summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRussell Keith-Magee <russell@keith-magee.com>2010-08-27 13:58:36 +0000
committerRussell Keith-Magee <russell@keith-magee.com>2010-08-27 13:58:36 +0000
commit35411fd7da0bfce6605d810c9844889f90cfb01b (patch)
treed6bf9558375f1da4e3179a57d537b876a010d4e2
parent188c6b3e9a99e7a5b53ebb57de0b8467c1131eee (diff)
[1.2.X] Fixed #14116 -- Added a flag to enable CSRF checks in the test client. Thanks to jon@licq.org for the suggestion.
Backport of r13640 from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@13642 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/test/client.py10
-rw-r--r--docs/ref/contrib/csrf.txt7
-rw-r--r--docs/topics/testing.txt13
-rw-r--r--tests/modeltests/test_client/models.py24
4 files changed, 51 insertions, 3 deletions
diff --git a/django/test/client.py b/django/test/client.py
index cceed8d9f6..08e3ff6b71 100644
--- a/django/test/client.py
+++ b/django/test/client.py
@@ -55,6 +55,10 @@ class ClientHandler(BaseHandler):
Uses the WSGI interface to compose requests, but returns
the raw HttpResponse object
"""
+ def __init__(self, enforce_csrf_checks=True, *args, **kwargs):
+ self.enforce_csrf_checks = enforce_csrf_checks
+ super(ClientHandler, self).__init__(*args, **kwargs)
+
def __call__(self, environ):
from django.conf import settings
from django.core import signals
@@ -71,7 +75,7 @@ class ClientHandler(BaseHandler):
# CsrfViewMiddleware. This makes life easier, and is probably
# required for backwards compatibility with external tests against
# admin views.
- request._dont_enforce_csrf_checks = True
+ request._dont_enforce_csrf_checks = not self.enforce_csrf_checks
response = self.get_response(request)
# Apply response middleware.
@@ -169,8 +173,8 @@ class Client(object):
contexts and templates produced by a view, rather than the
HTML rendered to the end-user.
"""
- def __init__(self, **defaults):
- self.handler = ClientHandler()
+ def __init__(self, enforce_csrf_checks=False, **defaults):
+ self.handler = ClientHandler(enforce_csrf_checks)
self.defaults = defaults
self.cookies = SimpleCookie()
self.exc_info = None
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index 979c221581..c32dd73986 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -398,6 +398,13 @@ set a flag on requests which relaxes the middleware and the ``csrf_protect``
decorator so that they no longer rejects requests. In every other respect
(e.g. sending cookies etc.), they behave the same.
+If, for some reason, you *want* the test client to perform CSRF
+checks, you can create an instance of the test client that enforces
+CSRF checks::
+
+ >>> from django.test import Client
+ >>> csrf_client = Client(enforce_csrf_checks=True)
+
Limitations
===========
diff --git a/docs/topics/testing.txt b/docs/topics/testing.txt
index b101d574bb..c5f8f0040d 100644
--- a/docs/topics/testing.txt
+++ b/docs/topics/testing.txt
@@ -572,6 +572,19 @@ Note a few important things about how the test client works:
This black magic (essentially a patching of Django's template system in
memory) only happens during test running.
+ * By default, the test client will disable any CSRF checks
+ performed by your site.
+
+ If, for some reason, you *want* the test client to perform CSRF
+ checks, you can create an instance of the test client that
+ enforces CSRF checks. To do this, pass in the
+ ``enforce_csrf_checks`` argument when you construct your
+ client::
+
+ >>> from django.test import Client
+ >>> csrf_client = Client(enforce_csrf_checks=True)
+
+
.. _urllib: http://docs.python.org/library/urllib.html
.. _urllib2: http://docs.python.org/library/urllib2.html
diff --git a/tests/modeltests/test_client/models.py b/tests/modeltests/test_client/models.py
index c51323d843..30520082da 100644
--- a/tests/modeltests/test_client/models.py
+++ b/tests/modeltests/test_client/models.py
@@ -21,6 +21,7 @@ rather than the HTML rendered to the end-user.
"""
from django.test import Client, TestCase
+from django.conf import settings
from django.core import mail
class ClientTest(TestCase):
@@ -433,3 +434,26 @@ class ClientTest(TestCase):
self.assertEqual(mail.outbox[1].from_email, 'from@example.com')
self.assertEqual(mail.outbox[1].to[0], 'second@example.com')
self.assertEqual(mail.outbox[1].to[1], 'third@example.com')
+
+class CSRFEnabledClientTests(TestCase):
+ def setUp(self):
+ # Enable the CSRF middleware for this test
+ self.old_MIDDLEWARE_CLASSES = settings.MIDDLEWARE_CLASSES
+ csrf_middleware_class = 'django.middleware.csrf.CsrfViewMiddleware'
+ if csrf_middleware_class not in settings.MIDDLEWARE_CLASSES:
+ settings.MIDDLEWARE_CLASSES += (csrf_middleware_class,)
+
+ def tearDown(self):
+ settings.MIDDLEWARE_CLASSES = self.old_MIDDLEWARE_CLASSES
+
+ def test_csrf_enabled_client(self):
+ "A client can be instantiated with CSRF checks enabled"
+ csrf_client = Client(enforce_csrf_checks=True)
+
+ # The normal client allows the post
+ response = self.client.post('/test_client/post_view/', {})
+ self.assertEqual(response.status_code, 200)
+
+ # The CSRF-enabled client rejects it
+ response = csrf_client.post('/test_client/post_view/', {})
+ self.assertEqual(response.status_code, 403)