Opened 17 years ago
Closed 17 years ago
#4988 closed (fixed)
assertRedirects potentially breaks authentication
Reported by: | Owned by: | Russell Keith-Magee | |
---|---|---|---|
Component: | Testing framework | Version: | dev |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | yes |
Needs tests: | yes | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Because assertRedirects always uses self.client for getting the redirect_response, sessions/authentication etc. will break when the original request was not made using self.client. example:
# views.py: from django import http from django.contrib.auth.decorators import login_required @login_required def stuff(request): return http.HttpResponseRedirect("/morestuff/") @login_required def morestuff(request): return http.HttpResponse("more stuff") # tests.py: from django.test import TestCase, Client from django.contrib.auth.models import User class LoginTest(TestCase): def testRedirect(self): joe = User() joe.username = 'joe' joe.set_password('test') joe.save() c = Client() self.assertTrue(c.login(username='joe', password='test')) resp = c.get("/stuff/") self.assertRedirects(resp, "/morestuff/")
fails with:
AssertionError: Couldn't retrieve redirection page '/morestuff/': response code was 302 (expected 200)
because self.client isn't logged in and gets redirected to /accounts/login/. This should be documented or assertRedirects should use the Client which was used to obtain the original response. A naive patch is attached.
Attachments (1)
Change History (3)
by , 17 years ago
Attachment: | django-test-redirect.patch added |
---|
comment:1 by , 17 years ago
Needs documentation: | set |
---|---|
Needs tests: | set |
Owner: | changed from | to
Triage Stage: | Unreviewed → Accepted |
comment:2 by , 17 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
(In [6039]) Fixed #4988 -- In the test client, Added tracking of the client and request that caused a response so that the assertRedirects check can use the correct client when following a redirect. Well spotted, alex@….