def test_csrf_exempt(self):
# This is an odd test. We're testing that, when a view is csrf_exempt,
# process_view will bail without performing any processing.
request = RequestFactory().post('/', HTTP_X_CSRFTOKEN="aB$AHM")
middleware = CSRFCryptMiddleware()
middleware.process_view(request, csrf_exempt(test_view), (), {})
self.assertEqual("aB$AHM", request.META['HTTP_X_CSRFTOKEN'])
def test_header_encoded(self):
request = RequestFactory().post(
'/', HTTP_X_CSRFTOKEN='WaMeyTIUS6hOoTcm$TOKqMT3J0Gx2b15UH1MkRg==',
)
middleware = CSRFCryptMiddleware()
middleware.process_request(request)
self.assertEqual(request.META.get('HTTP_X_CSRFTOKEN'), b'abc123')
def test_header_encoded(self):
request = RequestFactory().post(
'/', HTTP_X_CSRFTOKEN='aBcDeF$ACAAdVd1',
)
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertEqual(request.META.get('HTTP_X_CSRFTOKEN'), 'abc123')
def test_csrf_exempt(self):
# This is an odd test. We're testing that, when a view is csrf_exempt,
# process_view will bail without performing any processing.
request = RequestFactory().post('/', HTTP_X_CSRFTOKEN="aB$AHM")
middleware = CSRFCryptMiddleware()
middleware.process_view(request, csrf_exempt(test_view), (), {})
self.assertEqual("aB$AHM", request.META['HTTP_X_CSRFTOKEN'])
def test_encoded(self):
request = RequestFactory().post(
'/',
{'csrfmiddlewaretoken': 'aBcDeF$ACAAdVd1'}
)
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertEqual(request.POST.get('csrfmiddlewaretoken'), 'abc123')
def test_header_encoded(self):
request = RequestFactory().post(
'/',
HTTP_X_CSRFTOKEN='aBcDeF$ACAAdVd1',
)
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertEqual(request.META.get('HTTP_X_CSRFTOKEN'), 'abc123')
def test_encoded(self):
request = RequestFactory().post(
'/',
{'csrfmiddlewaretoken':
'WaMeyTIUS6hOoTcm$TOKqMT3J0Gx2b15UH1MkRg=='}
)
middleware = CSRFCryptMiddleware()
middleware.process_request(request)
self.assertEqual(request.POST.get('csrfmiddlewaretoken'), 'abc123')
def test_encoded(self):
request = RequestFactory().post(
'/',
{'csrfmiddlewaretoken':
'Ump3NGw2b0t1R1J5VlZiOQ==$sBDBSs99N2pbyLVHloLaLg=='}
)
middleware = CSRFCryptMiddleware()
middleware.process_request(request)
self.assertEqual(request.POST.get('csrfmiddlewaretoken'), 'abc123')
def test_round_trip_loop(self):
'''
Checks a wide range of input tokens and keys
'''
for _ in range(1000):
request = RequestFactory().get('/')
csrf_token = get_random_string(32)
request.META['CSRF_COOKIE'] = csrf_token
token = force_text(csrf(request)['csrf_token'])
request = RequestFactory().post('/',
{'csrfmiddlewaretoken': token})
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertEqual(
force_text(request.POST.get('csrfmiddlewaretoken')),
force_text(csrf_token))
def test_round_trip_loop_header(self):
'''
Checks a wide range of input tokens and keys
'''
for _ in range(1000):
request = RequestFactory().get('/')
csrf_token = get_random_string(32)
request.META['CSRF_COOKIE'] = csrf_token
token = csrf(request)['csrf_token']
request = RequestFactory().post(
'/',
HTTP_X_CSRFTOKEN=force_text(token),
HTTP_X_REQUESTED_WITH='XMLHttpRequest')
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertEqual(force_text(request.META.get('HTTP_X_CSRFTOKEN')),
force_text(csrf_token))
def test_round_trip_loop(self):
'''
Checks a wide range of input tokens and keys
'''
for _ in range(1000):
request = RequestFactory().get('/')
csrf_token = get_random_string(32)
request.META['CSRF_COOKIE'] = csrf_token
token = force_text(csrf(request)['csrf_token'])
request = RequestFactory().post(
'/', {'csrfmiddlewaretoken': token})
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertEqual(
force_text(request.POST.get('csrfmiddlewaretoken')),
force_text(csrf_token)
