0e540fca13
Corrected logger in CsrfViewMiddlewareTestMixin.test_ensures_csrf_cookie_no_logging().
...
Logger was changed in 55fec16aaf
2023-09-13 13:49:01 +02:00
097e3a70c1
Refs #33476 -- Applied Black's 2023 stable style.
...
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.
https://github.com/psf/black/releases/tag/23.1.0
2023-02-01 11:04:38 +01:00
e01970e9d2
Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per deprecation timeline.
2023-01-17 11:49:15 +01:00
93803a1b5f
Fixed #33567 -- Avoided setting default text/html content type on responses.
2022-03-09 14:50:52 +01:00
7119f40c98
Refs #33476 -- Refactored code to strictly match 88 characters line length.
2022-02-07 20:37:05 +01:00
9c19aff7c7
Refs #33476 -- Reformatted code with Black.
2022-02-07 20:37:05 +01:00
3ff7f6cf07
Refs #32800 -- Renamed _sanitize_token() to _check_token_format().
2021-11-29 10:48:31 +01:00
5d80843ebc
Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.
...
This also adds CSRF_COOKIE_MASKED transitional setting helpful in
migrating multiple instance of the same project to Django 4.1+.
Thanks Florian Apolloner and Shai Berger for reviews.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-11-29 10:47:39 +01:00
3f0025c18a
Refs #32800 -- Avoided use of _does_token_match() in some CSRF tests.
2021-11-16 11:21:30 +01:00
0820175d81
Refs #32800 -- Added CSRF tests for masked and unmasked secrets during GET.
2021-11-16 11:02:32 +01:00
be1fd6645d
Refs #32800 -- Added test_masked_secret_accepted_and_not_replaced().
...
This improves test_bare_secret_accepted_and_replaced() by adding a stronger
assertion. It also adds a parallel test for the non-bare (masked) case.
2021-08-17 12:23:54 +02:00
7aba820aca
Refs #32800 -- Improved CsrfViewMiddlewareTestMixin._check_token_present().
...
This changes CsrfViewMiddlewareTestMixin._check_token_present() to give more
detailed information if the check fails, and in particular why it failed. It
also moves CsrfFunctionTests.assertMaskedSecretCorrect() to a separate
CsrfFunctionTestMixin so the helper can be used in CsrfViewMiddlewareTestMixin.
2021-08-17 12:23:54 +02:00
26d8e3f302
Refs #32800 -- Used the cookie argument to CsrfViewMiddlewareTestMixin._get_request() in more tests.
2021-08-17 12:23:54 +02:00
795051b2b0
Refs #32800 -- Added tests of more CSRF functions.
2021-08-03 07:16:31 +02:00
7132341255
Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match().
2021-08-03 07:10:31 +02:00
00ea883ef5
Fixed #32329 -- Made CsrfViewMiddleware catch more specific UnreadablePostError.
...
Thanks Chris Jerdonek for the review.
2021-07-23 13:10:41 +02:00
852fa7617e
Refs #32329 -- Allowed specifying request class in csrf_tests test hooks.
2021-07-23 12:13:31 +02:00
3cfcb8cbc8
Refs #32902 -- Moved ensure_csrf_cookie_view after protected_view.
2021-07-23 07:09:36 +02:00
a2e1f1e295
Fixed #32902 -- Fixed CsrfViewMiddleware.process_response()'s cookie reset logic.
...
Thanks Florian Apolloner and Shai Berger for reviews.
2021-07-23 07:08:45 +02:00
311401d9a2
Refs #32902 -- Added CSRF test when rotate_token() is called between resetting the token and processing response.
2021-07-23 06:56:53 +02:00
43d1ea6e2f
Refs #32885 -- Used _read_csrf_cookie()/_set_csrf_cookie() in more CSRF tests.
2021-06-30 07:48:15 +02:00
abc8795632
Fixed #32885 -- Removed cookie-based token specific logic from CsrfViewMiddlewareTestMixin.
2021-06-30 07:48:15 +02:00
594d6e9407
Refs #32843 -- Added CsrfViewMiddlewareTestMixin._get_csrf_cookie_request() hook.
2021-06-29 08:56:13 +02:00
c8439d1dba
Refs #32843 -- Added method/cookie arguments to CsrfViewMiddlewareTestMixin._get_request().
...
This also removes unnecessary test hooks.
2021-06-29 08:56:13 +02:00
6bccb64347
Refs #32843 -- Moved _get_GET_csrf_cookie_request() to CsrfViewMiddlewareTestMixin.
