summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaude Paroz <claude@2xlibre.net>2012-10-29 17:26:10 +0100
committerClaude Paroz <claude@2xlibre.net>2012-10-29 17:29:28 +0100
commit8c556a32f232ef9e9a3581d7129bd15d4f495d9f (patch)
tree1e8b0c7cdf9f9d872f232b56f09ea4e1c0c26ccd
parentd7d7ad2881b66d2c6be45ab0b055f492d3b589e9 (diff)
[1.5.x] Fixed #19172 -- Isolated poisoned_http_host tests from 500 handlers
Thanks bernardofontes for the report. Backport of b774c5993 from master.
-rw-r--r--django/contrib/auth/tests/views.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py
index bb17576d31..b97d4a7cdf 100644
--- a/django/contrib/auth/tests/views.py
+++ b/django/contrib/auth/tests/views.py
@@ -115,6 +115,8 @@ class PasswordResetTest(AuthViewsTestCase):
self.assertTrue("http://adminsite.com" in mail.outbox[0].body)
self.assertEqual(settings.DEFAULT_FROM_EMAIL, mail.outbox[0].from_email)
+ # Skip any 500 handler action (like sending more mail...)
+ @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
def test_poisoned_http_host(self):
"Poisoned HTTP_HOST headers can't be used for reset emails"
# This attack is based on the way browsers handle URLs. The colon
@@ -131,6 +133,8 @@ class PasswordResetTest(AuthViewsTestCase):
)
self.assertEqual(len(mail.outbox), 0)
+ # Skip any 500 handler action (like sending more mail...)
+ @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
def test_poisoned_http_host_admin_site(self):
"Poisoned HTTP_HOST headers can't be used for reset emails on admin views"
with self.assertRaises(SuspiciousOperation):