2
from django.conf import settings
3
from django.test import TestCase, Client
5
class FlatpageCSRFTests(TestCase):
6
fixtures = ['sample_flatpages']
7
urls = 'django.contrib.flatpages.tests.urls'
10
self.client = Client(enforce_csrf_checks=True)
11
self.old_MIDDLEWARE_CLASSES = settings.MIDDLEWARE_CLASSES
12
flatpage_middleware_class = 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware'
13
csrf_middleware_class = 'django.middleware.csrf.CsrfViewMiddleware'
14
if csrf_middleware_class not in settings.MIDDLEWARE_CLASSES:
15
settings.MIDDLEWARE_CLASSES += (csrf_middleware_class,)
16
if flatpage_middleware_class not in settings.MIDDLEWARE_CLASSES:
17
settings.MIDDLEWARE_CLASSES += (flatpage_middleware_class,)
18
self.old_TEMPLATE_DIRS = settings.TEMPLATE_DIRS
19
settings.TEMPLATE_DIRS = (
21
os.path.dirname(__file__),
27
settings.MIDDLEWARE_CLASSES = self.old_MIDDLEWARE_CLASSES
28
settings.TEMPLATE_DIRS = self.old_TEMPLATE_DIRS
30
def test_view_flatpage(self):
31
"A flatpage can be served through a view, even when the middleware is in use"
32
response = self.client.get('/flatpage_root/flatpage/')
33
self.assertEquals(response.status_code, 200)
34
self.assertContains(response, "<p>Isn't it flat!</p>")
36
def test_view_non_existent_flatpage(self):
37
"A non-existent flatpage raises 404 when served through a view, even when the middleware is in use"
38
response = self.client.get('/flatpage_root/no_such_flatpage/')
39
self.assertEquals(response.status_code, 404)
41
def test_view_authenticated_flatpage(self):
42
"A flatpage served through a view can require authentication"
43
response = self.client.get('/flatpage_root/sekrit/')
44
self.assertRedirects(response, '/accounts/login/?next=/flatpage_root/sekrit/')
46
def test_fallback_flatpage(self):
47
"A flatpage can be served by the fallback middlware"
48
response = self.client.get('/flatpage/')
49
self.assertEquals(response.status_code, 200)
50
self.assertContains(response, "<p>Isn't it flat!</p>")
52
def test_fallback_non_existent_flatpage(self):
53
"A non-existent flatpage raises a 404 when served by the fallback middlware"
54
response = self.client.get('/no_such_flatpage/')
55
self.assertEquals(response.status_code, 404)
57
def test_post_view_flatpage(self):
58
"POSTing to a flatpage served through a view will raise a CSRF error if no token is provided (Refs #14156)"
59
response = self.client.post('/flatpage_root/flatpage/')
60
self.assertEquals(response.status_code, 403)
62
def test_post_fallback_flatpage(self):
63
"POSTing to a flatpage served by the middleware will raise a CSRF error if no token is provided (Refs #14156)"
64
response = self.client.post('/flatpage/')
65
self.assertEquals(response.status_code, 403)
67
def test_post_unknown_page(self):
68
"POSTing to an unknown page isn't caught as a 403 CSRF error"
69
response = self.client.post('/no_such_page/')
70
self.assertEquals(response.status_code, 404)