def test_csrf_token(self): profile = UserProfile(description='Profile for new user', url='http://www.yahoo.com', user=User.objects.get(username='******')) profile.save() self.client.login(username='******', password='******') url = profile.moderated_object.get_admin_moderate_url() if django_version == '1.1': from django.contrib.csrf.middleware import _make_token csrf_token = _make_token(self.client.session.session_key) post_data = {'approve': 'Approve', 'csrfmiddlewaretoken': csrf_token} else: post_data = {'approve': 'Approve'} response = self.client.post(url, post_data) self.assertEqual(response.status_code, 302) profile = UserProfile.objects.get(pk=profile.pk) self.assertEqual(profile.moderated_object.moderation_status, MODERATION_STATUS_APPROVED)
def csrf_token(request): try: session_id = request.COOKIES[settings.SESSION_COOKIE_NAME] except KeyError: return {} csrf_token = _make_token(session_id) return {'csrf_token' : csrf_token}
def test_csrf_token(self): profile = UserProfile(description='Profile for new user', url='http://www.yahoo.com', user=User.objects.get(username='******')) profile.save() self.client.login(username='******', password='******') url = profile.moderated_object.get_admin_moderate_url() if django_version == '1.1': from django.contrib.csrf.middleware import _make_token csrf_token = _make_token(self.client.session.session_key) post_data = { 'approve': 'Approve', 'csrfmiddlewaretoken': csrf_token } else: post_data = {'approve': 'Approve'} response = self.client.post(url, post_data) self.assertEqual(response.status_code, 302) profile = UserProfile.objects.get(pk=profile.pk) self.assertEqual(profile.moderated_object.moderation_status, MODERATION_STATUS_APPROVED)
def csrf(request): csrf_token = None try: session_id = request.COOKIES[django_settings.SESSION_COOKIE_NAME] csrf_token = middleware._make_token(session_id) except KeyError: pass return {"csrf_token":csrf_token}
def test_csrf_token_in_header(self): """ Check that we can pass in the token in a header instead of in the form """ req = self._get_POST_session_request() req.META["HTTP_X_CSRFTOKEN"] = _make_token(self._session_id) req2 = CsrfMiddleware().process_view(req, self.get_view(), (), {}) self.assertEquals(None, req2)
def test_csrf_token_in_header(self): """ Check that we can pass in the token in a header instead of in the form """ req = self._get_POST_session_request() req.META['HTTP_X_CSRFTOKEN'] = _make_token(self._session_id) req2 = CsrfMiddleware().process_view(req, self.get_view(), (), {}) self.assertEquals(None, req2)
def post(self, path, data={}, content_type=MULTIPART_CONTENT, **extra): """ Overridden method to add csrf token to the **extra dictionary if desired. """ if self.add_csrf_tokens_to_posts and hasattr(self.session, 'session_key'): data['csrfmiddlewaretoken'] = _make_token(self.session.session_key) return Client.post(self, path, data, content_type, **extra)
def get_post_token_value(request): from django.contrib.csrf.middleware import _make_token from flowgram.core import log try: session_id = request.COOKIES[settings.SESSION_COOKIE_NAME] except KeyError: log.critical("get_post_token found no sessionid for authenticated user %s" % request.user) return error_response.create(get(request, 'enc', 'json'), 'Session cookie required') return _make_token(session_id)
def process_request(self, request): if request.method == 'POST' and request.POST.get('csrfmiddlewaretoken', None): retval = super(CsrfMiddleware, self).process_request(request) ## Forbidden can come from not having the key in POST and also ## from a bad value. if isinstance(retval, HttpResponseForbidden): # See if we compare to the horrible default value insecure_crap_token = csrf_middleware._make_token('') if request.POST['csrfmiddlewaretoken'] == insecure_crap_token: return None return retval
def _check_token_present(self, response): self.assertContains(response, "name='csrfmiddlewaretoken' value='%s'" % _make_token(self._session_id))
def _get_POST_session_request_with_token(self): req = self._get_POST_session_request() req.POST['csrfmiddlewaretoken'] = _make_token(self._session_id) return req
def do_csrf(request): if request.COOKIES.has_key(settings.SESSION_COOKIE_NAME): return _make_token(request.COOKIES[settings.SESSION_COOKIE_NAME])