Fixed #32885 -- Removed cookie-based token specific logic from CsrfViewMiddlewareTestMixin.

author: Chris Jerdonek <chris.jerdonek@gmail.com> 2021-06-29 10:07:28 -0400
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2021-06-30 07:48:15 +0200
commit: abc8795632e423974a628f4725702f015b2d1ed8 (patch)
tree: a7a4a757eacdce11fd4ba265ba1bd35447e7ae12 /tests/csrf_tests
parent: e3d55eeb14936e82257ac6a005e9f9a06def3d00 (diff)
download: django-abc8795632e423974a628f4725702f015b2d1ed8.tar.gz
1 files changed, 31 insertions, 21 deletions
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py
index 76c4c54eb7..a1057c1168 100644
--- a/tests/csrf_tests/tests.py
+++ b/tests/csrf_tests/tests.py
@@ -93,6 +93,12 @@ class CsrfViewMiddlewareTestMixin:
     def _set_csrf_cookie(self, req, cookie):
         raise NotImplementedError('This method must be implemented by a subclass.')
 
+    def _read_csrf_cookie(self, req, resp):
+        """
+        Return the CSRF cookie as a string, or False if no cookie is present.
+        """
+        raise NotImplementedError('This method must be implemented by a subclass.')
+
     def _get_request(self, method=None, cookie=None):
         if method is None:
             method = 'GET'
@@ -164,7 +170,7 @@ class CsrfViewMiddlewareTestMixin:
         mw.process_view(req, non_token_view_using_request_processor, (), {})
         resp = mw(req)
 
-        csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, False)
+        csrf_cookie = self._read_csrf_cookie(req, resp)
         self.assertIs(csrf_cookie, False)
 
     def _check_bad_or_missing_cookie(self, cookie, expected):
@@ -391,8 +397,8 @@ class CsrfViewMiddlewareTestMixin:
         mw = CsrfViewMiddleware(token_view)
         mw.process_view(req, token_view, (), {})
         resp = mw(req)
-        csrf_cookie = resp.cookies[settings.CSRF_COOKIE_NAME]
-        self._check_token_present(resp, csrf_id=csrf_cookie.value)
+        csrf_cookie = self._read_csrf_cookie(req, resp)
+        self._check_token_present(resp, csrf_id=csrf_cookie)
 
     def test_cookie_not_reset_on_accepted_request(self):
         """
@@ -405,12 +411,11 @@ class CsrfViewMiddlewareTestMixin:
         mw.process_request(req)
         mw.process_view(req, token_view, (), {})
         resp = mw(req)
-        csrf_cookie = resp.cookies.get(settings.CSRF_COOKIE_NAME, None)
-        if csrf_cookie:
-            self.assertEqual(
-                csrf_cookie.value, self._csrf_id_cookie,
-                "CSRF cookie was changed on an accepted request"
-            )
+        csrf_cookie = self._read_csrf_cookie(req, resp)
+        self.assertEqual(
+            csrf_cookie, self._csrf_id_cookie,
+            'CSRF cookie was changed on an accepted request',
+        )
 
     @override_settings(DEBUG=True, ALLOWED_HOSTS=['www.example.com'])
     def test_https_bad_referer(self):
@@ -861,6 +866,15 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
     def _set_csrf_cookie(self, req, cookie):
         req.COOKIES[settings.CSRF_COOKIE_NAME] = cookie
 
+    def _read_csrf_cookie(self, req, resp):
+        """
+        Return the CSRF cookie as a string, or False if no cookie is present.
+        """
+        if settings.CSRF_COOKIE_NAME not in resp.cookies:
+            return False
+        csrf_cookie = resp.cookies[settings.CSRF_COOKIE_NAME]
+        return csrf_cookie.value
+
     def test_ensures_csrf_cookie_no_middleware(self):
         """
         The ensure_csrf_cookie() decorator works without middleware.
@@ -1066,6 +1080,14 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
     def _set_csrf_cookie(self, req, cookie):
         req.session[CSRF_SESSION_KEY] = cookie
 
+    def _read_csrf_cookie(self, req, resp):
+        """
+        Return the CSRF cookie as a string, or False if no cookie is present.
+        """
+        if CSRF_SESSION_KEY not in req.session:
+            return False
+        return req.session[CSRF_SESSION_KEY]
+
     def test_no_session_on_request(self):
         msg = (
             'CSRF_USE_SESSIONS is enabled, but request.session is not set. '
@@ -1127,18 +1149,6 @@ class CsrfViewMiddlewareUseSessionsTests(CsrfViewMiddlewareTestMixin, SimpleTest
         mw(req)
         self.assertTrue(req.session.get(CSRF_SESSION_KEY, False))
 
-    def test_token_node_with_new_csrf_cookie(self):
-        """
-        CsrfTokenNode works when a CSRF cookie is created by the middleware
-        (when one was not already present).
-        """
-        req = self._get_request()
-        mw = CsrfViewMiddleware(token_view)
-        mw.process_view(req, token_view, (), {})
-        resp = mw(req)
-        csrf_cookie = req.session[CSRF_SESSION_KEY]
-        self._check_token_present(resp, csrf_id=csrf_cookie)
-
     @override_settings(
         ALLOWED_HOSTS=['www.example.com'],
         SESSION_COOKIE_DOMAIN='.example.com',
author	Chris Jerdonek <chris.jerdonek@gmail.com>	2021-06-29 10:07:28 -0400
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2021-06-30 07:48:15 +0200
commit	abc8795632e423974a628f4725702f015b2d1ed8 (patch)
tree	a7a4a757eacdce11fd4ba265ba1bd35447e7ae12 /tests/csrf_tests
parent	e3d55eeb14936e82257ac6a005e9f9a06def3d00 (diff)
download	django-abc8795632e423974a628f4725702f015b2d1ed8.tar.gz