def test_empty_permitted(self): """ Regression test for #10643: the security hash should allow forms with empty_permitted = True, or forms where data has not changed. """ f1 = HashTestBlankForm({}) f2 = HashTestForm({}, empty_permitted=True) hash1 = utils.form_hmac(f1) hash2 = utils.form_hmac(f2) self.assertEqual(hash1, hash2)
def test_textfield_hash(self): """ Regression test for #10034: the hash generation function should ignore leading/trailing whitespace so as to be friendly to broken browsers that submit it (usually in textareas). """ f1 = HashTestForm({'name': 'joe', 'bio': 'Speaking español.'}) f2 = HashTestForm({'name': ' joe', 'bio': 'Speaking español. '}) hash1 = utils.form_hmac(f1) hash2 = utils.form_hmac(f2) self.assertEqual(hash1, hash2)
def security_hash(self, request, form): """ Calculates the security hash for the given HttpRequest and Form instances. Subclasses may want to take into account request-specific information, such as the IP address. """ return form_hmac(form)
def test_hash_with_file(self): with InMemoryUploadedFile(StringIO('1'), '', 'test', 'text/plain', 1, 'utf8') as some_file: f1 = HashTestFormWithFile({'name': 'joe'}) f2 = HashTestFormWithFile({'name': 'joe'}, files={'attachment': some_file}) hash1 = utils.form_hmac(f1) hash2 = utils.form_hmac(f2) self.assertNotEqual(hash1, hash2) with TemporaryUploadedFile('test', 'text/plain', 1, 'utf8') as some_file: some_file.write(b'1') some_file.seek(0) f1 = HashTestFormWithFile({'name': 'joe'}) f2 = HashTestFormWithFile({'name': 'joe'}, files={'attachment': some_file}) hash1 = utils.form_hmac(f1) hash2 = utils.form_hmac(f2) self.assertNotEqual(hash1, hash2)
def test_form_submit_good_hash(self): """ Test formtools.preview form submittal, using a correct hash """ # Pass strings for form submittal and add stage variable to # show we previously saw first stage of the form. self.test_data.update({'stage': 2}) response = self.client.post('/preview/', self.test_data) self.assertNotEqual(response.content, success_string_encoded) hash = utils.form_hmac(TestForm(self.test_data)) self.test_data.update({'hash': hash}) response = self.client.post('/preview/', self.test_data) self.assertEqual(response.content, success_string_encoded)
def test_form_submit_bad_hash(self): """ Test formtools.preview form submittal does not proceed if the hash is incorrect. """ # Pass strings for form submittal and add stage variable to # show we previously saw first stage of the form. self.test_data.update({'stage': 2}) response = self.client.post('/preview/', self.test_data) self.assertEqual(response.status_code, 200) self.assertNotEqual(response.content, success_string_encoded) hash = utils.form_hmac(TestForm(self.test_data)) + "bad" self.test_data.update({'hash': hash}) response = self.client.post('/previewpreview/', self.test_data) self.assertNotEqual(response.content, success_string_encoded)