Esempio n. 1
0
    def test_permanent_redirect(self):
        "GET a URL that redirects permanently elsewhere"
        response = self.client.get('/test_client/permanent_redirect_view/')
        # Check that the response was a 301 (permanent redirect)
        self.assertRedirects(response, 'http://testserver/test_client/get_view/', status_code=301)

        client_providing_host = Client(HTTP_HOST='djangocg.testserver')
        response = client_providing_host.get('/test_client/permanent_redirect_view/')
        # Check that the response was a 301 (permanent redirect) with absolute URI
        self.assertRedirects(response, 'http://djangocg.testserver/test_client/get_view/', status_code=301)
Esempio n. 2
0
    def test_csrf_enabled_client(self):
        "A client can be instantiated with CSRF checks enabled"
        csrf_client = Client(enforce_csrf_checks=True)

        # The normal client allows the post
        response = self.client.post('/test_client/post_view/', {})
        self.assertEqual(response.status_code, 200)

        # The CSRF-enabled client rejects it
        response = csrf_client.post('/test_client/post_view/', {})
        self.assertEqual(response.status_code, 403)
Esempio n. 3
0
    def test_redirect(self):
        "GET a URL that redirects elsewhere"
        response = self.client.get('/test_client/redirect_view/')
        # Check that the response was a 302 (redirect) and that
        # assertRedirect() understands to put an implicit http://testserver/ in
        # front of non-absolute URLs.
        self.assertRedirects(response, '/test_client/get_view/')

        host = 'djangocg.testserver'
        client_providing_host = Client(HTTP_HOST=host)
        response = client_providing_host.get('/test_client/redirect_view/')
        # Check that the response was a 302 (redirect) with absolute URI
        self.assertRedirects(response, '/test_client/get_view/', host=host)
Esempio n. 4
0
    def test_login_different_client(self):
        "Check that using a different test client doesn't violate authentication"

        # Create a second client, and log in.
        c = Client()
        login = c.login(username='******', password='******')
        self.assertTrue(login, 'Could not log in')

        # Get a redirection page with the second client.
        response = c.get("/test_client_regress/login_protected_redirect_view/")

        # At this points, the self.client isn't logged in.
        # Check that assertRedirects uses the original client, not the
        # default client.
        self.assertRedirects(response, "http://testserver/test_client_regress/get_view/")
Esempio n. 5
0
 def setUp(self):
     self.client = Client(enforce_csrf_checks=True)
Esempio n. 6
0
class FlatpageCSRFTests(TestCase):
    fixtures = ["sample_flatpages", "example_site"]
    urls = "djangocg.contrib.flatpages.tests.urls"

    def setUp(self):
        self.client = Client(enforce_csrf_checks=True)

    def test_view_flatpage(self):
        "A flatpage can be served through a view, even when the middleware is in use"
        response = self.client.get("/flatpage_root/flatpage/")
        self.assertEqual(response.status_code, 200)
        self.assertContains(response, "<p>Isn't it flat!</p>")

    def test_view_non_existent_flatpage(self):
        "A non-existent flatpage raises 404 when served through a view, even when the middleware is in use"
        response = self.client.get("/flatpage_root/no_such_flatpage/")
        self.assertEqual(response.status_code, 404)

    def test_view_authenticated_flatpage(self):
        "A flatpage served through a view can require authentication"
        response = self.client.get("/flatpage_root/sekrit/")
        self.assertRedirects(response, "/accounts/login/?next=/flatpage_root/sekrit/")
        User.objects.create_user("testuser", "*****@*****.**", "s3krit")
        self.client.login(username="******", password="******")
        response = self.client.get("/flatpage_root/sekrit/")
        self.assertEqual(response.status_code, 200)
        self.assertContains(response, "<p>Isn't it sekrit!</p>")

    def test_fallback_flatpage(self):
        "A flatpage can be served by the fallback middlware"
        response = self.client.get("/flatpage/")
        self.assertEqual(response.status_code, 200)
        self.assertContains(response, "<p>Isn't it flat!</p>")

    def test_fallback_non_existent_flatpage(self):
        "A non-existent flatpage raises a 404 when served by the fallback middlware"
        response = self.client.get("/no_such_flatpage/")
        self.assertEqual(response.status_code, 404)

    def test_post_view_flatpage(self):
        "POSTing to a flatpage served through a view will raise a CSRF error if no token is provided (Refs #14156)"
        response = self.client.post("/flatpage_root/flatpage/")
        self.assertEqual(response.status_code, 403)

    def test_post_fallback_flatpage(self):
        "POSTing to a flatpage served by the middleware will raise a CSRF error if no token is provided (Refs #14156)"
        response = self.client.post("/flatpage/")
        self.assertEqual(response.status_code, 403)

    def test_post_unknown_page(self):
        "POSTing to an unknown page isn't caught as a 403 CSRF error"
        response = self.client.post("/no_such_page/")
        self.assertEqual(response.status_code, 404)