summaryrefslogtreecommitdiff
path: root/tests/csrf_tests
AgeCommit message (Collapse)Author
2026-01-18Applied Black's 2026 stable style.Mariusz Felisiak
https://github.com/psf/black/releases/tag/26.1.0
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-07-23Removed double spaces after periods and within phrases.Sarah Boyce
2025-05-22Added helpers in csrf_tests and logging_tests to assert logs from ↵Natalia
`log_response()`.
2024-10-16Refs #35727 -- Updated response.content.decode calls to use the ↵SaJH
HttpResponse.text property. Signed-off-by: SaJH <wogur981208@gmail.com>
2024-05-29Fixed 35467 -- Replaced urlparse with urlsplit where appropriate.Jake Howard
This work should not generate any change of functionality, and `urlsplit` is approximately 6x faster. Most use cases of `urlparse` didn't touch the path, so they can be converted to `urlsplit` without any issue. Most of those which do use `.path`, simply parse the URL, mutate the querystring, then put them back together, which is also fine (so long as urlunsplit is used).
2023-09-13Corrected logger in ↵Mariusz Felisiak
CsrfViewMiddlewareTestMixin.test_ensures_csrf_cookie_no_logging(). Logger was changed in 55fec16aafed30a9daa06d6ecdf8ca3ad361279e.
2023-02-01Refs #33476 -- Applied Black's 2023 stable style.David Smith
Black 23.1.0 is released which, as the first release of the year, introduces the 2023 stable style. This incorporates most of last year's preview style. https://github.com/psf/black/releases/tag/23.1.0
2023-01-17Refs #32800 -- Removed CSRF_COOKIE_MASKED transitional setting per ↵Mariusz Felisiak
deprecation timeline.
2022-03-09Fixed #33567 -- Avoided setting default text/html content type on responses.Claude Paroz
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2021-11-29Refs #32800 -- Renamed _sanitize_token() to _check_token_format().Chris Jerdonek
2021-11-29Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.Chris Jerdonek
This also adds CSRF_COOKIE_MASKED transitional setting helpful in migrating multiple instance of the same project to Django 4.1+. Thanks Florian Apolloner and Shai Berger for reviews. Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
2021-11-16Refs #32800 -- Avoided use of _does_token_match() in some CSRF tests.Chris Jerdonek
2021-11-16Refs #32800 -- Added CSRF tests for masked and unmasked secrets during GET.Chris Jerdonek
2021-08-17Refs #32800 -- Added test_masked_secret_accepted_and_not_replaced().Chris Jerdonek
This improves test_bare_secret_accepted_and_replaced() by adding a stronger assertion. It also adds a parallel test for the non-bare (masked) case.
2021-08-17Refs #32800 -- Improved CsrfViewMiddlewareTestMixin._check_token_present().Chris Jerdonek
This changes CsrfViewMiddlewareTestMixin._check_token_present() to give more detailed information if the check fails, and in particular why it failed. It also moves CsrfFunctionTests.assertMaskedSecretCorrect() to a separate CsrfFunctionTestMixin so the helper can be used in CsrfViewMiddlewareTestMixin.
2021-08-17Refs #32800 -- Used the cookie argument to ↵Chris Jerdonek
CsrfViewMiddlewareTestMixin._get_request() in more tests.
2021-08-03Refs #32800 -- Added tests of more CSRF functions.Chris Jerdonek
2021-08-03Refs #32800 -- Renamed _compare_masked_tokens() to _does_token_match().Chris Jerdonek
2021-07-23Fixed #32329 -- Made CsrfViewMiddleware catch more specific UnreadablePostError.Virtosu Bogdan
Thanks Chris Jerdonek for the review.
2021-07-23Refs #32329 -- Allowed specifying request class in csrf_tests test hooks.Virtosu Bogdan
2021-07-23Refs #32902 -- Moved ensure_csrf_cookie_view after protected_view.Chris Jerdonek
2021-07-23Fixed #32902 -- Fixed CsrfViewMiddleware.process_response()'s cookie reset ↵Chris Jerdonek
logic. Thanks Florian Apolloner and Shai Berger for reviews.
