Example #1
0
 def test_empty_permitted(self):
     """
     Regression test for #10643: the security hash should allow forms with
     empty_permitted = True, or forms where data has not changed.
     """
     f1 = HashTestBlankForm({})
     f2 = HashTestForm({}, empty_permitted=True)
     hash1 = utils.security_hash(None, f1)
     hash2 = utils.security_hash(None, f2)
     self.assertEqual(hash1, hash2)
 def test_empty_permitted(self):
     """
     Regression test for #10643: the security hash should allow forms with
     empty_permitted = True, or forms where data has not changed.
     """
     f1 = HashTestBlankForm({})
     f2 = HashTestForm({}, empty_permitted=True)
     hash1 = utils.security_hash(None, f1)
     hash2 = utils.security_hash(None, f2)
     self.assertEqual(hash1, hash2)
Example #3
0
 def test_textfield_hash(self):
     """
     Regression test for #10034: the hash generation function should ignore
     leading/trailing whitespace so as to be friendly to broken browsers that
     submit it (usually in textareas).
     """
     f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'})
     f2 = HashTestForm({'name': '  joe', 'bio': 'Nothing notable.  '})
     hash1 = utils.security_hash(None, f1)
     hash2 = utils.security_hash(None, f2)
     self.assertEqual(hash1, hash2)
 def test_textfield_hash(self):
     """
     Regression test for #10034: the hash generation function should ignore
     leading/trailing whitespace so as to be friendly to broken browsers that
     submit it (usually in textareas).
     """
     f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'})
     f2 = HashTestForm({'name': '  joe', 'bio': 'Nothing notable.  '})
     hash1 = utils.security_hash(None, f1)
     hash2 = utils.security_hash(None, f2)
     self.assertEqual(hash1, hash2)
Example #5
0
    def security_hash(self, request, form):
        """
        Calculates the security hash for the given HttpRequest and Form instances.

        Subclasses may want to take into account request-specific information,
        such as the IP address.
        """
        return security_hash(request, form)
Example #6
0
    def security_hash(self, request, form):
        """
        Calculates the security hash for the given HttpRequest and Form instances.

        Subclasses may want to take into account request-specific information,
        such as the IP address.
        """
        return security_hash(request, form)
Example #7
0
def get_form_with_security_hash(request):
    from django.contrib.formtools.utils import security_hash
    form = MessageForm()
    hash = security_hash(request, form)
    return render_to_response('messages/form.html', {
        'form': form,
        'hash': hash
    })
Example #8
0
    def security_hash(self, request, form):
        """
        Calculates the security hash for the given HttpRequest and Form instances.

        Subclasses may want to take into account request-specific information,
        such as the IP address.
        """
        from django.contrib.formtools.utils import security_hash
        if isinstance(form, CaptchaForm):
            return request.session.get('captcha', "error")

        return security_hash(request, form)
Example #9
0
 def test_form_submit_django12_hash(self):
     """
     Test contrib.formtools.preview form submittal, using the hash function
     used in Django 1.2
     """
     # Pass strings for form submittal and add stage variable to
     # show we previously saw first stage of the form.
     self.test_data.update({'stage':2})
     response = self.client.post('/test1/', self.test_data)
     self.failIfEqual(response.content, success_string)
     hash = utils.security_hash(None, TestForm(self.test_data))
     self.test_data.update({'hash': hash})
     response = self.client.post('/test1/', self.test_data)
     self.assertEqual(response.content, success_string)
 def test_form_submit_django12_hash(self):
     """
     Test contrib.formtools.preview form submittal, using the hash function
     used in Django 1.2
     """
     # Pass strings for form submittal and add stage variable to
     # show we previously saw first stage of the form.
     self.test_data.update({'stage': 2})
     response = self.client.post('/test1/', self.test_data)
     self.failIfEqual(response.content, success_string)
     hash = utils.security_hash(None, TestForm(self.test_data))
     self.test_data.update({'hash': hash})
     response = self.client.post('/test1/', self.test_data)
     self.assertEqual(response.content, success_string)
Example #11
0
 def test_form_submit_django12_hash_custom_hash(self):
     """
     Test contrib.formtools.preview form submittal, using the hash function
     used in Django 1.2 and a custom security_hash method.
     """
     # Pass strings for form submittal and add stage variable to
     # show we previously saw first stage of the form.
     self.test_data.update({"stage": 2})
     response = self.client.post("/test2/", self.test_data)
     self.assertEqual(response.status_code, 200)
     self.failIfEqual(response.content, success_string)
     hash = utils.security_hash(None, TestForm(self.test_data))
     self.test_data.update({"hash": hash})
     response = self.client.post("/test2/", self.test_data)
     self.failIfEqual(response.content, success_string)
Example #12
0
    def _check_security_hash(self, token, request, form):
        expected = self.security_hash(request, form)
        if constant_time_compare(token, expected):
            return True
        else:
            # Fall back to Django 1.2 method, for compatibility with forms that
            # are in the middle of being used when the upgrade occurs. However,
            # we don't want to do this fallback if a subclass has provided their
            # own security_hash method - because they might have implemented a
            # more secure method, and this would punch a hole in that.

            # PendingDeprecationWarning <- left here to remind us that this
            # compatibility fallback should be removed in Django 1.5
            FormWizard_expected = FormWizard.security_hash(self, request, form)
            if expected == FormWizard_expected:
                # They didn't override security_hash, do the fallback:
                old_expected = security_hash(request, form)
                return constant_time_compare(token, old_expected)
            else:
                return False
Example #13
0
def get_form_with_security_hash(request):
    from django.contrib.formtools.utils import security_hash
    form = MessageForm()
    hash = security_hash(request, form)
    return render_to_response('messages/form.html', {'form': form, 'hash': hash})