def test_csrf_allows_safe(self, method):
def fn(self, view, app, request, *args, **kwargs):
return view(app, request, *args, **kwargs)
view = lambda app, request: Response()
app = pretend.stub()
request = pretend.stub(_session={}, method=method)
handle_csrf(fn)(pretend.stub(), view, app, request)
def test_csrf_allows_safe(self, method):
def fn(self, view, app, request, *args, **kwargs):
return view(app, request, *args, **kwargs)
view = lambda app, request: Response()
app = pretend.stub()
request = pretend.stub(_session={}, method=method)
handle_csrf(fn)(pretend.stub(), view, app, request)
def test_csrf_already_ensured(self):
def fn(self, view, app, request, *args, **kwargs):
return view(app, request, *args, **kwargs)
view = lambda app, request: Response()
view._csrf = True
app = pretend.stub()
request = pretend.stub(_session={"user.csrf": "1234"}, method="GET")
handle_csrf(fn)(pretend.stub(), view, app, request)
assert request._session == {"user.csrf": "1234"}
def test_csrf_already_ensured(self):
def fn(self, view, app, request, *args, **kwargs):
return view(app, request, *args, **kwargs)
view = lambda app, request: Response()
view._csrf = True
app = pretend.stub()
request = pretend.stub(_session={"user.csrf": "1234"}, method="GET")
handle_csrf(fn)(pretend.stub(), view, app, request)
assert request._session == {"user.csrf": "1234"}
def test_csrf_disallows_unsafe(self, method):
def fn(self, view, app, request, *args, **kwargs):
return view(app, request, *args, **kwargs)
view = lambda app, request: Response()
app = pretend.stub()
request = pretend.stub(_session={}, method=method)
with pytest.raises(SecurityError) as excinfo:
handle_csrf(fn)(pretend.stub(), view, app, request)
assert (
excinfo.value.description == "No CSRF protection applied to view")
def test_csrf_disallows_unsafe(self, method):
def fn(self, view, app, request, *args, **kwargs):
return view(app, request, *args, **kwargs)
view = lambda app, request: Response()
app = pretend.stub()
request = pretend.stub(_session={}, method=method)
with pytest.raises(SecurityError) as excinfo:
handle_csrf(fn)(pretend.stub(), view, app, request)
assert (excinfo.value.description
== "No CSRF protection applied to view")
def test_csrf_checks_csrf_unsafe(self, method):
def fn(self, view, app, request, *args, **kwargs):
return view(app, request, *args, **kwargs)
view = lambda app, request: Response()
view._csrf = True
app = pretend.stub()
request = pretend.stub(_session={}, method=method)
_verify_origin = pretend.call_recorder(lambda request: None)
_verify_token = pretend.call_recorder(lambda request: None)
handle_csrf(
fn,
_verify_origin=_verify_origin,
_verify_token=_verify_token,
)(pretend.stub(), view, app, request)
assert _verify_token.calls == [pretend.call(request)]
assert _verify_token.calls == [pretend.call(request)]
def test_csrf_checks_csrf_unsafe(self, method):
def fn(self, view, app, request, *args, **kwargs):
return view(app, request, *args, **kwargs)
view = lambda app, request: Response()
view._csrf = True
app = pretend.stub()
request = pretend.stub(_session={}, method=method)
_verify_origin = pretend.call_recorder(lambda request: None)
_verify_token = pretend.call_recorder(lambda request: None)
handle_csrf(
fn,
_verify_origin=_verify_origin,
_verify_token=_verify_token,
)(pretend.stub(), view, app, request)
assert _verify_token.calls == [pretend.call(request)]
assert _verify_token.calls == [pretend.call(request)]
