Author: lukeplant
Date: 2008-12-02 17:00:06 -0600 (Tue, 02 Dec 2008)
New Revision: 9552
Modified:
django/trunk/django/contrib/csrf/tests.py
Log:
More tests for the other half of CsrfMiddleware
Modified: django/trunk/django/contrib/csrf/tests.py
===================================================================
--- django/trunk/django/contrib/csrf/tests.py 2008-12-02 22:40:00 UTC (rev
9551)
+++ django/trunk/django/contrib/csrf/tests.py 2008-12-02 23:00:06 UTC (rev
9552)
@@ -1,7 +1,7 @@
# -*- coding: utf-8 -*-
from django.test import TestCase
-from django.http import HttpRequest, HttpResponse
+from django.http import HttpRequest, HttpResponse, HttpResponseForbidden
from django.contrib.csrf.middleware import CsrfMiddleware, _make_token
from django.conf import settings
@@ -9,14 +9,29 @@
_session_id = "1"
- def _get_no_session_request(self):
+ def _get_GET_no_session_request(self):
return HttpRequest()
- def _get_session_request(self):
- req = self._get_no_session_request()
+ def _get_GET_session_request(self):
+ req = self._get_GET_no_session_request()
req.COOKIES[settings.SESSION_COOKIE_NAME] = self._session_id
return req
+ def _get_POST_session_request(self):
+ req = self._get_GET_session_request()
+ req.method = "POST"
+ return req
+
+ def _get_POST_no_session_request(self):
+ req = self._get_GET_no_session_request()
+ req.method = "POST"
+ return req
+
+ def _get_POST_session_request_with_token(self):
+ req = self._get_POST_session_request()
+ req.POST['csrfmiddlewaretoken'] = _make_token(self._session_id)
+ return req
+
def _get_post_form_response(self):
resp = HttpResponse(content="""
<html><body><form method="POST"><input type="text" /></form></body></html>
@@ -31,11 +46,12 @@
def _check_token_present(self, response):
self.assertContains(response, "name='csrfmiddlewaretoken' value='%s'"
% _make_token(self._session_id))
+ # Check the post processing
def test_process_response_no_session(self):
"""
Check the the post-processor does nothing if no session active
"""
- req = self._get_no_session_request()
+ req = self._get_GET_no_session_request()
resp = self._get_post_form_response()
resp_content = resp.content
resp2 = CsrfMiddleware().process_response(req, resp)
@@ -45,7 +61,7 @@
"""
Check that the token is inserted if there is an existing session
"""
- req = self._get_session_request()
+ req = self._get_GET_session_request()
resp = self._get_post_form_response()
resp_content = resp.content
resp2 = CsrfMiddleware().process_response(req, resp)
@@ -56,9 +72,35 @@
"""
Check that the token is inserted if there is a new session being
started
"""
- req = self._get_no_session_request() # no session in request
+ req = self._get_GET_no_session_request() # no session in request
resp = self._get_new_session_response() # but new session started
resp_content = resp.content
resp2 = CsrfMiddleware().process_response(req, resp)
self.assertNotEqual(resp_content, resp2.content)
self._check_token_present(resp2)
+
+ # Check the request processing
+ def test_process_request_no_session(self):
+ """
+ Check that if no session is present, the middleware does nothing.
+ to the incoming request.
+ """
+ req = self._get_POST_no_session_request()
+ req2 = CsrfMiddleware().process_request(req)
+ self.assertEquals(None, req2)
+
+ def test_process_request_session_no_token(self):
+ """
+ Check that if a session is present but no token, we get a 'forbidden'
+ """
+ req = self._get_POST_session_request()
+ req2 = CsrfMiddleware().process_request(req)
+ self.assertEquals(HttpResponseForbidden, req2.__class__)
+
+ def test_process_request_session_and_token(self):
+ """
+ Check that if a session is present and a token, the middleware lets it
through
+ """
+ req = self._get_POST_session_request_with_token()
+ req2 = CsrfMiddleware().process_request(req)
+ self.assertEquals(None, req2)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
