Esempio n. 1
0
 def test_new_anon_token_on_request(self):
     # A new anon user gets a key+token on the request and response.
     response = self.client.get('/')
     # Get the key from the cookie and find the token in the cache.
     key = response.cookies['anoncsrf'].value
     self.assertEqual(response._request.csrf_token,
                      cache.get(prep_key(key)))
Esempio n. 2
0
 def test_existing_anon_cookie_on_request(self):
     # We reuse an existing anon cookie key+token.
     response = self.client.get('/anon')
     key = response.cookies['anoncsrf'].value
     # Now check that subsequent requests use that cookie.
     response = self.client.get('/anon')
     self.assertEqual(response.cookies['anoncsrf'].value, key)
     self.assertEqual(response._request.csrf_token, cache.get(prep_key(key)))
Esempio n. 3
0
 def test_anon_token_from_cookie(self):
     rf = django.test.RequestFactory()
     rf.cookies['anoncsrf'] = self.token
     cache.set(prep_key(self.token), 'woo')
     request = rf.get('/')
     SessionMiddleware().process_request(request)
     AuthenticationMiddleware().process_request(request)
     self.mw.process_request(request)
     self.assertEqual(request.csrf_token, 'woo')
Esempio n. 4
0
 def test_anon_token_from_cookie(self):
     rf = django.test.RequestFactory()
     rf.cookies['anoncsrf'] = self.token
     cache.set(prep_key(self.token), 'woo')
     request = rf.get('/')
     SessionMiddleware().process_request(request)
     AuthenticationMiddleware().process_request(request)
     self.mw.process_request(request)
     self.assertEqual(request.csrf_token, 'woo')
Esempio n. 5
0
 def test_existing_anon_cookie_on_request(self):
     # We reuse an existing anon cookie key+token.
     response = self.client.get('/anon')
     key = response.cookies['anoncsrf'].value
     # Now check that subsequent requests use that cookie.
     response = self.client.get('/anon')
     self.assertEqual(response.cookies['anoncsrf'].value, key)
     self.assertEqual(response._request.csrf_token,
                      cache.get(prep_key(key)))
Esempio n. 6
0
    def test_user_json(self):
        url = reverse('user-json')
        response = self.client.get(url)
        self.assertEqual(response.status_code, 200)
        data = json.loads(response.content)
        self.assertTrue(data['csrf_token'])
        self.assertNotEqual(data['csrf_token'], 'NOTPROVIDED')

        token_key = response.cookies['anoncsrf'].value
        # before we can pick up from the cache we need to know
        # what prefix it was stored with
        from session_csrf import prep_key
        # session_csrf hashes the combined key to normalize its potential
        # max length
        cache_key = prep_key(token_key)
        self.assertEqual(cache.get(cache_key), data['csrf_token'])
        self.assertNotIn('user_name', data)

        user = User.objects.create_user(
          'something_short',
          '*****@*****.**',
          'secret'
        )
        user.save()
        assert self.client.login(username=user.username,
                                 password='******')

        response = self.client.get(url)
        self.assertEqual(response.status_code, 200)
        data = json.loads(response.content)
        self.assertEqual(data['user_name'], user.username)
        self.assertNotIn('csrf_token', data)

        user.first_name = "Peter"
        user.last_name = "Bengtsson"
        user.save()

        response = self.client.get(url)
        self.assertEqual(response.status_code, 200)
        data = json.loads(response.content)
        self.assertEqual(data['user_name'], "Peter")
Esempio n. 7
0
File: tests.py Progetto: adngdb/elmo
    def test_user_json(self):
        url = reverse('accounts.views.user_json')
        response = self.client.get(url)
        eq_(response.status_code, 200)
        data = json.loads(response.content)
        ok_(data['csrf_token'])
        ok_(data['csrf_token'] != 'NOTPROVIDED')

        token_key = response.cookies['anoncsrf'].value
        # before we can pick up from the cache we need to know
        # what prefix it was stored with
        from session_csrf import prep_key
        # session_csrf hashes the combined key to normalize its potential
        # max length
        cache_key = prep_key(token_key)
        eq_(cache.get(cache_key), data['csrf_token'])
        ok_('user_name' not in data)

        user = User.objects.create_user(
          'something_short',
          '*****@*****.**',
          'secret'
        )
        user.save()
        assert self.client.login(username=user.username,
                                 password='******')

        response = self.client.get(url)
        eq_(response.status_code, 200)
        data = json.loads(response.content)
        eq_(data['user_name'], user.username)
        ok_('csrf_token' not in data)

        user.first_name = "Peter"
        user.last_name = "Bengtsson"
        user.save()

        response = self.client.get(url)
        eq_(response.status_code, 200)
        data = json.loads(response.content)
        eq_(data['user_name'], "Peter")
Esempio n. 8
0
 def test_new_anon_token_on_request(self):
     # A new anon user gets a key+token on the request and response.
     response = self.client.get('/')
     # Get the key from the cookie and find the token in the cache.
     key = response.cookies['anoncsrf'].value
     self.assertEqual(response._request.csrf_token, cache.get(prep_key(key)))