From 3ff7f6cf07a722635d690785c31ac89484134bee Mon Sep 17 00:00:00 2001 From: Chris Jerdonek Date: Mon, 23 Aug 2021 00:09:19 -0700 Subject: [PATCH] Refs #32800 -- Renamed _sanitize_token() to _check_token_format(). --- django/middleware/csrf.py | 6 +++--- tests/csrf_tests/tests.py | 10 +++++----- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index 41bf8640d6..6be68ebd76 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -128,7 +128,7 @@ class InvalidTokenFormat(Exception): self.reason = reason -def _sanitize_token(token): +def _check_token_format(token): """ Raise an InvalidTokenFormat error if the token has an invalid length or characters that aren't allowed. The token argument can be a CSRF cookie @@ -239,7 +239,7 @@ class CsrfViewMiddleware(MiddlewareMixin): csrf_secret = None else: # This can raise InvalidTokenFormat. - _sanitize_token(csrf_secret) + _check_token_format(csrf_secret) if csrf_secret is None: return None # Django versions before 4.0 masked the secret before storing. @@ -386,7 +386,7 @@ class CsrfViewMiddleware(MiddlewareMixin): token_source = 'POST' try: - _sanitize_token(request_csrf_token) + _check_token_format(request_csrf_token) except InvalidTokenFormat as exc: reason = self._bad_token_message(exc.reason, token_source) raise RejectRequest(reason) diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index 203ef0f419..71e75854db 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -8,7 +8,7 @@ from django.middleware.csrf import ( CSRF_ALLOWED_CHARS, CSRF_SECRET_LENGTH, CSRF_SESSION_KEY, CSRF_TOKEN_LENGTH, REASON_BAD_ORIGIN, REASON_CSRF_TOKEN_MISSING, REASON_NO_CSRF_COOKIE, CsrfViewMiddleware, InvalidTokenFormat, - RejectRequest, _does_token_match, _mask_cipher_secret, _sanitize_token, + RejectRequest, _check_token_format, _does_token_match, _mask_cipher_secret, _unmask_cipher_token, get_token, rotate_token, ) from django.test import SimpleTestCase, override_settings @@ -106,7 +106,7 @@ class CsrfFunctionTests(CsrfFunctionTestMixin, SimpleTestCase): self.assertNotEqual(cookie, TEST_SECRET) self.assertIs(request.META['CSRF_COOKIE_NEEDS_UPDATE'], True) - def test_sanitize_token_valid(self): + def test_check_token_format_valid(self): cases = [ # A token of length CSRF_SECRET_LENGTH. TEST_SECRET, @@ -116,10 +116,10 @@ class CsrfFunctionTests(CsrfFunctionTestMixin, SimpleTestCase): ] for token in cases: with self.subTest(token=token): - actual = _sanitize_token(token) + actual = _check_token_format(token) self.assertIsNone(actual) - def test_sanitize_token_invalid(self): + def test_check_token_format_invalid(self): cases = [ (64 * '*', 'has invalid characters'), (16 * 'a', 'has incorrect length'), @@ -127,7 +127,7 @@ class CsrfFunctionTests(CsrfFunctionTestMixin, SimpleTestCase): for token, expected_message in cases: with self.subTest(token=token): with self.assertRaisesMessage(InvalidTokenFormat, expected_message): - _sanitize_token(token) + _check_token_format(token) def test_does_token_match(self): cases = [