← Back to branch summary

~ubuntu-branches/debian/jessie/lava-server/jessie

« back to all changes in this revision

Viewing changes to dashboard_app/tests/other/test_csrf.py

  • Committer: Package Import Robot
  • Author(s): Neil Williams
  • Date: 2014-06-29 19:29:34 UTC
  • Revision ID: package-import@ubuntu.com-20140629192934-ue8hrzzpye9isevt
Tags: upstream-2014.05.30.09
ImportĀ upstreamĀ versionĀ 2014.05.30.09

Show diffs side-by-side

added added

removed removed

Lines of Context:
dashboard_app/tests/other/test_csrf.py
 
1
# Copyright (C) 2010 Linaro Limited
 
2
#
 
3
# Author: Zygmunt Krynicki <zygmunt.krynicki@linaro.org>
 
4
#
 
5
# This file is part of Launch Control.
 
6
#
 
7
# Launch Control is free software: you can redistribute it and/or modify
 
8
# it under the terms of the GNU Affero General Public License version 3
 
9
# as published by the Free Software Foundation
 
10
#
 
11
# Launch Control is distributed in the hope that it will be useful,
 
12
# but WITHOUT ANY WARRANTY; without even the implied warranty of
 
13
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 
14
# GNU General Public License for more details.
 
15
#
 
16
# You should have received a copy of the GNU Affero General Public License
 
17
# along with Launch Control.  If not, see <http://www.gnu.org/licenses/>.
 
18
 
 
19
"""
 
20
Tests for Cross-Site Request Forgery middleware configuration
 
21
"""
 
22
import xmlrpclib
 
23
 
 
24
import django
 
25
from django import forms
 
26
from django.conf.urls import patterns, url
 
27
from django.core.urlresolvers import reverse
 
28
from django.http import HttpResponse
 
29
from django.template import Template, RequestContext
 
30
 
 
31
from dashboard_app.tests.utils import CSRFTestCase
 
32
from lava_server import urls
 
33
 
 
34
 
 
35
class CSRFConfigurationTestCase(CSRFTestCase):
 
36
 
 
37
    @property
 
38
    def urls(self):
 
39
        urlpatterns = urls.urlpatterns
 
40
        urlpatterns += patterns('', url(r'^test-form/', test_form))
 
41
        return type('urls', (), dict(urlpatterns=urlpatterns))
 
42
 
 
43
    def setUp(self):
 
44
        super(CSRFConfigurationTestCase, self).setUp()
 
45
        self.form_path = reverse(test_form)
 
46
 
 
47
    def test_csrf_token_present_in_form(self):
 
48
        if django.VERSION[:2] == (1, 1):
 
49
            # This feature is not supported on django 1.1
 
50
            return
 
51
        response = self.client.get(self.form_path)
 
52
        self.assertContains(response, "csrfmiddlewaretoken")
 
53
 
 
54
    def test_cross_site_form_submission_fails(self):
 
55
        if django.VERSION[:2] == (1, 1):
 
56
            # This feature is not supported on django 1.1
 
57
            return
 
58
        response = self.client.post(self.form_path, {'text': 'text'})
 
59
        self.assertEquals(response.status_code, 403)
 
60
 
 
61
    def test_csrf_not_protecting_xml_rpc_views(self):
 
62
        """call version and check that we didn't get 403"""
 
63
        endpoint_path = 'http://localhost/RPC2/'
 
64
        request_body = xmlrpclib.dumps((), methodname="dashboard.version")
 
65
        response = self.client.post(endpoint_path, request_body, "text/xml")
 
66
        self.assertContains(response, "<methodResponse>", status_code=200)
 
67
 
 
68
 
 
69
def test_form(request):
 
70
    t = Template(template)
 
71
    html = t.render(RequestContext(request, {'form': SingleTextFieldForm()}))
 
72
    return HttpResponse(html)
 
73
 
 
74
 
 
75
class SingleTextFieldForm(forms.Form):
 
76
    text = forms.CharField()
 
77
 
 
78
 
 
79
template = """
 
80
    <html>
 
81
     <body>
 
82
      <form action="." method="POST">
 
83
      {% csrf_token %}
 
84
       <table>{{ form.as_table }}</table>
 
85
      </form>
 
86
     </body>
 
87
    </html>
 
88
    """