summaryrefslogtreecommitdiff
path: root/tests/flatpages_tests/test_csrf.py
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2015-02-09 19:20:39 -0500
committerTim Graham <timograham@gmail.com>2015-02-11 11:47:58 -0500
commit36bf6ec9eb8a3ef4e24d3a6374780603f5bbdf97 (patch)
treeaa8433e22b89b76e54d985ce601d03613d0564c3 /tests/flatpages_tests/test_csrf.py
parenta0553d1a7cb4f5ecca90650ef9ebad4c44cf6b43 (diff)
[1.8.x] Moved contrib.flatpages tests out of contrib.
Backport of d3a725054fa260e84c788b240fd03cbd0ccc1151 from master
Diffstat (limited to 'tests/flatpages_tests/test_csrf.py')
-rw-r--r--tests/flatpages_tests/test_csrf.py74
1 files changed, 74 insertions, 0 deletions
diff --git a/tests/flatpages_tests/test_csrf.py b/tests/flatpages_tests/test_csrf.py
new file mode 100644
index 0000000000..d45ef34d2b
--- /dev/null
+++ b/tests/flatpages_tests/test_csrf.py
@@ -0,0 +1,74 @@
+from django.contrib.auth.models import User
+from django.test import Client, TestCase, modify_settings, override_settings
+
+from .settings import FLATPAGES_TEMPLATES
+
+
+@modify_settings(INSTALLED_APPS={'append': 'django.contrib.flatpages'})
+@override_settings(
+ LOGIN_URL='/accounts/login/',
+ MIDDLEWARE_CLASSES=(
+ 'django.middleware.common.CommonMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware',
+ ),
+ ROOT_URLCONF='flatpages_tests.urls',
+ CSRF_FAILURE_VIEW='django.views.csrf.csrf_failure',
+ TEMPLATES=FLATPAGES_TEMPLATES,
+ SITE_ID=1,
+)
+class FlatpageCSRFTests(TestCase):
+ fixtures = ['sample_flatpages', 'example_site']
+
+ def setUp(self):
+ self.client = Client(enforce_csrf_checks=True)
+
+ def test_view_flatpage(self):
+ "A flatpage can be served through a view, even when the middleware is in use"
+ response = self.client.get('/flatpage_root/flatpage/')
+ self.assertEqual(response.status_code, 200)
+ self.assertContains(response, "<p>Isn't it flat!</p>")
+
+ def test_view_non_existent_flatpage(self):
+ "A non-existent flatpage raises 404 when served through a view, even when the middleware is in use"
+ response = self.client.get('/flatpage_root/no_such_flatpage/')
+ self.assertEqual(response.status_code, 404)
+
+ def test_view_authenticated_flatpage(self):
+ "A flatpage served through a view can require authentication"
+ response = self.client.get('/flatpage_root/sekrit/')
+ self.assertRedirects(response, '/accounts/login/?next=/flatpage_root/sekrit/')
+ User.objects.create_user('testuser', 'test@example.com', 's3krit')
+ self.client.login(username='testuser', password='s3krit')
+ response = self.client.get('/flatpage_root/sekrit/')
+ self.assertEqual(response.status_code, 200)
+ self.assertContains(response, "<p>Isn't it sekrit!</p>")
+
+ def test_fallback_flatpage(self):
+ "A flatpage can be served by the fallback middleware"
+ response = self.client.get('/flatpage/')
+ self.assertEqual(response.status_code, 200)
+ self.assertContains(response, "<p>Isn't it flat!</p>")
+
+ def test_fallback_non_existent_flatpage(self):
+ "A non-existent flatpage raises a 404 when served by the fallback middleware"
+ response = self.client.get('/no_such_flatpage/')
+ self.assertEqual(response.status_code, 404)
+
+ def test_post_view_flatpage(self):
+ "POSTing to a flatpage served through a view will raise a CSRF error if no token is provided (Refs #14156)"
+ response = self.client.post('/flatpage_root/flatpage/')
+ self.assertEqual(response.status_code, 403)
+
+ def test_post_fallback_flatpage(self):
+ "POSTing to a flatpage served by the middleware will raise a CSRF error if no token is provided (Refs #14156)"
+ response = self.client.post('/flatpage/')
+ self.assertEqual(response.status_code, 403)
+
+ def test_post_unknown_page(self):
+ "POSTing to an unknown page isn't caught as a 403 CSRF error"
+ response = self.client.post('/no_such_page/')
+ self.assertEqual(response.status_code, 404)