2021-07-23Refs #32902 -- Added CSRF test when rotate_token() is called between ↵Chris Jerdonek
resetting the token and processing response.
2021-06-30Refs #32885 -- Used _read_csrf_cookie()/_set_csrf_cookie() in more CSRF tests.Chris Jerdonek
2021-06-30Fixed #32885 -- Removed cookie-based token specific logic from ↵Chris Jerdonek
CsrfViewMiddlewareTestMixin.
2021-06-29Refs #32843 -- Added CsrfViewMiddlewareTestMixin._get_csrf_cookie_request() ↵Chris Jerdonek
hook.
2021-06-29Refs #32843 -- Added method/cookie arguments to ↵Chris Jerdonek
CsrfViewMiddlewareTestMixin._get_request(). This also removes unnecessary test hooks.
2021-06-29Refs #32843 -- Moved _get_GET_csrf_cookie_request() to ↵Chris Jerdonek
CsrfViewMiddlewareTestMixin.
2021-06-29Fixed #32843 -- Ensured the CSRF tests' _get_GET_csrf_cookie_request() sets ↵Chris Jerdonek
the request method.
2021-06-28Refs #32800 -- Added CsrfViewMiddleware tests for all combinations of ↵Chris Jerdonek
masked/unmasked cookies and tokens.
2021-06-28Refs #32800 -- Made CsrfViewMiddlewareTestMixin._csrf_id_cookie and ↵Chris Jerdonek
_csrf_id_token different. This also renames CsrfViewMiddlewareTestMixin._csrf_id to _csrf_id_token.
2021-06-28Refs #32800 -- Eliminated the need for separate _get_POST_bare_secret() methods.Chris Jerdonek
2021-06-28Refs #32800 -- Added to csrf_tests/tests.py the unmasked version of the secret.Chris Jerdonek
This also adds tests that the secret is correct, and updates existing tests to use the value.
2021-06-23Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token ↵Chris Jerdonek
error messages.
2021-06-23Refs #32817 -- Added tests for bad CSRF token provided via X-CSRFToken or ↵Chris Jerdonek
custom header.
2021-06-23Refs #32817 -- Added post_token/meta_token/token_header arguments to ↵Chris Jerdonek
_get_POST_csrf_cookie_request().
2021-06-23Refs #32817 -- Combined the bad-or-missing CSRF token tests.Chris Jerdonek
2021-06-01Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly ↵Chris Jerdonek
formatted cookie tokens.
2021-06-01Refs #32796 -- Added CsrfViewMiddleware tests for incorrectly formatted ↵Chris Jerdonek
cookie tokens.
2021-05-31Fixed #32795 -- Changed CsrfViewMiddleware to fail earlier on badly ↵Chris Jerdonek
formatted tokens.
2021-05-31Refs #32795 -- Added CsrfViewMiddleware tests for rejecting invalid or ↵Chris Jerdonek
missing tokens. This also improves test names for test_process_request_no_csrf_cookie and test_process_request_csrf_cookie_no_token. The logic being tested is actually in process_view() rather than process_request(), and it's not necessary to include the method name.
2021-05-28Fixed #32596 -- Added CsrfViewMiddleware._check_referer().Chris Jerdonek
This encapsulates CsrfViewMiddleware's referer logic into a method and updates existing tests to check the "seam" introduced by the refactor, when doing so would improve the test.
2021-05-27Refs #32596 -- Added extra tests for CsrfViewMiddleware's referer logic.Chris Jerdonek
2021-03-25Fixed #32578 -- Fixed crash in CsrfViewMiddleware when a request with Origin ↵Chris Jerdonek
header has an invalid host.
2021-03-22Made CsrfViewMiddlewareTestMixin._get_GET_no_csrf_cookie_request() return ↵Mariusz Felisiak
GET requests.
2021-03-19Fixed #32571 -- Made CsrfViewMiddleware handle invalid URLs in Referer header.Adam Donaghy
2021-03-18Fixed #16010 -- Added Origin header checking to CSRF middleware.Tim Graham
Thanks David Benjamin for the original patch, and Florian Apolloner, Chris Jerdonek, and Adam Johnson for reviews.
generated by cgit v1.3 (git 2.53.0) at 2026-06-30 20:20:00 +0000