)
def test_round_trip_loop_header(self):
'''
Checks a wide range of input tokens and keys
'''
for _ in range(1000):
request = RequestFactory().get('/')
csrf_token = get_random_string(32)
request.META['CSRF_COOKIE'] = csrf_token
token = csrf(request)['csrf_token']
request = RequestFactory().post(
'/',
HTTP_X_CSRFTOKEN=force_text(token),
HTTP_X_REQUESTED_WITH='XMLHttpRequest'
)
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertEqual(
force_text(request.META.get('HTTP_X_CSRFTOKEN')),
force_text(csrf_token)
)
def test_mutable_status(self):
request = RequestFactory().post(
'/', {'csrfmiddlewaretoken': 'aBcDeF$ACAAdVd1'})
request.POST._mutable = False
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertFalse(request.POST._mutable)
request = RequestFactory().post(
'/', {'csrfmiddlewaretoken': 'aBcDeF$ACAAdVd1'})
request.POST._mutable = True
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertTrue(request.POST._mutable)
def test_mutable_status(self):
request = RequestFactory().post(
'/',
{'csrfmiddlewaretoken': 'aBcDeF$ACAAdVd1'}
)
request.POST._mutable = False
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertFalse(request.POST._mutable)
request = RequestFactory().post(
'/',
{'csrfmiddlewaretoken': 'aBcDeF$ACAAdVd1'}
)
request.POST._mutable = True
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertTrue(request.POST._mutable)
def test_mutable_status(self):
request = RequestFactory().post(
'/',
{'csrfmiddlewaretoken':
'WaMeyTIUS6hOoTcm$TOKqMT3J0Gx2b15UH1MkRg=='}
)
request.POST._mutable = False
middleware = CSRFCryptMiddleware()
middleware.process_request(request)
self.assertFalse(request.POST._mutable)
request = RequestFactory().post(
'/',
{'csrfmiddlewaretoken':
'WaMeyTIUS6hOoTcm$TOKqMT3J0Gx2b15UH1MkRg=='}
)
request.POST._mutable = True
middleware = CSRFCryptMiddleware()
middleware.process_request(request)
self.assertTrue(request.POST._mutable)
def test_tampering(self):
request = RequestFactory().post(
'/', {'csrfmiddlewaretoken': '123456$abc'})
middleware = CSRFCryptMiddleware()
with self.assertRaises(SuspiciousOperation):
middleware.process_view(request, test_view, (), {})
def test_header_tampering(self):
request = RequestFactory().post('/', HTTP_X_CSRFTOKEN='123456$abc')
middleware = CSRFCryptMiddleware()
with self.assertRaises(SuspiciousOperation):
middleware.process_view(request, test_view, (), {})
def test_tampering(self):
request = RequestFactory().post(
'/', {'csrfmiddlewaretoken': '123456$abc'})
middleware = CSRFCryptMiddleware()
with self.assertRaises(SuspiciousOperation):
middleware.process_view(request, test_view, (), {})
def test_header_not_encoded(self):
request = RequestFactory().post('/', HTTP_X_CSRFTOKEN='abc123')
middleware = CSRFCryptMiddleware()
middleware.process_request(request)
self.assertEqual(request.META.get('HTTP_X_CSRFTOKEN'), 'abc123')
def test_not_encoded(self):
request = RequestFactory().post('/', {'csrfmiddlewaretoken': 'abc123'})
middleware = CSRFCryptMiddleware()
middleware.process_request(request)
self.assertEqual(request.POST.get('csrfmiddlewaretoken'), 'abc123')
def test_header_tampering(self):
request = RequestFactory().post('/', HTTP_X_CSRFTOKEN='123456$abc')
middleware = CSRFCryptMiddleware()
with self.assertRaises(SuspiciousOperation):
middleware.process_view(request, test_view, (), {})
def test_middleware_raises_improperly_configured(self):
with self.assertRaises(ImproperlyConfigured):
CSRFCryptMiddleware()
def test_encoded(self):
request = RequestFactory().post(
'/', {'csrfmiddlewaretoken': 'aBcDeF$ACAAdVd1'})
middleware = CSRFCryptMiddleware()
middleware.process_view(request, test_view, (), {})
self.assertEqual(request.POST.get('csrfmiddlewaretoken'), 'abc123')