def test_csrf_token():
settings = {'SECRET_KEY': 'abc'*20}
app = Shake(__file__, settings)
environ = get_test_env()
request = app.make_request(environ)
csrf1 = get_csrf(request).value
csrf2 = new_csrf(request).value
csrf2_ = get_csrf(request).value
assert csrf2 != csrf1
assert csrf2_ == csrf2
def get_restore_url(self):
csfr = get_csrf()
data = {
'item_id': self.id,
csfr.name: csfr.value,
}
return url_for(self.__tablename__ + '.restore', **data)
def get_restore_url(self):
csfr = get_csrf()
data = {
'item_id': self.id,
csfr.name: csfr.value,
}
return url_for(self.__tablename__ + '.restore', **data)
def test_csrf_token_query():
settings = {'SECRET_KEY': 'abc'*20}
app = Shake(__file__, settings)
environ = get_test_env()
app.make_request(environ)
csrf = get_csrf()
tmpl = '{{ csrf.query }}'
resp = app.render.from_string(tmpl, to_string=True)
expected = '%s=%s' % (csrf.name, csrf.value)
assert resp == expected
def test_csrf_token_input():
settings = {'SECRET_KEY': 'abc'*20}
app = Shake(__file__, settings)
environ = get_test_env()
request = app.make_request(environ)
csrf = get_csrf(request)
tmpl = '{{ csrf.input }}'
resp = app.render.from_string(tmpl, to_string=True)
expected = '<input type="hidden" name="%s" value="%s">' \
% (csrf.name, csrf.value)
assert resp == expected
