookie.value, token)
|
||||
|
|
@ -584,10 +585,10 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
|||
The csrf token is reset from a bare secret.
|
||||
"""
|
||||
req = self._get_POST_bare_secret_csrf_cookie_request_with_token()
|
||||
req2 = CsrfViewMiddleware().process_view(req, token_view, (), {})
|
||||
req2 = self.mw.process_view(req, token_view, (), {})
|
||||
self.assertIsNone(req2)
|
||||
resp = token_view(req)
|
||||
resp = CsrfViewMiddleware().process_response(req, resp)
|
||||
resp = self.mw.process_response(req, resp)
|
||||
self.assertIn(settings.CSRF_COOKIE_NAME, resp.cookies, "Cookie was not reset from bare secret")
|
||||
csrf_cookie = resp.cookies[settings.CSRF_COOKIE_NAME]
|
||||
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
|
||||
|
|
@ -625,7 +626,7 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
|||
req._is_secure_override = True
|
||||
req.META['HTTP_REFERER'] = 'http://example.com/'
|
||||
req.META['SERVER_PORT'] = '443'
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertContains(
|
||||
response,
|
||||
'Referer checking failed - Referer is insecure while host is secure.',
|
||||
|
|
@ -655,7 +656,7 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
|
|||
'SessionMiddleware must appear before CsrfViewMiddleware in MIDDLEWARE.'
|
||||
)
|
||||
with self.assertRaisesMessage(ImproperlyConfigured, msg):
|
||||
CsrfViewMiddleware().process_view(HttpRequest(), None, (), {})
|
||||
self.mw.process_view(HttpRequest(), None, (), {})
|
||||
|
||||
def test_process_response_get_token_used(self):
|
||||
"""The ensure_csrf_cookie() decorator works without middleware."""
|
||||
|
|
@ -669,9 +670,9 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
|
|||
enabled.
|
||||
"""
|
||||
req = self._get_GET_no_csrf_cookie_request()
|
||||
CsrfViewMiddleware().process_view(req, ensure_csrf_cookie_view, (), {})
|
||||
self.mw.process_view(req, ensure_csrf_cookie_view, (), {})
|
||||
resp = ensure_csrf_cookie_view(req)
|
||||
CsrfViewMiddleware().process_response(req, resp)
|
||||
self.mw.process_response(req, resp)
|
||||
self.assertTrue(req.session.get(CSRF_SESSION_KEY, False))
|
||||
|
||||
def test_token_node_with_new_csrf_cookie(self):
|
||||
|
|
@ -680,9 +681,9 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
|
|||
(when one was not already present).
|
||||
"""
|
||||
req = self._get_GET_no_csrf_cookie_request()
|
||||
CsrfViewMiddleware().process_view(req, token_view, (), {})
|
||||
self.mw.process_view(req, token_view, (), {})
|
||||
resp = token_view(req)
|
||||
CsrfViewMiddleware().process_response(req, resp)
|
||||
self.mw.process_response(req, resp)
|
||||
csrf_cookie = req.session[CSRF_SESSION_KEY]
|
||||
self._check_token_present(resp, csrf_id=csrf_cookie)
|
||||
|
||||
|
|
@ -723,7 +724,7 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
|
|||
req._is_secure_override = True
|
||||
req.META['HTTP_REFERER'] = 'http://example.com/'
|
||||
req.META['SERVER_PORT'] = '443'
|
||||
response = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
|
||||
response = self.mw.process_view(req, post_form_view, (), {})
|
||||
self.assertContains(
|
||||
response,
|
||||
'Referer checking failed - Referer is insecure while host is secure.',
|
||||
|
|
|
|||
Loading…
Reference in New Issue