diff options
| author | Chris Jerdonek <chris.jerdonek@gmail.com> | 2021-06-02 03:34:47 -0700 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-06-28 08:09:53 +0200 |
| commit | defa8d3d87d5fcfd7675939b404ddc2bcdd13dcc (patch) | |
| tree | 02ecce1a61192db0212ebd4af5da51f1812aa1b5 /tests/csrf_tests/tests.py | |
| parent | 2523c32d50e3a34d7ad9e32a4150b6228b8b065c (diff) | |
| download | django-defa8d3d87d5fcfd7675939b404ddc2bcdd13dcc.tar.gz | |
Refs #32800 -- Made CsrfViewMiddlewareTestMixin._csrf_id_cookie and _csrf_id_token different.
This also renames CsrfViewMiddlewareTestMixin._csrf_id to _csrf_id_token.
Diffstat (limited to 'tests/csrf_tests/tests.py')
| -rw-r--r-- | tests/csrf_tests/tests.py | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index ab2d0dbff8..af801f8283 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -88,7 +88,7 @@ class CsrfViewMiddlewareTestMixin: """ _csrf_id_cookie = MASKED_TEST_SECRET1 - _csrf_id = MASKED_TEST_SECRET1 + _csrf_id_token = MASKED_TEST_SECRET2 def _get_GET_no_csrf_cookie_request(self): req = TestingHttpRequest() @@ -125,12 +125,12 @@ class CsrfViewMiddlewareTestMixin: def _get_POST_request_with_token(self, cookie=None): """The cookie argument defaults to this class's default test cookie.""" - return self._get_POST_csrf_cookie_request(cookie=cookie, post_token=self._csrf_id) + return self._get_POST_csrf_cookie_request(cookie=cookie, post_token=self._csrf_id_token) def _check_token_present(self, response, csrf_id=None): text = str(response.content, response.charset) match = re.search('name="csrfmiddlewaretoken" value="(.*?)"', text) - csrf_token = csrf_id or self._csrf_id + csrf_token = csrf_id or self._csrf_id_token self.assertTrue( match and equivalent_tokens(csrf_token, match[1]), "Could not find csrfmiddlewaretoken to match %s" % csrf_token @@ -267,7 +267,7 @@ class CsrfViewMiddlewareTestMixin: """ The token may be passed in a header instead of in the form. """ - req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id) + req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token) mw = CsrfViewMiddleware(post_form_view) mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) @@ -279,7 +279,7 @@ class CsrfViewMiddlewareTestMixin: settings.CSRF_HEADER_NAME can be used to customize the CSRF header name """ req = self._get_POST_csrf_cookie_request( - meta_token=self._csrf_id, + meta_token=self._csrf_id_token, token_header='HTTP_X_CSRFTOKEN_CUSTOMIZED', ) mw = CsrfViewMiddleware(post_form_view) @@ -310,14 +310,14 @@ class CsrfViewMiddlewareTestMixin: """ HTTP PUT and DELETE can get through with X-CSRFToken and a cookie. """ - req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id) + req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token) req.method = 'PUT' mw = CsrfViewMiddleware(post_form_view) mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) self.assertIsNone(resp) - req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id) + req = self._get_POST_csrf_cookie_request(meta_token=self._csrf_id_token) req.method = 'DELETE' mw.process_request(req) resp = mw.process_view(req, post_form_view, (), {}) @@ -681,7 +681,7 @@ class CsrfViewMiddlewareTestMixin: POST = property(_get_post, _set_post) - token = ('ABC' + self._csrf_id)[:CSRF_TOKEN_LENGTH] + token = ('ABC' + self._csrf_id_token)[:CSRF_TOKEN_LENGTH] req = CsrfPostRequest(token, raise_error=False) mw = CsrfViewMiddleware(post_form_view) @@ -965,7 +965,7 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase): If the token contains non-alphanumeric characters, it is ignored and a new token is created. """ - token = ('!@#' + self._csrf_id)[:CSRF_TOKEN_LENGTH] + token = ('!@#' + self._csrf_id_token)[:CSRF_TOKEN_LENGTH] req = self._get_GET_no_csrf_cookie_request() req.COOKIES[settings.CSRF_COOKIE_NAME] = token mw = CsrfViewMiddleware(token_view) |