Opened 12 years ago

Closed 12 years ago

#4988 closed (fixed)

assertRedirects potentially breaks authentication

Reported by: alex@… Owned by: Russell Keith-Magee
Component: Testing framework Version: master
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: yes
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no


Because assertRedirects always uses self.client for getting the redirect_response, sessions/authentication etc. will break when the original request was not made using self.client. example:

from django import http
from django.contrib.auth.decorators import login_required

def stuff(request):
    return http.HttpResponseRedirect("/morestuff/")

def morestuff(request):
    return http.HttpResponse("more stuff")

from django.test import TestCase, Client
from django.contrib.auth.models import User

class LoginTest(TestCase):
    def testRedirect(self):
        joe = User()
        joe.username = 'joe'

        c = Client()

        resp = c.get("/stuff/")
        self.assertRedirects(resp, "/morestuff/")

fails with:

AssertionError: Couldn't retrieve redirection page '/morestuff/': response code was 302 (expected 200)

because self.client isn't logged in and gets redirected to /accounts/login/. This should be documented or assertRedirects should use the Client which was used to obtain the original response. A naive patch is attached.

Attachments (1)

django-test-redirect.patch (1.2 KB) - added by alex@… 12 years ago.

Download all attachments as: .zip

Change History (3)

Changed 12 years ago by alex@…

Attachment: django-test-redirect.patch added

comment:1 Changed 12 years ago by Russell Keith-Magee

Needs documentation: set
Needs tests: set
Owner: changed from Adrian Holovaty to Russell Keith-Magee
Triage Stage: UnreviewedAccepted

comment:2 Changed 12 years ago by Russell Keith-Magee

Resolution: fixed
Status: newclosed

(In [6039]) Fixed #4988 -- In the test client, Added tracking of the client and request that caused a response so that the assertRedirects check can use the correct client when following a redirect. Well spotted, alex@….

Note: See TracTickets for help on using tickets.
Back to Top