← Back to branch summary

~ubuntu-branches/ubuntu/quantal/python-django/quantal-security

« back to all changes in this revision

Viewing changes to tests/modeltests/test_client/models.py

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2010-10-12 11:34:35 UTC
  • mfrom: (1.1.12 upstream) (29.1.1 maverick-security)
  • Revision ID: james.westby@ubuntu.com-20101012113435-yy57c8tx6g9anf3e
Tags: 1.2.3-1ubuntu0.1
* SECURITY UPDATE: XSS in CSRF protections. New upstream release
  - CVE-2010-3082
* debian/patches/01_disable_url_verify_regression_tests.diff:
  - updated to disable another test that fails without internet connection
  - patch based on work by Kai Kasurinen and Krzysztof Klimonda
* debian/control: don't Build-Depends on locales-all, which doesn't exist
  in maverick

Show diffs side-by-side

added added

removed removed

Lines of Context:
tests/modeltests/test_client/models.py
21
21
 
22
22
"""
23
23
from django.test import Client, TestCase
 
24
from django.conf import settings
24
25
from django.core import mail
25
26
 
26
27
class ClientTest(TestCase):
433
434
        self.assertEqual(mail.outbox[1].from_email, 'from@example.com')
434
435
        self.assertEqual(mail.outbox[1].to[0], 'second@example.com')
435
436
        self.assertEqual(mail.outbox[1].to[1], 'third@example.com')
 
437
 
 
438
class CSRFEnabledClientTests(TestCase):
 
439
    def setUp(self):
 
440
        # Enable the CSRF middleware for this test
 
441
        self.old_MIDDLEWARE_CLASSES = settings.MIDDLEWARE_CLASSES
 
442
        csrf_middleware_class = 'django.middleware.csrf.CsrfViewMiddleware'
 
443
        if csrf_middleware_class not in settings.MIDDLEWARE_CLASSES:
 
444
            settings.MIDDLEWARE_CLASSES += (csrf_middleware_class,)
 
445
 
 
446
    def tearDown(self):
 
447
        settings.MIDDLEWARE_CLASSES = self.old_MIDDLEWARE_CLASSES
 
448
 
 
449
    def test_csrf_enabled_client(self):
 
450
        "A client can be instantiated with CSRF checks enabled"
 
451
        csrf_client = Client(enforce_csrf_checks=True)
 
452
 
 
453
        # The normal client allows the post
 
454
        response = self.client.post('/test_client/post_view/', {})
 
455
        self.assertEqual(response.status_code, 200)
 
456
 
 
457
        # The CSRF-enabled client rejects it
 
458
        response = csrf_client.post('/test_client/post_view/', {})
 
459
        self.assertEqual(response.status_code, 403)