1
# Copyright (C) 2010 Linaro Limited
3
# Author: Zygmunt Krynicki <zygmunt.krynicki@linaro.org>
5
# This file is part of Launch Control.
7
# Launch Control is free software: you can redistribute it and/or modify
8
# it under the terms of the GNU Affero General Public License version 3
9
# as published by the Free Software Foundation
11
# Launch Control is distributed in the hope that it will be useful,
12
# but WITHOUT ANY WARRANTY; without even the implied warranty of
13
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
# GNU General Public License for more details.
16
# You should have received a copy of the GNU Affero General Public License
17
# along with Launch Control. If not, see <http://www.gnu.org/licenses/>.
20
Tests for Cross-Site Request Forgery middleware configuration
25
from django import forms
26
from django.conf.urls import patterns, url
27
from django.core.urlresolvers import reverse
28
from django.http import HttpResponse
29
from django.template import Template, RequestContext
31
from dashboard_app.tests.utils import CSRFTestCase
32
from lava_server import urls
35
class CSRFConfigurationTestCase(CSRFTestCase):
39
urlpatterns = urls.urlpatterns
40
urlpatterns += patterns('', url(r'^test-form/', test_form))
41
return type('urls', (), dict(urlpatterns=urlpatterns))
44
super(CSRFConfigurationTestCase, self).setUp()
45
self.form_path = reverse(test_form)
47
def test_csrf_token_present_in_form(self):
48
if django.VERSION[:2] == (1, 1):
49
# This feature is not supported on django 1.1
51
response = self.client.get(self.form_path)
52
self.assertContains(response, "csrfmiddlewaretoken")
54
def test_cross_site_form_submission_fails(self):
55
if django.VERSION[:2] == (1, 1):
56
# This feature is not supported on django 1.1
58
response = self.client.post(self.form_path, {'text': 'text'})
59
self.assertEquals(response.status_code, 403)
61
def test_csrf_not_protecting_xml_rpc_views(self):
62
"""call version and check that we didn't get 403"""
63
endpoint_path = 'http://localhost/RPC2/'
64
request_body = xmlrpclib.dumps((), methodname="dashboard.version")
65
response = self.client.post(endpoint_path, request_body, "text/xml")
66
self.assertContains(response, "<methodResponse>", status_code=200)
69
def test_form(request):
70
t = Template(template)
71
html = t.render(RequestContext(request, {'form': SingleTextFieldForm()}))
72
return HttpResponse(html)
75
class SingleTextFieldForm(forms.Form):
76
text = forms.CharField()
82
<form action="." method="POST">
84
<table>{{ form.as_table }}</table>