Hi, I'd like to use webtest to test my application's responses with an authenticated user. I tried everything with mocking, monkeypatch, etc. but couldn't figure out. I see that there is testing_securitypolicy but I have no idea how could I integrate it with webtest.
Finally I found the best resources on: https://docs.pylonsproject.org/projects/pyramid/en/master/tutorials/wiki2/tests.html, it was quite hidden. Based on this, I made the following snippet: @pytest.fixture(scope="session") def app(): return main({"testing": True}) class TestApp(webtest.TestApp): def get_cookie(self, name, default=None): cookie = Cookie( ' '.join('%s=%s' % (c.name, c.value) for c in self.cookiejar if c.name == name) ) return next( (m.value.decode('latin-1') for m in cookie.values()), default, ) def get_csrf_token(self): return self.get_cookie('csrf_token') def login(self): body = dict(csrf_token=self.get_csrf_token(), **TEST_USER_LOGIN) return self.post('/login', body, status=302) @pytest.fixture def testapp(app): testapp = TestApp(app) testapp.set_cookie('csrf_token', 'dummy_csrf_token') return testapp This works, as long as I use the following in my __init__.py if testing: config.set_csrf_storage_policy(CookieCSRFStoragePolicy()) There are a few things which are confusing me here: 1. I can remove get_cookie and get_csrf_token and just hard-code 'dummy_csrf_token' into login / post(), and it still works. Am I missing something here? 2. I don't get all the CSRF behaviour here. Isn't it generated on the server side and webtest is client side only? How can it make Pyramid accept a "dummy_csrf_token" as a CSRF token? Is there some magic in CookieCSRFStoragePolicy or WebTest? 3. Do I understand right that using CookieCSRFStoragePolicy is required for webtest CSRF to work? Thanks, Zsolt -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/0eb90b4c-4ddb-40a5-84a0-9aed391e3dbfn%40googlegroups.com.
