summaryrefslogtreecommitdiff
path: root/tests/csrf_tests
Commit message (Collapse)AuthorAgeFilesLines
* Refs #33476 -- Applied Black's 2023 stable style.David Smith2023-02-011-1/+0
| | | | | | | | Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0
* Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per ↵Mariusz Felisiak2023-01-171-30/+0
| | | | deprecation timeline.
* Fixed #33567 -- Avoided setting default text/html content type on responses.Claude Paroz2022-03-091-0/+1
|
* Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak2022-02-072-3/+9
|
* Refs #33476 -- Reformatted code with Black.django-bot2022-02-074-270/+354
|
* Refs #32800 -- Renamed _sanitize_token() to _check_token_format().Chris Jerdonek2021-11-291-5/+5
|
* Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.Chris Jerdonek2021-11-292-81/+108
| | | | | | | | | This also adds CSRF_COOKIE_MASKED transitional setting helpful in migrating multiple instance of the same project to Django 4.1+. Thanks Florian Apolloner and Shai Berger for reviews. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
* Refs #32800 -- Avoided use of _does_token_match() in some CSRF tests.Chris Jerdonek2021-11-162-7/+9
|
* Refs #32800 -- Added CSRF tests for masked and unmasked secrets during GET.Chris Jerdonek2021-11-161-0/+17
|
* Refs #32800 -- Added test_masked_secret_accepted_and_not_replaced().Chris Jerdonek2021-08-171-2/+17
| | | | | This improves test_bare_secret_accepted_and_replaced() by adding a stronger assertion. It also adds a parallel test for the non-bare (masked) case.
* Refs #32800 -- Improved CsrfViewMiddlewareTestMixin._check_token_present().Chris Jerdonek2021-08-171-23/+33
| | | | | | | This changes CsrfViewMiddlewareTestMixin._check_token_present() to give more detailed information if the check fails, and in particular why it failed. It also moves CsrfFunctionTests.assertMaskedSecretCorrect() to a separate CsrfFunctionTestMixin so the helper can be used in CsrfViewMiddlewareTestMixin.
* Refs #32800 -- Used the cookie argument to ↵Chris Jerdonek2021-08-171-6/+3
| | | | CsrfViewMiddlewareTestMixin._get_request() in more tests.
* Refs #32800 -- Added tests of more CSRF functions.Chris Jerdonek2021-08-031-2/+72
|
* Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match().Chris Jerdonek2021-08-032-5/+5
|
* Fixed #32329 -- Made CsrfViewMiddleware catch more specific UnreadablePostError.Virtosu Bogdan2021-07-231-5/+17
| | | | Thanks Chris Jerdonek for the review.
* Refs #32329 -- Allowed specifying request class in csrf_tests test hooks.Virtosu Bogdan2021-07-231-43/+39
|
* Refs #32902 -- Moved ensure_csrf_cookie_view after protected_view.Chris Jerdonek2021-07-231-6/+5
|
* Fixed #32902 -- Fixed CsrfViewMiddleware.process_response()'s cookie reset ↵Chris Jerdonek2021-07-232-2/+40
| | | | | | logic. Thanks Florian Apolloner and Shai Berger for reviews.
* Refs #32902 -- Added CSRF test when rotate_token() is called between ↵Chris Jerdonek2021-07-232-6/+97
| | | | resetting the token and processing response.
* Refs #32885 -- Used _read_csrf_cookie()/_set_csrf_cookie() in more CSRF tests.Chris Jerdonek2021-06-301-18/+22
|
* Fixed #32885 -- Removed cookie-based token specific logic from ↵Chris Jerdonek2021-06-301-21/+31
| | | | CsrfViewMiddlewareTestMixin.
* Refs #32843 -- Added CsrfViewMiddlewareTestMixin._get_csrf_cookie_request() ↵Chris Jerdonek2021-06-291-24/+25
| | | | hook.
* Refs #32843 -- Added method/cookie arguments to ↵Chris Jerdonek2021-06-291-36/+27
| | | | | | CsrfViewMiddlewareTestMixin._get_request(). This also removes unnecessary test hooks.
* Refs #32843 -- Moved _get_GET_csrf_cookie_request() to ↵Chris Jerdonek2021-06-291-13/+11
| | | | CsrfViewMiddlewareTestMixin.
* Fixed #32843 -- Ensured the CSRF tests' _get_GET_csrf_cookie_request() sets ↵Chris Jerdonek2021-06-291-3/+6
| | | | the request method.
