class TestCSRF(TestCase):
def setUp(self):
super(TestCSRF, self).setUp()
self.factory = RequestFactory()
self.client = LocalizingClient(enforce_csrf_checks=True)
def test_no_csrf_regular_form_fails(self):
"""No csrf token in post data from anonymous user yields 403."""
url = reverse('feedback', args=('firefox.desktop.stable',))
r = self.client.post(url, {
'happy': 1,
'description': u'Firefox rocks!',
'url': u'http://mozilla.org/'
})
eq_(r.status_code, 403)
def test_firefox_for_android(self):
"""No csrf token for a FfA post works fine."""
url = reverse('feedback')
print url
r = self.client.post(url, {
'_type': 1,
'description': u'Firefox rocks!',
'add_url': 1,
'url': u'http://mozilla.org/'
})
eq_(r.status_code, 302)
class TestCSRF(TestCase):
def setUp(self):
super(TestCSRF, self).setUp()
self.factory = RequestFactory()
self.client = LocalizingClient(enforce_csrf_checks=True)
def test_no_csrf_regular_form_fails(self):
"""No csrf token in post data from anonymous user yields 403."""
url = reverse('feedback', args=(u'firefox', ))
r = self.client.post(
url, {
'happy': 1,
'description': u'Firefox rocks!',
'url': u'http://mozilla.org/'
})
assert r.status_code == 403
def test_firefox_for_android(self):
"""No csrf token for a FfA post works fine."""
url = reverse('feedback', args=(u'firefox', ))
r = self.client.post(
url, {
'_type': 1,
'description': u'Firefox rocks!',
'add_url': 1,
'url': u'http://mozilla.org/'
})
assert r.status_code == 302
def generate_response(response_data):
"""Takes a response data dict and generates a Response
This (ab)uses the LocalizingClient to do the work so that it goes
through all the existing view code which means I don't have to
duplicate all that stuff here.
"""
client = LocalizingClient(enforce_csrf_checks=False)
url = response_data['path']
if response_data['GET']:
url = url + '?' + urlencode(response_data['GET'])
# FIXME: Setting the HTTP_HOST to what was in the error works fine
# in prod and in my development environment (which has
# DEBUG=True), but it probably doesn't work on the -dev or -stage
# environments.
#
# We can derive it from SITE_URL, but not all environments have
# SITE_URL.
#
# Need to figure out a better way to do this.
http_host = response_data['META']['HTTP_HOST']
resp = client.post(
url,
data=response_data['POST'],
HTTP_USER_AGENT=response_data['META']['HTTP_USER_AGENT'],
HTTP_HOST=http_host
)
return resp
def generate_response(response_data):
"""Takes a response data dict and generates a Response
This (ab)uses the LocalizingClient to do the work so that it goes
through all the existing view code which means I don't have to
duplicate all that stuff here.
"""
client = LocalizingClient(enforce_csrf_checks=False)
url = response_data['path']
if response_data['GET']:
url = url + '?' + urlencode(response_data['GET'])
# FIXME: Setting the HTTP_HOST to what was in the error works fine
# in prod and in my development environment (which has
# DEBUG=True), but it probably doesn't work on the -dev or -stage
# environments.
#
# We can derive it from SITE_URL, but not all environments have
# SITE_URL.
#
# Need to figure out a better way to do this.
http_host = response_data['META']['HTTP_HOST']
resp = client.post(
url,
data=response_data['POST'],
HTTP_USER_AGENT=response_data['META']['HTTP_USER_AGENT'],
HTTP_HOST=http_host
)
return resp
class TestCSRF(TestCase):
def setUp(self):
super(TestCSRF, self).setUp()
self.factory = RequestFactory()
self.client = LocalizingClient(enforce_csrf_checks=True)
def test_no_csrf_regular_form_fails(self):
"""No csrf token in post data from anonymous user yields 403."""
url = reverse("feedback", args=("firefox.desktop.stable",))
r = self.client.post(url, {"happy": 1, "description": u"Firefox rocks!", "url": u"http://mozilla.org/"})
eq_(r.status_code, 403)
def test_firefox_for_android(self):
"""No csrf token for a FfA post works fine."""
url = reverse("feedback")
r = self.client.post(
url, {"_type": 1, "description": u"Firefox rocks!", "add_url": 1, "url": u"http://mozilla.org/"}
)
eq_(r.status_code, 302)
def setUp(self):
super(TestCSRF, self).setUp()
self.factory = RequestFactory()
self.client = LocalizingClient(enforce_csrf_checks=True)
def setUp(self):
super(TestCSRF, self).setUp()
self.factory = RequestFactory()
self.client = LocalizingClient(enforce_csrf_checks=True)
