def test_csrf_protected_view(self, monkeypatch, pyramid_request): checker = pretend.call_recorder(lambda request: None) monkeypatch.setattr(csrf, "_check_csrf", checker) class FakeMapper: def __call__(self, view): return view mapper = csrf.csrf_mapper_factory(FakeMapper)() @pretend.call_recorder def view(context, request): pass context = pretend.stub() request = pyramid_request request._process_csrf = True wrapped = mapper(view) wrapped(context, request) assert checker.calls == [pretend.call(request)] assert view.calls == [pretend.call(context, request)] assert len(request.response_callbacks) == 1 response = pretend.stub(vary=[]) request.response_callbacks[0](request, response) assert response.vary == {"Cookie"}
def test_non_csrf_view(self, monkeypatch): checker = pretend.call_recorder(lambda request: None) monkeypatch.setattr(csrf, "_check_csrf", checker) class FakeMapper: def __call__(self, view): return view mapper = csrf.csrf_mapper_factory(FakeMapper)() @pretend.call_recorder def view(context, request): pass context = pretend.stub() request = pretend.stub() wrapped = mapper(view) wrapped(context, request) assert checker.calls == [pretend.call(request)] assert view.calls == [pretend.call(context, request)]
def test_exempt_view(self, monkeypatch): def raiser(*args, **kwargs): assert False, "This method should not be called" monkeypatch.setattr(csrf, "_check_csrf", raiser) class FakeMapper: def __call__(self, view): return view mapper = csrf.csrf_mapper_factory(FakeMapper)() @pretend.call_recorder def view(context, request): pass context = pretend.stub() request = pretend.stub(_process_csrf=False) wrapped = mapper(view) wrapped(context, request) assert view.calls == [pretend.call(context, request)]