diff options
| author | Tim Graham <timograham@gmail.com> | 2015-02-09 19:20:39 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2015-02-11 11:47:58 -0500 |
| commit | 36bf6ec9eb8a3ef4e24d3a6374780603f5bbdf97 (patch) | |
| tree | aa8433e22b89b76e54d985ce601d03613d0564c3 /tests/flatpages_tests/test_csrf.py | |
| parent | a0553d1a7cb4f5ecca90650ef9ebad4c44cf6b43 (diff) | |
[1.8.x] Moved contrib.flatpages tests out of contrib.
Backport of d3a725054fa260e84c788b240fd03cbd0ccc1151 from master
Diffstat (limited to 'tests/flatpages_tests/test_csrf.py')
| -rw-r--r-- | tests/flatpages_tests/test_csrf.py | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/tests/flatpages_tests/test_csrf.py b/tests/flatpages_tests/test_csrf.py new file mode 100644 index 0000000000..d45ef34d2b --- /dev/null +++ b/tests/flatpages_tests/test_csrf.py @@ -0,0 +1,74 @@ +from django.contrib.auth.models import User +from django.test import Client, TestCase, modify_settings, override_settings + +from .settings import FLATPAGES_TEMPLATES + + +@modify_settings(INSTALLED_APPS={'append': 'django.contrib.flatpages'}) +@override_settings( + LOGIN_URL='/accounts/login/', + MIDDLEWARE_CLASSES=( + 'django.middleware.common.CommonMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'django.contrib.auth.middleware.AuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware', + ), + ROOT_URLCONF='flatpages_tests.urls', + CSRF_FAILURE_VIEW='django.views.csrf.csrf_failure', + TEMPLATES=FLATPAGES_TEMPLATES, + SITE_ID=1, +) +class FlatpageCSRFTests(TestCase): + fixtures = ['sample_flatpages', 'example_site'] + + def setUp(self): + self.client = Client(enforce_csrf_checks=True) + + def test_view_flatpage(self): + "A flatpage can be served through a view, even when the middleware is in use" + response = self.client.get('/flatpage_root/flatpage/') + self.assertEqual(response.status_code, 200) + self.assertContains(response, "<p>Isn't it flat!</p>") + + def test_view_non_existent_flatpage(self): + "A non-existent flatpage raises 404 when served through a view, even when the middleware is in use" + response = self.client.get('/flatpage_root/no_such_flatpage/') + self.assertEqual(response.status_code, 404) + + def test_view_authenticated_flatpage(self): + "A flatpage served through a view can require authentication" + response = self.client.get('/flatpage_root/sekrit/') + self.assertRedirects(response, '/accounts/login/?next=/flatpage_root/sekrit/') + User.objects.create_user('testuser', 'test@example.com', 's3krit') + self.client.login(username='testuser', password='s3krit') + response = self.client.get('/flatpage_root/sekrit/') + self.assertEqual(response.status_code, 200) + self.assertContains(response, "<p>Isn't it sekrit!</p>") + + def test_fallback_flatpage(self): + "A flatpage can be served by the fallback middleware" + response = self.client.get('/flatpage/') + self.assertEqual(response.status_code, 200) + self.assertContains(response, "<p>Isn't it flat!</p>") + + def test_fallback_non_existent_flatpage(self): + "A non-existent flatpage raises a 404 when served by the fallback middleware" + response = self.client.get('/no_such_flatpage/') + self.assertEqual(response.status_code, 404) + + def test_post_view_flatpage(self): + "POSTing to a flatpage served through a view will raise a CSRF error if no token is provided (Refs #14156)" + response = self.client.post('/flatpage_root/flatpage/') + self.assertEqual(response.status_code, 403) + + def test_post_fallback_flatpage(self): + "POSTing to a flatpage served by the middleware will raise a CSRF error if no token is provided (Refs #14156)" + response = self.client.post('/flatpage/') + self.assertEqual(response.status_code, 403) + + def test_post_unknown_page(self): + "POSTing to an unknown page isn't caught as a 403 CSRF error" + response = self.client.post('/no_such_page/') + self.assertEqual(response.status_code, 404) |
