mirror of https://github.com/django/django.git
Refs #32800 -- Added test_masked_secret_accepted_and_not_replaced().
This improves test_bare_secret_accepted_and_replaced() by adding a stronger assertion. It also adds a parallel test for the non-bare (masked) case.
This commit is contained in:
parent
7aba820aca
commit
be1fd6645d
|
@ -1177,9 +1177,23 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
||||||
self.assertTrue(csrf_cookie, msg='No CSRF cookie was sent.')
|
self.assertTrue(csrf_cookie, msg='No CSRF cookie was sent.')
|
||||||
self.assertEqual(len(csrf_cookie), CSRF_TOKEN_LENGTH)
|
self.assertEqual(len(csrf_cookie), CSRF_TOKEN_LENGTH)
|
||||||
|
|
||||||
|
def test_masked_secret_accepted_and_not_replaced(self):
|
||||||
|
"""
|
||||||
|
The csrf cookie is left unchanged if originally masked.
|
||||||
|
"""
|
||||||
|
req = self._get_POST_request_with_token(cookie=MASKED_TEST_SECRET1)
|
||||||
|
mw = CsrfViewMiddleware(token_view)
|
||||||
|
mw.process_request(req)
|
||||||
|
resp = mw.process_view(req, token_view, (), {})
|
||||||
|
self.assertIsNone(resp)
|
||||||
|
resp = mw(req)
|
||||||
|
csrf_cookie = self._read_csrf_cookie(req, resp)
|
||||||
|
self.assertEqual(csrf_cookie, MASKED_TEST_SECRET1)
|
||||||
|
self._check_token_present(resp, csrf_cookie)
|
||||||
|
|
||||||
def test_bare_secret_accepted_and_replaced(self):
|
def test_bare_secret_accepted_and_replaced(self):
|
||||||
"""
|
"""
|
||||||
The csrf token is reset from a bare secret.
|
The csrf cookie is reset (masked) if originally not masked.
|
||||||
"""
|
"""
|
||||||
req = self._get_POST_request_with_token(cookie=TEST_SECRET)
|
req = self._get_POST_request_with_token(cookie=TEST_SECRET)
|
||||||
mw = CsrfViewMiddleware(token_view)
|
mw = CsrfViewMiddleware(token_view)
|
||||||
|
@ -1188,7 +1202,8 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
|
||||||
self.assertIsNone(resp)
|
self.assertIsNone(resp)
|
||||||
resp = mw(req)
|
resp = mw(req)
|
||||||
csrf_cookie = self._read_csrf_cookie(req, resp)
|
csrf_cookie = self._read_csrf_cookie(req, resp)
|
||||||
self.assertEqual(len(csrf_cookie), CSRF_TOKEN_LENGTH)
|
# This also checks that csrf_cookie now has length CSRF_TOKEN_LENGTH.
|
||||||
|
self.assertMaskedSecretCorrect(csrf_cookie, TEST_SECRET)
|
||||||
self._check_token_present(resp, csrf_cookie)
|
self._check_token_present(resp, csrf_cookie)
|
||||||
|
|
||||||
@override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_COOKIE_DOMAIN='.example.com', USE_X_FORWARDED_PORT=True)
|
@override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_COOKIE_DOMAIN='.example.com', USE_X_FORWARDED_PORT=True)
|
||||||
|
|
Loading…
Reference in New Issue