diff options
Diffstat (limited to 'tests/modeltests/test_client/models.py')
-rw-r--r-- | tests/modeltests/test_client/models.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/tests/modeltests/test_client/models.py b/tests/modeltests/test_client/models.py index c51323d843..30520082da 100644 --- a/tests/modeltests/test_client/models.py +++ b/tests/modeltests/test_client/models.py @@ -21,6 +21,7 @@ rather than the HTML rendered to the end-user. """ from django.test import Client, TestCase +from django.conf import settings from django.core import mail class ClientTest(TestCase): @@ -433,3 +434,26 @@ class ClientTest(TestCase): self.assertEqual(mail.outbox[1].from_email, 'from@example.com') self.assertEqual(mail.outbox[1].to[0], 'second@example.com') self.assertEqual(mail.outbox[1].to[1], 'third@example.com') + +class CSRFEnabledClientTests(TestCase): + def setUp(self): + # Enable the CSRF middleware for this test + self.old_MIDDLEWARE_CLASSES = settings.MIDDLEWARE_CLASSES + csrf_middleware_class = 'django.middleware.csrf.CsrfViewMiddleware' + if csrf_middleware_class not in settings.MIDDLEWARE_CLASSES: + settings.MIDDLEWARE_CLASSES += (csrf_middleware_class,) + + def tearDown(self): + settings.MIDDLEWARE_CLASSES = self.old_MIDDLEWARE_CLASSES + + def test_csrf_enabled_client(self): + "A client can be instantiated with CSRF checks enabled" + csrf_client = Client(enforce_csrf_checks=True) + + # The normal client allows the post + response = self.client.post('/test_client/post_view/', {}) + self.assertEqual(response.status_code, 200) + + # The CSRF-enabled client rejects it + response = csrf_client.post('/test_client/post_view/', {}) + self.assertEqual(response.status_code, 403) |