diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2008-12-02 22:40:00 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2008-12-02 22:40:00 +0000 |
| commit | f7242bb778d63e09aebaf5318244a886f123a1e0 (patch) | |
| tree | fe089c1ce09fa8d965efd29ce1b319ade4583250 | |
| parent | 5ef0c03ae9aca99289737ba6d88a371ad95cf432 (diff) | |
Added tests for CsrfMiddleware.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
| -rw-r--r-- | django/contrib/csrf/models.py | 1 | ||||
| -rw-r--r-- | django/contrib/csrf/tests.py | 64 |
2 files changed, 65 insertions, 0 deletions
diff --git a/django/contrib/csrf/models.py b/django/contrib/csrf/models.py new file mode 100644 index 0000000000..71abcc5198 --- /dev/null +++ b/django/contrib/csrf/models.py @@ -0,0 +1 @@ +# models.py file for tests to run. diff --git a/django/contrib/csrf/tests.py b/django/contrib/csrf/tests.py new file mode 100644 index 0000000000..efc21db240 --- /dev/null +++ b/django/contrib/csrf/tests.py @@ -0,0 +1,64 @@ +# -*- coding: utf-8 -*- + +from django.test import TestCase +from django.http import HttpRequest, HttpResponse +from django.contrib.csrf.middleware import CsrfMiddleware, _make_token +from django.conf import settings + +class CsrfMiddlewareTest(TestCase): + + _session_id = "1" + + def _get_no_session_request(self): + return HttpRequest() + + def _get_session_request(self): + req = self._get_no_session_request() + req.COOKIES[settings.SESSION_COOKIE_NAME] = self._session_id + return req + + def _get_post_form_response(self): + resp = HttpResponse(content=""" +<html><body><form method="POST"><input type="text" /></form></body></html> +""", mimetype="text/html") + return resp + + def _get_new_session_response(self): + resp = self._get_post_form_response() + resp.cookies[settings.SESSION_COOKIE_NAME] = self._session_id + return resp + + def _check_token_present(self, response): + self.assertContains(response, "name='csrfmiddlewaretoken' value='%s'" % _make_token(self._session_id)) + + def test_process_response_no_session(self): + """ + Check the the post-processor does nothing if no session active + """ + req = self._get_no_session_request() + resp = self._get_post_form_response() + resp_content = resp.content + resp2 = CsrfMiddleware().process_response(req, resp) + self.assertEquals(resp_content, resp2.content) + + def test_process_response_existing_session(self): + """ + Check that the token is inserted if there is an existing session + """ + req = self._get_session_request() + resp = self._get_post_form_response() + resp_content = resp.content + resp2 = CsrfMiddleware().process_response(req, resp) + self.assertNotEqual(resp_content, resp2.content) + self._check_token_present(resp2) + + def test_process_response_new_session(self): + """ + Check that the token is inserted if there is a new session being started + """ + req = self._get_no_session_request() # no session in request + resp = self._get_new_session_response() # but new session started + resp_content = resp.content + resp2 = CsrfMiddleware().process_response(req, resp) + self.assertNotEqual(resp_content, resp2.content) + self._check_token_present(resp2) |
