Beispiel #1
0
def test_csrf_token():
    settings = {'SECRET_KEY': 'abc'*20}
    app = Shake(__file__, settings)
    environ = get_test_env()
    request = app.make_request(environ)

    csrf1 = get_csrf(request).value
    csrf2 = new_csrf(request).value
    csrf2_ = get_csrf(request).value
    assert csrf2 != csrf1
    assert csrf2_ == csrf2
Beispiel #2
0
 def get_restore_url(self):
     csfr = get_csrf()
     data = {
         'item_id': self.id,
         csfr.name: csfr.value,
     }
     return url_for(self.__tablename__ + '.restore', **data)
Beispiel #3
0
 def get_restore_url(self):
     csfr = get_csrf()
     data = {
         'item_id': self.id,
         csfr.name: csfr.value,
     }
     return url_for(self.__tablename__ + '.restore', **data)
Beispiel #4
0
def test_csrf_token_query():
    settings = {'SECRET_KEY': 'abc'*20}
    app =  Shake(__file__, settings)
    environ = get_test_env()
    app.make_request(environ)

    csrf = get_csrf()
    tmpl = '{{ csrf.query }}'
    resp = app.render.from_string(tmpl, to_string=True)
    expected = '%s=%s' % (csrf.name, csrf.value)
    assert resp == expected
Beispiel #5
0
def test_csrf_token_input():
    settings = {'SECRET_KEY': 'abc'*20}
    app =  Shake(__file__, settings)
    environ = get_test_env()
    request = app.make_request(environ)

    csrf = get_csrf(request)
    tmpl = '{{ csrf.input }}'
    resp = app.render.from_string(tmpl, to_string=True)
    expected = '<input type="hidden" name="%s" value="%s">' \
            % (csrf.name, csrf.value)
    assert resp == expected