[1.5.x] Fixed #19172 -- Isolated poisoned_http_host tests from 500 handlers
Thanks bernardofontes for the report.
Backport of b774c5993
from master.
This commit is contained in:
parent
d7d7ad2881
commit
8c556a32f2
|
@ -115,6 +115,8 @@ class PasswordResetTest(AuthViewsTestCase):
|
||||||
self.assertTrue("http://adminsite.com" in mail.outbox[0].body)
|
self.assertTrue("http://adminsite.com" in mail.outbox[0].body)
|
||||||
self.assertEqual(settings.DEFAULT_FROM_EMAIL, mail.outbox[0].from_email)
|
self.assertEqual(settings.DEFAULT_FROM_EMAIL, mail.outbox[0].from_email)
|
||||||
|
|
||||||
|
# Skip any 500 handler action (like sending more mail...)
|
||||||
|
@override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
|
||||||
def test_poisoned_http_host(self):
|
def test_poisoned_http_host(self):
|
||||||
"Poisoned HTTP_HOST headers can't be used for reset emails"
|
"Poisoned HTTP_HOST headers can't be used for reset emails"
|
||||||
# This attack is based on the way browsers handle URLs. The colon
|
# This attack is based on the way browsers handle URLs. The colon
|
||||||
|
@ -131,6 +133,8 @@ class PasswordResetTest(AuthViewsTestCase):
|
||||||
)
|
)
|
||||||
self.assertEqual(len(mail.outbox), 0)
|
self.assertEqual(len(mail.outbox), 0)
|
||||||
|
|
||||||
|
# Skip any 500 handler action (like sending more mail...)
|
||||||
|
@override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
|
||||||
def test_poisoned_http_host_admin_site(self):
|
def test_poisoned_http_host_admin_site(self):
|
||||||
"Poisoned HTTP_HOST headers can't be used for reset emails on admin views"
|
"Poisoned HTTP_HOST headers can't be used for reset emails on admin views"
|
||||||
with self.assertRaises(SuspiciousOperation):
|
with self.assertRaises(SuspiciousOperation):
|
||||||
|
|
Loading…
Reference in New Issue