X-Git-Url: https://git.mdrn.pl/django-ssify.git/blobdiff_plain/3d2c8ba4dfb4774daff367dae1656099eb2b562c..196df9e8170262c31790260d4e280b9981b557d1:/tests/tests/test_csrf.py diff --git a/tests/tests/test_csrf.py b/tests/tests/test_csrf.py new file mode 100644 index 0000000..62173ce --- /dev/null +++ b/tests/tests/test_csrf.py @@ -0,0 +1,53 @@ +# -*- coding: utf-8 -*- +# This file is part of django-ssify, licensed under GNU Affero GPLv3 or later. +# Copyright © Fundacja Nowoczesna Polska. See README.md for more information. +# +from __future__ import unicode_literals + +from django.conf import settings +from django.test import Client, TestCase + + +class CsrfTestCase(TestCase): + def setUp(self): + self.client = Client(enforce_csrf_checks=True) + + def assertCsrfTokenOk(self, response): + token = response.cookies[settings.CSRF_COOKIE_NAME].value + self.assertTrue(token) + self.assertEqual( + response.content.strip(), + ("\n\n" + "' />" % token).encode('ascii') + ) + return token + + def test_csrf_token(self): + response = self.client.get('/csrf') + token = self.assertCsrfTokenOk(response) + + # And now for a second request, with the token cookie. + response = self.client.get('/csrf') + new_token = self.assertCsrfTokenOk(response) + self.assertEqual(new_token, token) + + # Make a bad request to see that CSRF protection works. + response = self.client.post('/csrf_check', { + 'test': 'some data', + }) + self.assertEqual(response.status_code, 403) + + # Make a good request. + response = self.client.post('/csrf_check', { + 'test': 'some data', + 'csrfmiddlewaretoken': token, + }) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.content, b'some data') + + def test_new_csrf_token_in_cached_response(self): + Client().get('/csrf') + response = Client().get('/csrf') + token = self.assertCsrfTokenOk(response)