diff options
author | Chris Jerdonek <chris.jerdonek@gmail.com> | 2021-06-08 09:33:26 -0700 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-06-23 16:07:15 +0200 |
commit | fcb75651f9b8c2f76ec037f1a68a0e5c99263d8c (patch) | |
tree | 69f1a1eb96de04d84070dbfbfda70166d7b4f398 /tests/csrf_tests | |
parent | 1a284afb07ad8806b29044a8cdd0d0bb20165fa4 (diff) | |
download | django-fcb75651f9b8c2f76ec037f1a68a0e5c99263d8c.tar.gz |
Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token error messages.
Diffstat (limited to 'tests/csrf_tests')
-rw-r--r-- | tests/csrf_tests/tests.py | 29 |
1 files changed, 22 insertions, 7 deletions
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index a028b56d08..9f9d380bb3 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -147,12 +147,24 @@ class CsrfViewMiddlewareTestMixin: """ cases = [ (None, None, REASON_CSRF_TOKEN_MISSING), - (16 * 'a', None, 'CSRF token has incorrect length.'), - (64 * '*', None, 'CSRF token has invalid characters.'), - (64 * 'a', None, 'CSRF token incorrect.'), - (None, 16 * 'a', 'CSRF token has incorrect length.'), - (None, 64 * '*', 'CSRF token has invalid characters.'), - (None, 64 * 'a', 'CSRF token incorrect.'), + (16 * 'a', None, 'CSRF token from POST has incorrect length.'), + (64 * '*', None, 'CSRF token from POST has invalid characters.'), + (64 * 'a', None, 'CSRF token from POST incorrect.'), + ( + None, + 16 * 'a', + "CSRF token from the 'X-Csrftoken' HTTP header has incorrect length.", + ), + ( + None, + 64 * '*', + "CSRF token from the 'X-Csrftoken' HTTP header has invalid characters.", + ), + ( + None, + 64 * 'a', + "CSRF token from the 'X-Csrftoken' HTTP header incorrect.", + ), ] for post_token, meta_token, expected in cases: with self.subTest(post_token=post_token, meta_token=meta_token): @@ -168,7 +180,10 @@ class CsrfViewMiddlewareTestMixin: If a CSRF cookie is present and an invalid token is passed via a custom CSRF_HEADER_NAME, the middleware rejects the incoming request. """ - expected = 'CSRF token has incorrect length.' + expected = ( + "CSRF token from the 'X-Csrftoken-Customized' HTTP header has " + "incorrect length." + ) self._check_bad_or_missing_token( expected, meta_token=16 * 'a', |