diff options
author | Andrew Nester <anestor@sugarcrm.com> | 2016-10-25 14:23:14 +0300 |
---|---|---|
committer | Tim Graham <timograham@gmail.com> | 2016-11-01 07:15:56 -0400 |
commit | 1ce04bcce0076360623ae164afd3541a5c031af2 (patch) | |
tree | 66092aa8501aef9fcad03833c24c4072b75270ab /tests/sessions_tests | |
parent | 9c2e1ad6a5f0ca98d68df7afdb13715921949c5a (diff) | |
download | django-1ce04bcce0076360623ae164afd3541a5c031af2.tar.gz |
Fixed #27363 -- Replaced unsafe redirect in SessionMiddleware with SuspiciousOperation.
Diffstat (limited to 'tests/sessions_tests')
-rw-r--r-- | tests/sessions_tests/tests.py | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/tests/sessions_tests/tests.py b/tests/sessions_tests/tests.py index ffc7e9d942..d5690e1668 100644 --- a/tests/sessions_tests/tests.py +++ b/tests/sessions_tests/tests.py @@ -25,7 +25,7 @@ from django.contrib.sessions.serializers import ( from django.core import management from django.core.cache import caches from django.core.cache.backends.base import InvalidCacheBackendError -from django.core.exceptions import ImproperlyConfigured +from django.core.exceptions import ImproperlyConfigured, SuspiciousOperation from django.http import HttpResponse from django.test import ( RequestFactory, TestCase, ignore_warnings, override_settings, @@ -708,14 +708,15 @@ class SessionMiddlewareTests(TestCase): request.session.save(must_create=True) request.session.delete() - # Handle the response through the middleware. It will try to save the - # deleted session which will cause an UpdateError that's caught and - # results in a redirect to the original page. - response = middleware.process_response(request, response) - - # Check that the response is a redirect. - self.assertEqual(response.status_code, 302) - self.assertEqual(response['Location'], path) + msg = ( + "The request's session was deleted before the request completed. " + "The user may have logged out in a concurrent request, for example." + ) + with self.assertRaisesMessage(SuspiciousOperation, msg): + # Handle the response through the middleware. It will try to save + # the deleted session which will cause an UpdateError that's caught + # and raised as a SuspiciousOperation. + middleware.process_response(request, response) def test_session_delete_on_end(self): request = RequestFactory().get('/') |