* Refs #32800 -- Added CsrfViewMiddleware tests for all combinations of ↵Chris Jerdonek2021-06-281-0/+50
| | | | masked/unmasked cookies and tokens.
* Refs #32800 -- Made CsrfViewMiddlewareTestMixin._csrf_id_cookie and ↵Chris Jerdonek2021-06-281-9/+9
| | | | | | _csrf_id_token different. This also renames CsrfViewMiddlewareTestMixin._csrf_id to _csrf_id_token.
* Refs #32800 -- Eliminated the need for separate _get_POST_bare_secret() methods.Chris Jerdonek2021-06-281-19/+4
|
* Refs #32800 -- Added to csrf_tests/tests.py the unmasked version of the secret.Chris Jerdonek2021-06-281-6/+58
| | | | | This also adds tests that the secret is correct, and updates existing tests to use the value.
* Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token ↵Chris Jerdonek2021-06-231-7/+22
| | | | error messages.
* Refs #32817 -- Added tests for bad CSRF token provided via X-CSRFToken or ↵Chris Jerdonek2021-06-231-9/+35
| | | | custom header.
* Refs #32817 -- Added post_token/meta_token/token_header arguments to ↵Chris Jerdonek2021-06-231-22/+27
| | | | _get_POST_csrf_cookie_request().
* Refs #32817 -- Combined the bad-or-missing CSRF token tests.Chris Jerdonek2021-06-231-24/+11
|
* Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly ↵Chris Jerdonek2021-06-011-2/+2
| | | | formatted cookie tokens.
* Refs #32796 -- Added CsrfViewMiddleware tests for incorrectly formatted ↵Chris Jerdonek2021-06-011-14/+42
| | | | cookie tokens.
* Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly ↵Chris Jerdonek2021-05-311-8/+11
| | | | formatted tokens.
* Refs #32795 -- Added CsrfViewMiddleware tests for rejecting invalid or ↵Chris Jerdonek2021-05-311-11/+41
| | | | | | | | | missing tokens. This also improves test names for test_process_request_no_csrf_cookie and test_process_request_csrf_cookie_no_token. The logic being tested is actually in process_view() rather than process_request(), and it's not necessary to include the method name.
* Fixed #32596 -- Added CsrfViewMiddleware._check_referer().Chris Jerdonek2021-05-281-1/+25
| | | | | | This encapsulates CsrfViewMiddleware's referer logic into a method and updates existing tests to check the "seam" introduced by the refactor, when doing so would improve the test.
* Refs #32596 -- Added extra tests for CsrfViewMiddleware's referer logic.Chris Jerdonek2021-05-271-0/+28
|
* Fixed #32578 -- Fixed crash in CsrfViewMiddleware when a request with Origin ↵Chris Jerdonek2021-03-251-0/+9
| | | | header has an invalid host.
* Made CsrfViewMiddlewareTestMixin._get_GET_no_csrf_cookie_request() return ↵Mariusz Felisiak2021-03-221-2/+4
| | | | GET requests.
* Fixed #32571 -- Made CsrfViewMiddleware handle invalid URLs in Referer header.Adam Donaghy2021-03-191-0/+6
|
* Fixed #16010 -- Added Origin header checking to CSRF middleware.Tim Graham2021-03-181-1/+149
| | | | | Thanks David Benjamin for the original patch, and Florian Apolloner, Chris Jerdonek, and Adam Johnson for reviews.
* Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.Tim Graham2021-03-181-2/+2
|
* Refs #21429 -- Added SimpleTestCase.assertNoLogs() on Python < 3.10.François Freitag2021-03-021-4/+3
|
* Refs #30116 -- Simplified regex match group access with Match.__getitem__().Jon Dufresne2020-05-111-1/+1
| | | | | The method has been available since Python 3.6. The shorter syntax is also marginally faster.
* Fixed #31291 -- Renamed salt to mask for CSRF tokens.Ram Rachum2020-02-252-2/+2
|
* Refs #26601 -- Deprecated passing None as get_response arg to middleware ↵Claude Paroz2020-02-181-124/+145
| | | | | | | | | classes. This is the new contract since middleware refactoring in Django 1.10. Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es> Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
* Dropped obsolete mimetype kwarg in csrf test viewClaude Paroz2019-09-211-1/+1
|
* Fixed #30137 -- Replaced OSError aliases with the canonical OSError.Jon Dufresne2019-01-281-4/+4
| | | | Used more specific errors (e.g. FileExistsError) as appropriate.
View Lorry Controller Status