def test_csrf_token(): settings = {'SECRET_KEY': 'abc'*20} app = Shake(__file__, settings) environ = get_test_env() request = app.make_request(environ) csrf1 = get_csrf(request).value csrf2 = new_csrf(request).value csrf2_ = get_csrf(request).value assert csrf2 != csrf1 assert csrf2_ == csrf2
def get_restore_url(self): csfr = get_csrf() data = { 'item_id': self.id, csfr.name: csfr.value, } return url_for(self.__tablename__ + '.restore', **data)
def test_csrf_token_query(): settings = {'SECRET_KEY': 'abc'*20} app = Shake(__file__, settings) environ = get_test_env() app.make_request(environ) csrf = get_csrf() tmpl = '{{ csrf.query }}' resp = app.render.from_string(tmpl, to_string=True) expected = '%s=%s' % (csrf.name, csrf.value) assert resp == expected
def test_csrf_token_input(): settings = {'SECRET_KEY': 'abc'*20} app = Shake(__file__, settings) environ = get_test_env() request = app.make_request(environ) csrf = get_csrf(request) tmpl = '{{ csrf.input }}' resp = app.render.from_string(tmpl, to_string=True) expected = '<input type="hidden" name="%s" value="%s">' \ % (csrf.name, csrf.value) assert resp == expected