django/tests/csrf_tests/test_context_processor.py

from django.http import HttpRequest
from django.middleware.csrf import _compare_salted_tokens as equivalent_tokens
from django.template.context_processors import csrf
from django.test import SimpleTestCase


class TestContextProcessor(SimpleTestCase):

    def test_force_token_to_string(self):
        request = HttpRequest()
        test_token = '1bcdefghij2bcdefghij3bcdefghij4bcdefghij5bcdefghij6bcdefghijABCD'
        request.META['CSRF_COOKIE'] = test_token
        token = csrf(request).get('csrf_token')
        self.assertTrue(equivalent_tokens(str(token), test_token))
Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 04:46:13 +08:00			`from django.http import HttpRequest`
Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews. 2015-11-08 00:35:45 +08:00			`from django.middleware.csrf import _compare_salted_tokens as equivalent_tokens`
Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 04:46:13 +08:00			`from django.template.context_processors import csrf`
			`from django.test import SimpleTestCase`


			`class TestContextProcessor(SimpleTestCase):`

Removed unneeded force_text calls in the test suite 2017-01-24 19:22:42 +08:00			`def test_force_token_to_string(self):`
Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 04:46:13 +08:00			`request = HttpRequest()`
Fixed #20869 -- made CSRF tokens change every request by salt-encrypting them Note that the cookie is not changed every request, just the token retrieved by the `get_token()` method (used also by the `{% csrf_token %}` tag). While at it, made token validation strict: Where, before, any length was accepted and non-ASCII chars were ignored, we now treat anything other than `[A-Za-z0-9]{64}` as invalid (except for 32-char tokens, which, for backwards-compatibility, are accepted and replaced by 64-char ones). Thanks Trac user patrys for reporting, github user adambrenecki for initial patch, Tim Graham for help, and Curtis Maloney, Collin Anderson, Florian Apolloner, Markus Holtermann & Jon Dufresne for reviews. 2015-11-08 00:35:45 +08:00			`test_token = '1bcdefghij2bcdefghij3bcdefghij4bcdefghij5bcdefghij6bcdefghijABCD'`
			`request.META['CSRF_COOKIE'] = test_token`
Fixed #24836 -- Made force_text() resolve lazy objects. 2015-05-27 04:46:13 +08:00			`token = csrf(request).get('csrf_token')`
Removed unneeded force_text calls in the test suite 2017-01-24 19:22:42 +08:00			`self.assertTrue(equivalent_tokens(str(token), test_token))`