summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorClaude Paroz <claude@2xlibre.net>2012-10-29 17:26:10 +0100
committerClaude Paroz <claude@2xlibre.net>2012-10-29 17:30:51 +0100
commitad2d57a2ccb6316001205739090a2a1d79453207 (patch)
treec822302be1c4d14e8a851aee9749130dbce6271d
parent37c87b785da934815f1f5ca863d88ac0685bff2a (diff)
[1.4.x] Fixed #19172 -- Isolated poisoned_http_host tests from 500 handlers
Thanks bernardofontes for the report. Backport of b774c5993 from master.
-rw-r--r--django/contrib/auth/tests/views.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py
index 1525f888fe..d295bb8c10 100644
--- a/django/contrib/auth/tests/views.py
+++ b/django/contrib/auth/tests/views.py
@@ -118,6 +118,8 @@ class PasswordResetTest(AuthViewsTestCase):
self.assertTrue("http://adminsite.com" in mail.outbox[0].body)
self.assertEqual(settings.DEFAULT_FROM_EMAIL, mail.outbox[0].from_email)
+ # Skip any 500 handler action (like sending more mail...)
+ @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
def test_poisoned_http_host(self):
"Poisoned HTTP_HOST headers can't be used for reset emails"
# This attack is based on the way browsers handle URLs. The colon
@@ -134,6 +136,8 @@ class PasswordResetTest(AuthViewsTestCase):
)
self.assertEqual(len(mail.outbox), 0)
+ # Skip any 500 handler action (like sending more mail...)
+ @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
def test_poisoned_http_host_admin_site(self):
"Poisoned HTTP_HOST headers can't be used for reset emails on admin views"
with self.assertRaises(SuspiciousOperation):