From 2808cdc8fb15ad27f83af3e62db69f5ea7ced29e Mon Sep 17 00:00:00 2001 From: Hasan Ramezani Date: Mon, 7 Sep 2020 13:33:47 +0200 Subject: Fixed #31962 -- Made SessionMiddleware raise SessionInterrupted when session destroyed while request is processing. --- tests/handlers/tests.py | 8 ++++++++ tests/handlers/urls.py | 1 + tests/handlers/views.py | 6 +++++- tests/sessions_tests/tests.py | 10 ++++++---- tests/view_tests/tests/test_debug.py | 20 ++++++++++++++++++++ tests/view_tests/urls.py | 1 + tests/view_tests/views.py | 8 +++++++- 7 files changed, 48 insertions(+), 6 deletions(-) (limited to 'tests') diff --git a/tests/handlers/tests.py b/tests/handlers/tests.py index 3b655a91c2..1d445cd38c 100644 --- a/tests/handlers/tests.py +++ b/tests/handlers/tests.py @@ -176,6 +176,10 @@ class HandlerRequestTests(SimpleTestCase): response = self.client.get('/suspicious/') self.assertEqual(response.status_code, 400) + def test_bad_request_in_view_returns_400(self): + response = self.client.get('/bad_request/') + self.assertEqual(response.status_code, 400) + def test_invalid_urls(self): response = self.client.get('~%A9helloworld') self.assertEqual(response.status_code, 404) @@ -259,6 +263,10 @@ class AsyncHandlerRequestTests(SimpleTestCase): response = await self.async_client.get('/suspicious/') self.assertEqual(response.status_code, 400) + async def test_bad_request_in_view_returns_400(self): + response = await self.async_client.get('/bad_request/') + self.assertEqual(response.status_code, 400) + async def test_no_response(self): msg = ( "The view handlers.views.no_response didn't return an " diff --git a/tests/handlers/urls.py b/tests/handlers/urls.py index a438da55b4..e287e3734e 100644 --- a/tests/handlers/urls.py +++ b/tests/handlers/urls.py @@ -10,6 +10,7 @@ urlpatterns = [ path('streaming/', views.streaming), path('in_transaction/', views.in_transaction), path('not_in_transaction/', views.not_in_transaction), + path('bad_request/', views.bad_request), path('suspicious/', views.suspicious), path('malformed_post/', views.malformed_post), path('httpstatus_enum/', views.httpstatus_enum), diff --git a/tests/handlers/views.py b/tests/handlers/views.py index 6d573c5df8..739aa2de40 100644 --- a/tests/handlers/views.py +++ b/tests/handlers/views.py @@ -1,7 +1,7 @@ import asyncio from http import HTTPStatus -from django.core.exceptions import SuspiciousOperation +from django.core.exceptions import BadRequest, SuspiciousOperation from django.db import connection, transaction from django.http import HttpResponse, StreamingHttpResponse from django.views.decorators.csrf import csrf_exempt @@ -33,6 +33,10 @@ def not_in_transaction(request): return HttpResponse(str(connection.in_atomic_block)) +def bad_request(request): + raise BadRequest() + + def suspicious(request): raise SuspiciousOperation('dubious') diff --git a/tests/sessions_tests/tests.py b/tests/sessions_tests/tests.py index 29b58073e1..11adef9d75 100644 --- a/tests/sessions_tests/tests.py +++ b/tests/sessions_tests/tests.py @@ -19,7 +19,9 @@ from django.contrib.sessions.backends.file import SessionStore as FileSession from django.contrib.sessions.backends.signed_cookies import ( SessionStore as CookieSession, ) -from django.contrib.sessions.exceptions import InvalidSessionKey +from django.contrib.sessions.exceptions import ( + InvalidSessionKey, SessionInterrupted, +) from django.contrib.sessions.middleware import SessionMiddleware from django.contrib.sessions.models import Session from django.contrib.sessions.serializers import ( @@ -28,7 +30,7 @@ from django.contrib.sessions.serializers import ( from django.core import management from django.core.cache import caches from django.core.cache.backends.base import InvalidCacheBackendError -from django.core.exceptions import ImproperlyConfigured, SuspiciousOperation +from django.core.exceptions import ImproperlyConfigured from django.http import HttpResponse from django.test import ( RequestFactory, SimpleTestCase, TestCase, ignore_warnings, @@ -746,10 +748,10 @@ class SessionMiddlewareTests(TestCase): "The request's session was deleted before the request completed. " "The user may have logged out in a concurrent request, for example." ) - with self.assertRaisesMessage(SuspiciousOperation, msg): + with self.assertRaisesMessage(SessionInterrupted, msg): # Handle the response through the middleware. It will try to save # the deleted session which will cause an UpdateError that's caught - # and raised as a SuspiciousOperation. + # and raised as a SessionInterrupted. middleware(request) def test_session_delete_on_end(self): diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py index 6d1b3e6f48..2337d3ed3d 100644 --- a/tests/view_tests/tests/test_debug.py +++ b/tests/view_tests/tests/test_debug.py @@ -86,6 +86,16 @@ class DebugViewTests(SimpleTestCase): response = self.client.get('/raises400/') self.assertContains(response, '