summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2008-12-02 22:40:00 +0000
committerLuke Plant <L.Plant.98@cantab.net>2008-12-02 22:40:00 +0000
commitf7242bb778d63e09aebaf5318244a886f123a1e0 (patch)
treefe089c1ce09fa8d965efd29ce1b319ade4583250
parent5ef0c03ae9aca99289737ba6d88a371ad95cf432 (diff)
Added tests for CsrfMiddleware.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@9551 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/csrf/models.py1
-rw-r--r--django/contrib/csrf/tests.py64
2 files changed, 65 insertions, 0 deletions
diff --git a/django/contrib/csrf/models.py b/django/contrib/csrf/models.py
new file mode 100644
index 0000000000..71abcc5198
--- /dev/null
+++ b/django/contrib/csrf/models.py
@@ -0,0 +1 @@
+# models.py file for tests to run.
diff --git a/django/contrib/csrf/tests.py b/django/contrib/csrf/tests.py
new file mode 100644
index 0000000000..efc21db240
--- /dev/null
+++ b/django/contrib/csrf/tests.py
@@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+
+from django.test import TestCase
+from django.http import HttpRequest, HttpResponse
+from django.contrib.csrf.middleware import CsrfMiddleware, _make_token
+from django.conf import settings
+
+class CsrfMiddlewareTest(TestCase):
+
+ _session_id = "1"
+
+ def _get_no_session_request(self):
+ return HttpRequest()
+
+ def _get_session_request(self):
+ req = self._get_no_session_request()
+ req.COOKIES[settings.SESSION_COOKIE_NAME] = self._session_id
+ return req
+
+ def _get_post_form_response(self):
+ resp = HttpResponse(content="""
+<html><body><form method="POST"><input type="text" /></form></body></html>
+""", mimetype="text/html")
+ return resp
+
+ def _get_new_session_response(self):
+ resp = self._get_post_form_response()
+ resp.cookies[settings.SESSION_COOKIE_NAME] = self._session_id
+ return resp
+
+ def _check_token_present(self, response):
+ self.assertContains(response, "name='csrfmiddlewaretoken' value='%s'" % _make_token(self._session_id))
+
+ def test_process_response_no_session(self):
+ """
+ Check the the post-processor does nothing if no session active
+ """
+ req = self._get_no_session_request()
+ resp = self._get_post_form_response()
+ resp_content = resp.content
+ resp2 = CsrfMiddleware().process_response(req, resp)
+ self.assertEquals(resp_content, resp2.content)
+
+ def test_process_response_existing_session(self):
+ """
+ Check that the token is inserted if there is an existing session
+ """
+ req = self._get_session_request()
+ resp = self._get_post_form_response()
+ resp_content = resp.content
+ resp2 = CsrfMiddleware().process_response(req, resp)
+ self.assertNotEqual(resp_content, resp2.content)
+ self._check_token_present(resp2)
+
+ def test_process_response_new_session(self):
+ """
+ Check that the token is inserted if there is a new session being started
+ """
+ req = self._get_no_session_request() # no session in request
+ resp = self._get_new_session_response() # but new session started
+ resp_content = resp.content
+ resp2 = CsrfMiddleware().process_response(req, resp)
+ self.assertNotEqual(resp_content, resp2.content)
+ self._check_token_present(resp2)