class CSRFCheckedTestCase(InboxenTestCase):
def setUp(self):
self.client = SecureClient(enforce_csrf_checks=True)
self.url = urlresolvers.reverse('user-registration')
def test_csrf_token_missing(self):
data = {
"username": "******",
"password1": "bob1",
"password2": "bob2",
}
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, 403)
def test_csrf_cookie_not_present(self):
response = self.client.get(self.url)
# no csrftokenmiddleware cookie
self.assertEqual(list(response.cookies.keys()), ["sessionid"])
# if we move back to cookie based csrf, uncomment these tests
# self.assertEqual(response.cookies["csrfmiddlewaretoken"]["secure"], True)
# self.assertEqual(response.cookies["csrfmiddlewaretoken"]["httponly"], True)
def test_csrf_referer_check(self):
self.client.get(self.url) # generate token in session
data = {
"username": "******",
"password1": "bob1",
"password2": "bob2",
"csrfmiddlewaretoken": self.client.session["_csrftoken"],
}
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, 403)
def test_csrf_token_present(self):
self.client.get(self.url) # generate token in session
data = {
"username": "******",
"password1": "bob1",
"password2": "bob2",
"csrfmiddlewaretoken": self.client.session["_csrftoken"],
}
response = self.client.post(self.url,
data,
HTTP_REFERER="https://testserver")
self.assertEqual(response.status_code, 200)
class CSRFCheckedTestCase(InboxenTestCase):
def setUp(self):
self.client = SecureClient(enforce_csrf_checks=True)
self.url = urlresolvers.reverse('user-registration')
def test_csrf_token_missing(self):
data = {
"username": "******",
"password1": "bob1",
"password2": "bob2",
}
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, 403)
def test_csrf_cookie_not_present(self):
response = self.client.get(self.url)
# no csrftokenmiddleware cookie
self.assertEqual(list(response.cookies.keys()), ["sessionid"])
# if we move back to cookie based csrf, uncomment these tests
# self.assertEqual(response.cookies["csrfmiddlewaretoken"]["secure"], True)
# self.assertEqual(response.cookies["csrfmiddlewaretoken"]["httponly"], True)
def test_csrf_referer_check(self):
self.client.get(self.url) # generate token in session
data = {
"username": "******",
"password1": "bob1",
"password2": "bob2",
"csrfmiddlewaretoken": self.client.session["_csrftoken"],
}
response = self.client.post(self.url, data)
self.assertEqual(response.status_code, 403)
def test_csrf_token_present(self):
self.client.get(self.url) # generate token in session
data = {
"username": "******",
"password1": "bob1",
"password2": "bob2",
"csrfmiddlewaretoken": self.client.session["_csrftoken"],
}
response = self.client.post(self.url, data, HTTP_REFERER="https://testserver")
self.assertEqual(response.status_code, 200)
def setUp(self):
self.client = SecureClient(enforce_csrf_checks=True)
self.url = urlresolvers.reverse('user-registration')
def setUp(self):
self.client = SecureClient(enforce_csrf_checks=True)
self.url = urlresolvers.reverse('user-registration')