def test_header_encoded(self): request = RequestFactory().post( '/', HTTP_X_CSRFTOKEN='WaMeyTIUS6hOoTcm$TOKqMT3J0Gx2b15UH1MkRg==', ) middleware = CSRFCryptMiddleware() middleware.process_request(request) self.assertEqual(request.META.get('HTTP_X_CSRFTOKEN'), b'abc123')
def test_encoded(self): request = RequestFactory().post( '/', {'csrfmiddlewaretoken': 'Ump3NGw2b0t1R1J5VlZiOQ==$sBDBSs99N2pbyLVHloLaLg=='} ) middleware = CSRFCryptMiddleware() middleware.process_request(request) self.assertEqual(request.POST.get('csrfmiddlewaretoken'), 'abc123')
def test_encoded(self): request = RequestFactory().post( '/', {'csrfmiddlewaretoken': 'WaMeyTIUS6hOoTcm$TOKqMT3J0Gx2b15UH1MkRg=='} ) middleware = CSRFCryptMiddleware() middleware.process_request(request) self.assertEqual(request.POST.get('csrfmiddlewaretoken'), 'abc123')
def test_round_trip_loop(self): ''' Checks a wide range of input tokens and keys ''' for _ in range(1000): request = RequestFactory().get('/') csrf_token = get_random_string(32) request.META['CSRF_COOKIE'] = csrf_token token = force_text(csrf(request)['csrf_token']) request = RequestFactory().post( '/', {'csrfmiddlewaretoken': token}) middleware = CSRFCryptMiddleware() middleware.process_request(request) self.assertEqual( force_text(request.POST.get('csrfmiddlewaretoken')), force_text(csrf_token) )
def test_mutable_status(self): request = RequestFactory().post( '/', {'csrfmiddlewaretoken': 'WaMeyTIUS6hOoTcm$TOKqMT3J0Gx2b15UH1MkRg=='} ) request.POST._mutable = False middleware = CSRFCryptMiddleware() middleware.process_request(request) self.assertFalse(request.POST._mutable) request = RequestFactory().post( '/', {'csrfmiddlewaretoken': 'WaMeyTIUS6hOoTcm$TOKqMT3J0Gx2b15UH1MkRg=='} ) request.POST._mutable = True middleware = CSRFCryptMiddleware() middleware.process_request(request) self.assertTrue(request.POST._mutable)
def test_round_trip_loop_header(self): ''' Checks a wide range of input tokens and keys ''' for _ in range(1000): request = RequestFactory().get('/') csrf_token = get_random_string(32) request.META['CSRF_COOKIE'] = csrf_token token = csrf(request)['csrf_token'] request = RequestFactory().post( '/', HTTP_X_CSRFTOKEN=force_text(token), HTTP_X_REQUESTED_WITH='XMLHttpRequest' ) middleware = CSRFCryptMiddleware() middleware.process_request(request) self.assertEqual( force_text(request.META.get('HTTP_X_CSRFTOKEN')), force_text(csrf_token) )
def test_not_encoded(self): request = RequestFactory().post('/', {'csrfmiddlewaretoken': 'abc123'}) middleware = CSRFCryptMiddleware() middleware.process_request(request) self.assertEqual(request.POST.get('csrfmiddlewaretoken'), 'abc123')
def test_header_tampering(self): request = RequestFactory().post('/', HTTP_X_CSRFTOKEN='123$abc') middleware = CSRFCryptMiddleware() with self.assertRaises(SuspiciousOperation): middleware.process_request(request)
def test_tampering(self): request = RequestFactory().post( '/', {'csrfmiddlewaretoken': '123$abc'}) middleware = CSRFCryptMiddleware() with self.assertRaises(SuspiciousOperation): middleware.process_request(request)
def test_header_not_encoded(self): request = RequestFactory().post('/', HTTP_X_CSRFTOKEN='abc123') middleware = CSRFCryptMiddleware() middleware.process_request(request) self.assertEqual(request.META.get('HTTP_X_CSRFTOKEN'), 'abc123')