class FlatpageCSRFTests(TestCase): fixtures = ["sample_flatpages", "example_site"] urls = "djangocg.contrib.flatpages.tests.urls" def setUp(self): self.client = Client(enforce_csrf_checks=True) def test_view_flatpage(self): "A flatpage can be served through a view, even when the middleware is in use" response = self.client.get("/flatpage_root/flatpage/") self.assertEqual(response.status_code, 200) self.assertContains(response, "<p>Isn't it flat!</p>") def test_view_non_existent_flatpage(self): "A non-existent flatpage raises 404 when served through a view, even when the middleware is in use" response = self.client.get("/flatpage_root/no_such_flatpage/") self.assertEqual(response.status_code, 404) def test_view_authenticated_flatpage(self): "A flatpage served through a view can require authentication" response = self.client.get("/flatpage_root/sekrit/") self.assertRedirects(response, "/accounts/login/?next=/flatpage_root/sekrit/") User.objects.create_user("testuser", "*****@*****.**", "s3krit") self.client.login(username="******", password="******") response = self.client.get("/flatpage_root/sekrit/") self.assertEqual(response.status_code, 200) self.assertContains(response, "<p>Isn't it sekrit!</p>") def test_fallback_flatpage(self): "A flatpage can be served by the fallback middlware" response = self.client.get("/flatpage/") self.assertEqual(response.status_code, 200) self.assertContains(response, "<p>Isn't it flat!</p>") def test_fallback_non_existent_flatpage(self): "A non-existent flatpage raises a 404 when served by the fallback middlware" response = self.client.get("/no_such_flatpage/") self.assertEqual(response.status_code, 404) def test_post_view_flatpage(self): "POSTing to a flatpage served through a view will raise a CSRF error if no token is provided (Refs #14156)" response = self.client.post("/flatpage_root/flatpage/") self.assertEqual(response.status_code, 403) def test_post_fallback_flatpage(self): "POSTing to a flatpage served by the middleware will raise a CSRF error if no token is provided (Refs #14156)" response = self.client.post("/flatpage/") self.assertEqual(response.status_code, 403) def test_post_unknown_page(self): "POSTing to an unknown page isn't caught as a 403 CSRF error" response = self.client.post("/no_such_page/") self.assertEqual(response.status_code, 404)
def test_login_different_client(self): "Check that using a different test client doesn't violate authentication" # Create a second client, and log in. c = Client() login = c.login(username='******', password='******') self.assertTrue(login, 'Could not log in') # Get a redirection page with the second client. response = c.get("/test_client_regress/login_protected_redirect_view/") # At this points, the self.client isn't logged in. # Check that assertRedirects uses the original client, not the # default client. self.assertRedirects(response, "http://testserver/test_client_regress/get_view/")