def test_new_anon_token_on_request(self):
# A new anon user gets a key+token on the request and response.
response = self.client.get('/')
# Get the key from the cookie and find the token in the cache.
key = response.cookies['anoncsrf'].value
self.assertEqual(response._request.csrf_token,
cache.get(prep_key(key)))
def test_existing_anon_cookie_on_request(self):
# We reuse an existing anon cookie key+token.
response = self.client.get('/anon')
key = response.cookies['anoncsrf'].value
# Now check that subsequent requests use that cookie.
response = self.client.get('/anon')
self.assertEqual(response.cookies['anoncsrf'].value, key)
self.assertEqual(response._request.csrf_token, cache.get(prep_key(key)))
def test_anon_token_from_cookie(self):
rf = django.test.RequestFactory()
rf.cookies['anoncsrf'] = self.token
cache.set(prep_key(self.token), 'woo')
request = rf.get('/')
SessionMiddleware().process_request(request)
AuthenticationMiddleware().process_request(request)
self.mw.process_request(request)
self.assertEqual(request.csrf_token, 'woo')
def test_anon_token_from_cookie(self):
rf = django.test.RequestFactory()
rf.cookies['anoncsrf'] = self.token
cache.set(prep_key(self.token), 'woo')
request = rf.get('/')
SessionMiddleware().process_request(request)
AuthenticationMiddleware().process_request(request)
self.mw.process_request(request)
self.assertEqual(request.csrf_token, 'woo')
def test_existing_anon_cookie_on_request(self):
# We reuse an existing anon cookie key+token.
response = self.client.get('/anon')
key = response.cookies['anoncsrf'].value
# Now check that subsequent requests use that cookie.
response = self.client.get('/anon')
self.assertEqual(response.cookies['anoncsrf'].value, key)
self.assertEqual(response._request.csrf_token,
cache.get(prep_key(key)))
def test_user_json(self):
url = reverse('user-json')
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
data = json.loads(response.content)
self.assertTrue(data['csrf_token'])
self.assertNotEqual(data['csrf_token'], 'NOTPROVIDED')
token_key = response.cookies['anoncsrf'].value
# before we can pick up from the cache we need to know
# what prefix it was stored with
from session_csrf import prep_key
# session_csrf hashes the combined key to normalize its potential
# max length
cache_key = prep_key(token_key)
self.assertEqual(cache.get(cache_key), data['csrf_token'])
self.assertNotIn('user_name', data)
user = User.objects.create_user(
'something_short',
'*****@*****.**',
'secret'
)
user.save()
assert self.client.login(username=user.username,
password='******')
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
data = json.loads(response.content)
self.assertEqual(data['user_name'], user.username)
self.assertNotIn('csrf_token', data)
user.first_name = "Peter"
user.last_name = "Bengtsson"
user.save()
response = self.client.get(url)
self.assertEqual(response.status_code, 200)
data = json.loads(response.content)
self.assertEqual(data['user_name'], "Peter")
def test_user_json(self):
url = reverse('accounts.views.user_json')
response = self.client.get(url)
eq_(response.status_code, 200)
data = json.loads(response.content)
ok_(data['csrf_token'])
ok_(data['csrf_token'] != 'NOTPROVIDED')
token_key = response.cookies['anoncsrf'].value
# before we can pick up from the cache we need to know
# what prefix it was stored with
from session_csrf import prep_key
# session_csrf hashes the combined key to normalize its potential
# max length
cache_key = prep_key(token_key)
eq_(cache.get(cache_key), data['csrf_token'])
ok_('user_name' not in data)
user = User.objects.create_user(
'something_short',
'*****@*****.**',
'secret'
)
user.save()
assert self.client.login(username=user.username,
password='******')
response = self.client.get(url)
eq_(response.status_code, 200)
data = json.loads(response.content)
eq_(data['user_name'], user.username)
ok_('csrf_token' not in data)
user.first_name = "Peter"
user.last_name = "Bengtsson"
user.save()
response = self.client.get(url)
eq_(response.status_code, 200)
data = json.loads(response.content)
eq_(data['user_name'], "Peter")
def test_new_anon_token_on_request(self):
# A new anon user gets a key+token on the request and response.
response = self.client.get('/')
# Get the key from the cookie and find the token in the cache.
key = response.cookies['anoncsrf'].value
self.assertEqual(response._request.csrf_token, cache.get(prep_key(key)))
