def test_first_access_secure_handler(self): handler = Mock() handler.request.cookies.get = Mock(return_value=None) def secure(): pass dependencies = {'_fcn': secure} request_args = {} csrf_middleware = CSRFMiddleware(handler, dependencies, request_args) self.assertTrue(csrf_middleware.set_up()) self.assert_csrf_setup(dependencies, handler)
def test_first_access_unsecure_handler(self): handler = Mock() handler.request.method = 'GET' handler.request.cookies.get = Mock(return_value=None) @no_csrf def unsecure(): pass dependencies = {'_fcn': unsecure} request_args = {} csrf_middleware = CSRFMiddleware(handler, dependencies, request_args) self.assertFalse(csrf_middleware.set_up()) self.assert_csrf_setup(dependencies, handler)
def test_secure_angular_ajax_access(self): handler = Mock() csrf_code = 'abc' token = facade.sign('XSRF-RANDOM', csrf_code).execute().result handler.request.cookies.get = lambda k: token handler.request.headers.get = lambda k: csrf_code def secure(): pass dependencies = {'_fcn': secure} request_args = {} csrf_middleware = CSRFMiddleware(handler, dependencies, request_args) self.assertFalse(csrf_middleware.set_up())
def test_secure_form_access(self): handler = Mock() csrf_code = 'abc' token = facade.sign('XSRF-RANDOM', csrf_code).execute().result def get_cookie(name): if name == 'XSRF-RANDOM': return token handler.request.cookies.get = get_cookie def secure(): pass dependencies = {'_fcn': secure} request_args = {'_csrf_code': csrf_code} # removes _csrf_code from request_args to dependencies CSRFInputToDependency(handler, dependencies, request_args).set_up() csrf_middleware = CSRFMiddleware(handler, dependencies, request_args) self.assertFalse(csrf_middleware.set_up()) self.assertDictEqual({}, request_args, '_csrf_code must be removed from request_args')
def test_http_get_no_working_on_secure(self): handler = Mock() handler.request.method = 'GET' # Making a perfect valid call but the http method GET csrf_code = 'abc' token = facade.sign('XSRF-RANDOM', csrf_code).execute().result def get_cookie(name): if name == 'XSRF-RANDOM': return token handler.request.cookies.get = get_cookie def secure(): pass dependencies = {'_fcn': secure} request_args = {'_csrf_code': csrf_code} # removes _csrf_code from request_args to dependencies CSRFInputToDependency(handler, dependencies, request_args).set_up() csrf_middleware = CSRFMiddleware(handler, dependencies, request_args) self.assertTrue(csrf_middleware.set_up(), 'should be false because the http method is GET')