X-Git-Url: https://git.mdrn.pl/django-ssify.git/blobdiff_plain/2d7e228b32c77e5dc22381eca64dbbb510604cc1..49bb850ee3f5c4fbd32643c6019b8e1c8ccf619a:/tests/tests/test_csrf.py
diff --git a/tests/tests/test_csrf.py b/tests/tests/test_csrf.py
index 62173ce..8822336 100644
--- a/tests/tests/test_csrf.py
+++ b/tests/tests/test_csrf.py
@@ -4,9 +4,16 @@
#
from __future__ import unicode_literals
+import re
from django.conf import settings
from django.test import Client, TestCase
+try:
+ from django.middleware.csrf import _compare_salted_tokens
+except ImportError:
+ # Django < 1.10
+ _compare_salted_tokens = lambda t1, t2: t1 == t2
+
class CsrfTestCase(TestCase):
def setUp(self):
@@ -15,24 +22,21 @@ class CsrfTestCase(TestCase):
def assertCsrfTokenOk(self, response):
token = response.cookies[settings.CSRF_COOKIE_NAME].value
self.assertTrue(token)
- self.assertEqual(
- response.content.strip(),
- ("\n\n"
- "' />" % token).encode('ascii')
+ match = re.match(
+ r"\n\n"
+ r"' />",
+ response.content.strip().decode('ascii'),
+ re.MULTILINE
)
+ self.assertTrue(_compare_salted_tokens(match.group(1), token))
return token
def test_csrf_token(self):
response = self.client.get('/csrf')
token = self.assertCsrfTokenOk(response)
- # And now for a second request, with the token cookie.
- response = self.client.get('/csrf')
- new_token = self.assertCsrfTokenOk(response)
- self.assertEqual(new_token, token)
-
# Make a bad request to see that CSRF protection works.
response = self.client.post('/csrf_check', {
'test': 'some data',