def test_csrf_protected_view(self, monkeypatch, pyramid_request):
checker = pretend.call_recorder(lambda request: None)
monkeypatch.setattr(csrf, "_check_csrf", checker)
class FakeMapper:
def __call__(self, view):
return view
mapper = csrf.csrf_mapper_factory(FakeMapper)()
@pretend.call_recorder
def view(context, request):
pass
context = pretend.stub()
request = pyramid_request
request._process_csrf = True
wrapped = mapper(view)
wrapped(context, request)
assert checker.calls == [pretend.call(request)]
assert view.calls == [pretend.call(context, request)]
assert len(request.response_callbacks) == 1
response = pretend.stub(vary=[])
request.response_callbacks[0](request, response)
assert response.vary == {"Cookie"}
def test_csrf_protected_view(self, monkeypatch, pyramid_request):
checker = pretend.call_recorder(lambda request: None)
monkeypatch.setattr(csrf, "_check_csrf", checker)
class FakeMapper:
def __call__(self, view):
return view
mapper = csrf.csrf_mapper_factory(FakeMapper)()
@pretend.call_recorder
def view(context, request):
pass
context = pretend.stub()
request = pyramid_request
request._process_csrf = True
wrapped = mapper(view)
wrapped(context, request)
assert checker.calls == [pretend.call(request)]
assert view.calls == [pretend.call(context, request)]
assert len(request.response_callbacks) == 1
response = pretend.stub(vary=[])
request.response_callbacks[0](request, response)
assert response.vary == {"Cookie"}
def test_non_csrf_view(self, monkeypatch):
checker = pretend.call_recorder(lambda request: None)
monkeypatch.setattr(csrf, "_check_csrf", checker)
class FakeMapper:
def __call__(self, view):
return view
mapper = csrf.csrf_mapper_factory(FakeMapper)()
@pretend.call_recorder
def view(context, request):
pass
context = pretend.stub()
request = pretend.stub()
wrapped = mapper(view)
wrapped(context, request)
assert checker.calls == [pretend.call(request)]
assert view.calls == [pretend.call(context, request)]
def test_exempt_view(self, monkeypatch):
def raiser(*args, **kwargs):
assert False, "This method should not be called"
monkeypatch.setattr(csrf, "_check_csrf", raiser)
class FakeMapper:
def __call__(self, view):
return view
mapper = csrf.csrf_mapper_factory(FakeMapper)()
@pretend.call_recorder
def view(context, request):
pass
context = pretend.stub()
request = pretend.stub(_process_csrf=False)
wrapped = mapper(view)
wrapped(context, request)
assert view.calls == [pretend.call(context, request)]
def test_non_csrf_view(self, monkeypatch):
checker = pretend.call_recorder(lambda request: None)
monkeypatch.setattr(csrf, "_check_csrf", checker)
class FakeMapper:
def __call__(self, view):
return view
mapper = csrf.csrf_mapper_factory(FakeMapper)()
@pretend.call_recorder
def view(context, request):
pass
context = pretend.stub()
request = pretend.stub()
wrapped = mapper(view)
wrapped(context, request)
assert checker.calls == [pretend.call(request)]
assert view.calls == [pretend.call(context, request)]
def test_exempt_view(self, monkeypatch):
def raiser(*args, **kwargs):
assert False, "This method should not be called"
monkeypatch.setattr(csrf, "_check_csrf", raiser)
class FakeMapper:
def __call__(self, view):
return view
mapper = csrf.csrf_mapper_factory(FakeMapper)()
@pretend.call_recorder
def view(context, request):
pass
context = pretend.stub()
request = pretend.stub(_process_csrf=False)
wrapped = mapper(view)
wrapped(context, request)
assert view.calls == [pretend.call(context, request)]
