Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match().

2021-06-30 12:17:58 -04:00 · 2021-06-30 12:17:58 -04:00 · 7132341255
parent 4b6208ffdd
commit 7132341255
4 changed files with 8 additions and 8 deletions
--- a/django/middleware/csrf.py
+++ b/django/middleware/csrf.py
@ -138,7 +138,7 @@ def _sanitize_token(token):
    return token


-def _compare_masked_tokens(request_csrf_token, csrf_token):
+def _does_token_match(request_csrf_token, csrf_token):
    # Assume both arguments are sanitized -- that is, strings of
    # length CSRF_TOKEN_LENGTH, all CSRF_ALLOWED_CHARS.
    return constant_time_compare(
@ -369,7 +369,7 @@ class CsrfViewMiddleware(MiddlewareMixin):
            reason = self._bad_token_message(exc.reason, token_source)
            raise RejectRequest(reason)

-        if not _compare_masked_tokens(request_csrf_token, csrf_token):
+        if not _does_token_match(request_csrf_token, csrf_token):
            reason = self._bad_token_message('incorrect', token_source)
            raise RejectRequest(reason)

--- a/tests/csrf_tests/test_context_processor.py
+++ b/tests/csrf_tests/test_context_processor.py
@ -1,5 +1,5 @@
 from django.http import HttpRequest
-from django.middleware.csrf import _compare_masked_tokens as equivalent_tokens
+from django.middleware.csrf import _does_token_match as equivalent_tokens
 from django.template.context_processors import csrf
 from django.test import SimpleTestCase

--- a/tests/csrf_tests/tests.py
+++ b/tests/csrf_tests/tests.py
@ -7,8 +7,8 @@ from django.http import HttpRequest, HttpResponse, UnreadablePostError
 from django.middleware.csrf import (
    CSRF_ALLOWED_CHARS, CSRF_SESSION_KEY, CSRF_TOKEN_LENGTH, REASON_BAD_ORIGIN,
    REASON_CSRF_TOKEN_MISSING, REASON_NO_CSRF_COOKIE, CsrfViewMiddleware,
-    RejectRequest, _compare_masked_tokens as equivalent_tokens,
-    _mask_cipher_secret, _unmask_cipher_token, get_token,
+    RejectRequest, _does_token_match, _mask_cipher_secret, _unmask_cipher_token,
+    get_token,
 )
 from django.test import SimpleTestCase, override_settings
 from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
@ -209,7 +209,7 @@ class CsrfViewMiddlewareTestMixin:
        match = re.search('name="csrfmiddlewaretoken" value="(.*?)"', text)
        csrf_token = csrf_id or self._csrf_id_token
        self.assertTrue(
-            match and equivalent_tokens(csrf_token, match[1]),
+            match and _does_token_match(csrf_token, match[1]),
            "Could not find csrfmiddlewaretoken to match %s" % csrf_token
        )

@ -1296,4 +1296,4 @@ class CsrfInErrorHandlingViewsTests(SimpleTestCase):
        response = self.client.get('/does not exist/')
        self.assertEqual(response.status_code, 599)
        token2 = response.content
-        self.assertTrue(equivalent_tokens(token1.decode('ascii'), token2.decode('ascii')))
+        self.assertTrue(_does_token_match(token1.decode('ascii'), token2.decode('ascii')))
--- a/tests/template_backends/test_dummy.py
+++ b/tests/template_backends/test_dummy.py
@ -3,7 +3,7 @@ import re
 from django.forms import CharField, Form, Media
 from django.http import HttpRequest, HttpResponse
 from django.middleware.csrf import (
-    CsrfViewMiddleware, _compare_masked_tokens as equivalent_tokens, get_token,
+    CsrfViewMiddleware, _does_token_match as equivalent_tokens, get_token,
 )
 from django.template import TemplateDoesNotExist, TemplateSyntaxError
 from django.template.backends.dummy import TemplateStrings