Changeset 9552
- Timestamp:
- 12/02/08 17:00:06 (1 month ago)
- Files:
-
- django/trunk/django/contrib/csrf/tests.py (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/trunk/django/contrib/csrf/tests.py
r9551 r9552 2 2 3 3 from django.test import TestCase 4 from django.http import HttpRequest, HttpResponse 4 from django.http import HttpRequest, HttpResponse, HttpResponseForbidden 5 5 from django.contrib.csrf.middleware import CsrfMiddleware, _make_token 6 6 from django.conf import settings … … 10 10 _session_id = "1" 11 11 12 def _get_ no_session_request(self):12 def _get_GET_no_session_request(self): 13 13 return HttpRequest() 14 14 15 def _get_ session_request(self):16 req = self._get_ no_session_request()15 def _get_GET_session_request(self): 16 req = self._get_GET_no_session_request() 17 17 req.COOKIES[settings.SESSION_COOKIE_NAME] = self._session_id 18 return req 19 20 def _get_POST_session_request(self): 21 req = self._get_GET_session_request() 22 req.method = "POST" 23 return req 24 25 def _get_POST_no_session_request(self): 26 req = self._get_GET_no_session_request() 27 req.method = "POST" 28 return req 29 30 def _get_POST_session_request_with_token(self): 31 req = self._get_POST_session_request() 32 req.POST['csrfmiddlewaretoken'] = _make_token(self._session_id) 18 33 return req 19 34 … … 32 47 self.assertContains(response, "name='csrfmiddlewaretoken' value='%s'" % _make_token(self._session_id)) 33 48 49 # Check the post processing 34 50 def test_process_response_no_session(self): 35 51 """ 36 52 Check the the post-processor does nothing if no session active 37 53 """ 38 req = self._get_ no_session_request()54 req = self._get_GET_no_session_request() 39 55 resp = self._get_post_form_response() 40 56 resp_content = resp.content … … 46 62 Check that the token is inserted if there is an existing session 47 63 """ 48 req = self._get_ session_request()64 req = self._get_GET_session_request() 49 65 resp = self._get_post_form_response() 50 66 resp_content = resp.content … … 57 73 Check that the token is inserted if there is a new session being started 58 74 """ 59 req = self._get_ no_session_request() # no session in request75 req = self._get_GET_no_session_request() # no session in request 60 76 resp = self._get_new_session_response() # but new session started 61 77 resp_content = resp.content … … 63 79 self.assertNotEqual(resp_content, resp2.content) 64 80 self._check_token_present(resp2) 81 82 # Check the request processing 83 def test_process_request_no_session(self): 84 """ 85 Check that if no session is present, the middleware does nothing. 86 to the incoming request. 87 """ 88 req = self._get_POST_no_session_request() 89 req2 = CsrfMiddleware().process_request(req) 90 self.assertEquals(None, req2) 91 92 def test_process_request_session_no_token(self): 93 """ 94 Check that if a session is present but no token, we get a 'forbidden' 95 """ 96 req = self._get_POST_session_request() 97 req2 = CsrfMiddleware().process_request(req) 98 self.assertEquals(HttpResponseForbidden, req2.__class__) 99 100 def test_process_request_session_and_token(self): 101 """ 102 Check that if a session is present and a token, the middleware lets it through 103 """ 104 req = self._get_POST_session_request_with_token() 105 req2 = CsrfMiddleware().process_request(req) 106 self.assertEquals(None, req2)
