Changeset 8597
- Timestamp:
- 08/26/08 15:19:12 (3 months ago)
- Files:
-
- django/trunk/django/contrib/formtools/preview.py (modified) (2 diffs)
- django/trunk/django/contrib/formtools/tests.py (modified) (5 diffs)
- django/trunk/django/contrib/formtools/utils.py (added)
- django/trunk/django/contrib/formtools/wizard.py (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/trunk/django/contrib/formtools/preview.py
r8193 r8597 10 10 from django.template.context import RequestContext 11 11 from django.utils.hashcompat import md5_constructor 12 from django.contrib.formtools.utils import security_hash 12 13 13 14 AUTO_ID = 'formtools_%s' # Each form here uses this as its auto_id parameter. … … 98 99 def security_hash(self, request, form): 99 100 """ 100 Calculates the security hash for the given Form instance.101 Calculates the security hash for the given HttpRequest and Form instances. 101 102 102 This creates a list of the form field names/values in a deterministic 103 order, pickles the result with the SECRET_KEY setting and takes an md5 104 hash of that. 105 106 Subclasses may want to take into account request-specific information 103 Subclasses may want to take into account request-specific information, 107 104 such as the IP address. 108 105 """ 109 data = [(bf.name, bf.data or '') for bf in form] + [settings.SECRET_KEY] 110 # Use HIGHEST_PROTOCOL because it's the most efficient. It requires 111 # Python 2.3, but Django requires 2.3 anyway, so that's OK. 112 pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL) 113 return md5_constructor(pickled).hexdigest() 106 return security_hash(request, form) 114 107 115 108 def failed_hash(self, request): django/trunk/django/contrib/formtools/tests.py
r8046 r8597 5 5 6 6 success_string = "Done was called!" 7 test_data = {'field1': u'foo',8 'field1_': u'asdf'}9 10 7 11 8 class TestFormPreview(preview.FormPreview): … … 14 11 return http.HttpResponse(success_string) 15 12 16 17 13 class TestForm(forms.Form): 18 14 field1 = forms.CharField() 19 15 field1_ = forms.CharField() 20 16 bool1 = forms.BooleanField(required=False) 21 17 22 18 class PreviewTests(TestCase): … … 28 24 input_template = '<input type="hidden" name="%s" value="%s" />' 29 25 self.input = input_template % (self.preview.unused_name('stage'), "%d") 26 self.test_data = {'field1':u'foo', 'field1_':u'asdf'} 30 27 31 28 def test_unused_name(self): … … 60 57 # Pass strings for form submittal and add stage variable to 61 58 # show we previously saw first stage of the form. 62 test_data.update({'stage': 1})63 response = self.client.post('/test1/', test_data)59 self.test_data.update({'stage': 1}) 60 response = self.client.post('/test1/', self.test_data) 64 61 # Check to confirm stage is set to 2 in output form. 65 62 stage = self.input % 2 … … 78 75 # Pass strings for form submittal and add stage variable to 79 76 # show we previously saw first stage of the form. 80 test_data.update({'stage':2})81 response = self.client.post('/test1/', test_data)77 self.test_data.update({'stage':2}) 78 response = self.client.post('/test1/', self.test_data) 82 79 self.failIfEqual(response.content, success_string) 83 hash = self.preview.security_hash(None, TestForm( test_data))84 test_data.update({'hash': hash})85 response = self.client.post('/test1/', test_data)80 hash = self.preview.security_hash(None, TestForm(self.test_data)) 81 self.test_data.update({'hash': hash}) 82 response = self.client.post('/test1/', self.test_data) 86 83 self.assertEqual(response.content, success_string) 87 84 85 def test_bool_submit(self): 86 """ 87 Test contrib.formtools.preview form submittal when form contains: 88 BooleanField(required=False) 89 90 Ticket: #6209 - When an unchecked BooleanField is previewed, the preview 91 form's hash would be computed with no value for ``bool1``. However, when 92 the preview form is rendered, the unchecked hidden BooleanField would be 93 rendered with the string value 'False'. So when the preview form is 94 resubmitted, the hash would be computed with the value 'False' for 95 ``bool1``. We need to make sure the hashes are the same in both cases. 96 97 """ 98 self.test_data.update({'stage':2}) 99 hash = self.preview.security_hash(None, TestForm(self.test_data)) 100 self.test_data.update({'hash':hash, 'bool1':u'False'}) 101 response = self.client.post('/test1/', self.test_data) 102 self.assertEqual(response.content, success_string) 103 django/trunk/django/contrib/formtools/wizard.py
r8193 r8597 13 13 from django.template.context import RequestContext 14 14 from django.utils.hashcompat import md5_constructor 15 from django.contrib.formtools.utils import security_hash 15 16 16 17 class FormWizard(object): … … 141 142 Calculates the security hash for the given HttpRequest and Form instances. 142 143 143 This creates a list of the form field names/values in a deterministic144 order, pickles the result with the SECRET_KEY setting and takes an md5145 hash of that.146 147 144 Subclasses may want to take into account request-specific information, 148 145 such as the IP address. 149 146 """ 150 data = [(bf.name, bf.data or '') for bf in form] + [settings.SECRET_KEY] 151 # Use HIGHEST_PROTOCOL because it's the most efficient. It requires 152 # Python 2.3, but Django requires 2.3 anyway, so that's OK. 153 pickled = pickle.dumps(data, pickle.HIGHEST_PROTOCOL) 154 return md5_constructor(pickled).hexdigest() 147 return security_hash(request, form) 155 148 156 149 def determine_step(self, request, *args, **kwargs):
