def test_process_response_get_token_used(self): """ When get_token is used, check that the cookie is created and headers patched. """ req = self._get_GET_no_csrf_cookie_request() # Put tests for CSRF_COOKIE_* settings here with self.settings( CSRF_COOKIE_NAME="myname", CSRF_COOKIE_DOMAIN=".example.com", CSRF_COOKIE_PATH="/test/", CSRF_COOKIE_SECURE=True, CSRF_COOKIE_HTTPONLY=True, ): # token_view calls get_token() indirectly CsrfViewMiddleware().process_view(req, token_view, (), {}) resp = token_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get("myname", False) self.assertIsNot(csrf_cookie, False) self.assertEqual(csrf_cookie["domain"], ".example.com") self.assertIs(csrf_cookie["secure"], True) self.assertIs(csrf_cookie["httponly"], True) self.assertEqual(csrf_cookie["path"], "/test/") self.assertIn("Cookie", resp2.get("Vary", ""))
def test_ensures_csrf_cookie_with_middleware(self): """ The ensure_csrf_cookie() decorator works with the CsrfViewMiddleware enabled. """ req = self._get_GET_no_csrf_cookie_request() CsrfViewMiddleware().process_view(req, ensure_csrf_cookie_view, (), {}) resp = ensure_csrf_cookie_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) self.assertTrue(resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)) self.assertIn('Cookie', resp2.get('Vary', ''))
def test_process_response_get_token_used(self): """ When get_token is used, check that the cookie is created and headers patched. """ req = self._get_GET_no_csrf_cookie_request() # token_view calls get_token() indirectly CsrfViewMiddleware().process_view(req, token_view, (), {}) resp = token_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False) self.assertNotEqual(csrf_cookie, False) self.assertTrue('Cookie' in resp2.get('Vary', ''))
def test_process_response_get_token_used(self): """ When get_token is used, check that the cookie is created and headers patched. """ req = self._get_GET_no_csrf_cookie_request() # token_view calls get_token() indirectly CsrfViewMiddleware().process_view(req, token_view, (), {}) resp = token_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False) self.assertNotEqual(csrf_cookie, False) self.assertTrue('Cookie' in resp2.get('Vary',''))
def test_ensures_csrf_cookie_with_middleware(self): """ The ensure_csrf_cookie() decorator works with the CsrfViewMiddleware enabled. """ @ensure_csrf_cookie def view(request): # Doesn't insert a token or anything return HttpResponse(content="") req = self._get_GET_no_csrf_cookie_request() CsrfViewMiddleware().process_view(req, view, (), {}) resp = view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) self.assertTrue(resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)) self.assertIn('Cookie', resp2.get('Vary', ''))
def test_ensures_csrf_cookie_with_middleware(self): """ Tests that ensures_csrf_cookie decorator fulfils its promise with the middleware enabled. """ @ensure_csrf_cookie def view(request): # Doesn't insert a token or anything return HttpResponse(content="") req = self._get_GET_no_csrf_cookie_request() CsrfViewMiddleware().process_view(req, view, (), {}) resp = view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) self.assertTrue(resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)) self.assertTrue("Cookie" in resp2.get("Vary", ""))
def test_process_response_get_token_used(self): """ When get_token is used, check that the cookie is created and headers patched. """ req = self._get_GET_no_csrf_cookie_request() # Put tests for CSRF_COOKIE_* settings here with self.settings(CSRF_COOKIE_NAME='myname', CSRF_COOKIE_DOMAIN='.example.com', CSRF_COOKIE_PATH='/test/', CSRF_COOKIE_SECURE=True): # token_view calls get_token() indirectly CsrfViewMiddleware().process_view(req, token_view, (), {}) resp = token_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get('myname', False) self.assertNotEqual(csrf_cookie, False) self.assertEqual(csrf_cookie['domain'], '.example.com') self.assertEqual(csrf_cookie['secure'], True) self.assertEqual(csrf_cookie['path'], '/test/') self.assertTrue('Cookie' in resp2.get('Vary',''))