2021-06-29 08:56:05 +02:00
4397d2bd6b
Fixed #32843 -- Ensured the CSRF tests' _get_GET_csrf_cookie_request() sets the request method.
2021-06-29 08:14:25 +02:00
5e60c3943b
Refs #32800 -- Added CsrfViewMiddleware tests for all combinations of masked/unmasked cookies and tokens.
2021-06-28 08:31:30 +02:00
defa8d3d87
Refs #32800 -- Made CsrfViewMiddlewareTestMixin._csrf_id_cookie and _csrf_id_token different.
...
This also renames CsrfViewMiddlewareTestMixin._csrf_id to _csrf_id_token.
2021-06-28 08:09:53 +02:00
2523c32d50
Refs #32800 -- Eliminated the need for separate _get_POST_bare_secret() methods.
2021-06-28 08:08:43 +02:00
c8108591b9
Refs #32800 -- Added to csrf_tests/tests.py the unmasked version of the secret.
...
This also adds tests that the secret is correct, and updates existing
tests to use the value.
2021-06-28 07:59:22 +02:00
fcb75651f9
Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token error messages.
2021-06-23 16:07:15 +02:00
1a284afb07
Refs #32817 -- Added tests for bad CSRF token provided via X-CSRFToken or custom header.
2021-06-23 16:07:07 +02:00
6837bd68a4
Refs #32817 -- Added post_token/meta_token/token_header arguments to _get_POST_csrf_cookie_request().
2021-06-23 16:07:07 +02:00
999402f142
Refs #32817 -- Combined the bad-or-missing CSRF token tests.
2021-06-23 16:07:07 +02:00
cd19db10df
Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly formatted cookie tokens.
2021-06-01 09:02:27 +02:00
623cec0879
Refs #32796 -- Added CsrfViewMiddleware tests for incorrectly formatted cookie tokens.
2021-06-01 09:02:23 +02:00
55775891fb
Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly formatted tokens.
2021-05-31 21:12:21 +02:00
ffdee8d264
Refs #32795 -- Added CsrfViewMiddleware tests for rejecting invalid or missing tokens.
...
This also improves test names for test_process_request_no_csrf_cookie
and test_process_request_csrf_cookie_no_token. The logic being tested
is actually in process_view() rather than process_request(), and it's
not necessary to include the method name.
2021-05-31 21:12:17 +02:00
71179a6124
Fixed #32596 -- Added CsrfViewMiddleware._check_referer().
...
This encapsulates CsrfViewMiddleware's referer logic into a method and
updates existing tests to check the "seam" introduced by the refactor,
when doing so would improve the test.
2021-05-28 07:31:56 +02:00
02c59b7a43
Refs #32596 -- Added extra tests for CsrfViewMiddleware's referer logic.
2021-05-27 10:53:20 +02:00
ff514309e1
Fixed #32578 -- Fixed crash in CsrfViewMiddleware when a request with Origin header has an invalid host.
2021-03-25 10:34:58 +01:00
717b5e633a
Made CsrfViewMiddlewareTestMixin._get_GET_no_csrf_cookie_request() return GET requests.
2021-03-22 08:22:58 +01:00
e49fdfa405
Fixed #32571 -- Made CsrfViewMiddleware handle invalid URLs in Referer header.
2021-03-19 11:19:19 +01:00
2411b8b5eb
Fixed #16010 -- Added Origin header checking to CSRF middleware.
...
Thanks David Benjamin for the original patch, and Florian
Apolloner, Chris Jerdonek, and Adam Johnson for reviews.
2021-03-18 20:25:20 +01:00
dba44a7a7a
Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.
2021-03-18 20:00:22 +01:00
7ca7f4495b
Refs #21429 -- Added SimpleTestCase.assertNoLogs() on Python < 3.10.
2021-03-02 20:35:33 +01:00
d6aff369ad
Refs #30116 -- Simplified regex match group access with Match.__getitem__().
...
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
2020-05-11 12:01:28 +02:00
5b09354954
Fixed #31291 -- Renamed salt to mask for CSRF tokens.
2020-02-25 14:16:19 +01:00
4d973f5939
Refs #26601 -- Deprecated passing None as get_response arg to middleware classes.
...
This is the new contract since middleware refactoring in Django 1.10.
Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2020-02-18 20:03:44 +01:00
9d5a487f33
Dropped obsolete mimetype kwarg in csrf test view
2019-09-21 20:46:39 +02:00
Mariusz Felisiak
David Smith
Claude Paroz
django-bot
Chris Jerdonek
Virtosu Bogdan
Adam Donaghy
Tim Graham
François Freitag
Jon Dufresne
Ram Rachum