Django

Code

Ticket #4988 (closed: fixed)

Opened 1 year ago

Last modified 1 year ago

assertRedirects potentially breaks authentication

Reported by: alex@gc-web.de Assigned to: russellm
Milestone: Component: Testing framework
Version: SVN Keywords:
Cc: Triage Stage: Accepted
Has patch: 1 Needs documentation: 1
Needs tests: 1 Patch needs improvement: 0

Description

Because assertRedirects always uses self.client for getting the redirect_response, sessions/authentication etc. will break when the original request was not made using self.client. example: 

# views.py:
from django import http
from django.contrib.auth.decorators import login_required

@login_required
def stuff(request):
    return http.HttpResponseRedirect("/morestuff/")

@login_required
def morestuff(request):
    return http.HttpResponse("more stuff")

# tests.py:
from django.test import TestCase, Client
from django.contrib.auth.models import User

class LoginTest(TestCase):
    def testRedirect(self):
        joe = User()
        joe.username = 'joe'
        joe.set_password('test')
        joe.save()

        c = Client()
        self.assertTrue(c.login(username='joe',
            password='test'))

        resp = c.get("/stuff/")
        self.assertRedirects(resp, "/morestuff/")

fails with:

AssertionError: Couldn't retrieve redirection page '/morestuff/': response code was 302 (expected 200)

because self.client isn't logged in and gets redirected to /accounts/login/. This should be documented or assertRedirects should use the Client which was used to obtain the original response. A naive patch is attached.

Attachments

django-test-redirect.patch (1.2 kB) - added by alex@gc-web.de on 07/27/07 01:40:08.

Change History

07/27/07 01:40:08 changed by alex@gc-web.de

  • attachment django-test-redirect.patch added.

07/27/07 06:12:22 changed by russellm

  • owner changed from adrian to russellm.
  • needs_better_patch changed.
  • stage changed from Unreviewed to Accepted.
  • needs_tests set to 1.
  • needs_docs set to 1.

09/03/07 06:21:40 changed by russellm

  • status changed from new to closed.
  • resolution set to fixed.

(In [6039]) Fixed #4988 -- In the test client, Added tracking of the client and request that caused a response so that the assertRedirects check can use the correct client when following a redirect. Well spotted, alex@gc-web.de.

Add/Change #4988 (assertRedirects potentially breaks authentication)




Change Properties
Action