Fixed #13152 -- Ensure the test client saves the session before writing the session key to the cookie, in case the session engine changes the session key.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@12806 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Russell Keith-Magee 2010-03-19 05:42:13 +00:00
parent 003fe52225
commit f081059b45
3 changed files with 54 additions and 3 deletions

View File

@ -428,6 +428,9 @@ class Client(object):
request.session = engine.SessionStore()
login(request, user)
# Save the session values.
request.session.save()
# Set the cookie to represent the session.
session_cookie = settings.SESSION_COOKIE_NAME
self.cookies[session_cookie] = request.session.session_key
@ -440,9 +443,6 @@ class Client(object):
}
self.cookies[session_cookie].update(cookie_data)
# Save the session values.
request.session.save()
return True
else:
return False

View File

@ -493,6 +493,27 @@ class LoginTests(TestCase):
# default client.
self.assertRedirects(response, "http://testserver/test_client_regress/get_view/")
class SessionEngineTests(TestCase):
fixtures = ['testdata']
def setUp(self):
self.old_SESSION_ENGINE = settings.SESSION_ENGINE
settings.SESSION_ENGINE = 'regressiontests.test_client_regress.session'
def tearDown(self):
settings.SESSION_ENGINE = self.old_SESSION_ENGINE
def test_login(self):
"A session engine that modifies the session key can be used to log in"
login = self.client.login(username='testclient', password='password')
self.failUnless(login, 'Could not log in')
# Try to access a login protected page.
response = self.client.get("/test_client/login_protected_view/")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.context['user'].username, 'testclient')
class URLEscapingTests(TestCase):
def test_simple_argument_get(self):
"Get a view that has a simple string argument"

View File

@ -0,0 +1,30 @@
from django.contrib.sessions.backends.base import SessionBase
class SessionStore(SessionBase):
"""
A simple cookie-based session storage implemenation.
The session key is actually the session data, pickled and encoded.
This means that saving the session will change the session key.
"""
def __init__(self, session_key=None):
super(SessionStore, self).__init__(session_key)
def exists(self, session_key):
return False
def create(self):
self.session_key = self.encode({})
def save(self, must_create=False):
self.session_key = self.encode(self._session)
def delete(self, session_key=None):
self.session_key = self.encode({})
def load(self):
try:
return self.decode(self.session_key)
except:
self.modified = True
return {}