mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-23 07:40:44 +00:00
Code Issues32 Releases Wiki Activity
29,756 Commits 29 Branches 438 Tags
1ff0ea6e9b
Commit Graph

76 Commits

Author SHA1 Message Date
Chris Jerdonek
43d1ea6e2f Refs -- Used _read_csrf_cookie()/_set_csrf_cookie() in more CSRF tests. 2021-06-30 07:48:15 +02:00
Chris Jerdonek
abc8795632 Fixed -- Removed cookie-based token specific logic from CsrfViewMiddlewareTestMixin. 2021-06-30 07:48:15 +02:00
Chris Jerdonek
594d6e9407 Refs -- Added CsrfViewMiddlewareTestMixin._get_csrf_cookie_request() hook. 2021-06-29 08:56:13 +02:00
Chris Jerdonek
c8439d1dba Refs -- Added method/cookie arguments to CsrfViewMiddlewareTestMixin._get_request(). 
This also removes unnecessary test hooks.
 2021-06-29 08:56:13 +02:00
Chris Jerdonek
6bccb64347 Refs -- Moved _get_GET_csrf_cookie_request() to CsrfViewMiddlewareTestMixin. 2021-06-29 08:56:05 +02:00
Chris Jerdonek
4397d2bd6b Fixed -- Ensured the CSRF tests' _get_GET_csrf_cookie_request() sets the request method. 2021-06-29 08:14:25 +02:00
Chris Jerdonek
5e60c3943b Refs -- Added CsrfViewMiddleware tests for all combinations of masked/unmasked cookies and tokens. 2021-06-28 08:31:30 +02:00
Chris Jerdonek
defa8d3d87 Refs -- Made CsrfViewMiddlewareTestMixin._csrf_id_cookie and _csrf_id_token different. 
This also renames CsrfViewMiddlewareTestMixin._csrf_id to _csrf_id_token.
 2021-06-28 08:09:53 +02:00
Chris Jerdonek
2523c32d50 Refs -- Eliminated the need for separate _get_POST_bare_secret() methods. 2021-06-28 08:08:43 +02:00
Chris Jerdonek
c8108591b9 Refs -- Added to csrf_tests/tests.py the unmasked version of the secret. 
This also adds tests that the secret is correct, and updates existing
tests to use the value.
 2021-06-28 07:59:22 +02:00
Chris Jerdonek
fcb75651f9 Fixed -- Added the token source to CsrfViewMiddleware's bad token error messages. 2021-06-23 16:07:15 +02:00
Chris Jerdonek
1a284afb07 Refs -- Added tests for bad CSRF token provided via X-CSRFToken or custom header. 2021-06-23 16:07:07 +02:00
Chris Jerdonek
6837bd68a4 Refs -- Added post_token/meta_token/token_header arguments to _get_POST_csrf_cookie_request(). 2021-06-23 16:07:07 +02:00
Chris Jerdonek
999402f142 Refs -- Combined the bad-or-missing CSRF token tests. 2021-06-23 16:07:07 +02:00
Chris Jerdonek
cd19db10df Fixed -- Changed CsrfViewMiddleware to fail earlier on badly formatted cookie tokens. 2021-06-01 09:02:27 +02:00
Chris Jerdonek
623cec0879 Refs -- Added CsrfViewMiddleware tests for incorrectly formatted cookie tokens. 2021-06-01 09:02:23 +02:00
Chris Jerdonek
55775891fb Fixed -- Changed CsrfViewMiddleware to fail earlier on badly formatted tokens. 2021-05-31 21:12:21 +02:00
Chris Jerdonek
ffdee8d264 Refs -- Added CsrfViewMiddleware tests for rejecting invalid or missing tokens. 
This also improves test names for test_process_request_no_csrf_cookie
and test_process_request_csrf_cookie_no_token. The logic being tested
is actually in process_view() rather than process_request(), and it's
not necessary to include the method name.
 2021-05-31 21:12:17 +02:00
Chris Jerdonek
71179a6124 Fixed -- Added CsrfViewMiddleware._check_referer(). 
This encapsulates CsrfViewMiddleware's referer logic into a method and
updates existing tests to check the "seam" introduced by the refactor,
when doing so would improve the test.
 2021-05-28 07:31:56 +02:00
Chris Jerdonek
02c59b7a43 Refs -- Added extra tests for CsrfViewMiddleware's referer logic. 2021-05-27 10:53:20 +02:00
Chris Jerdonek
ff514309e1 Fixed -- Fixed crash in CsrfViewMiddleware when a request with Origin header has an invalid host. 2021-03-25 10:34:58 +01:00
Mariusz Felisiak
717b5e633a
Made CsrfViewMiddlewareTestMixin._get_GET_no_csrf_cookie_request() return GET requests. 2021-03-22 08:22:58 +01:00
Adam Donaghy
e49fdfa405 Fixed -- Made CsrfViewMiddleware handle invalid URLs in Referer header. 2021-03-19 11:19:19 +01:00
Tim Graham
2411b8b5eb Fixed -- Added Origin header checking to CSRF middleware. 
Thanks David Benjamin for the original patch, and Florian
Apolloner, Chris Jerdonek, and Adam Johnson for reviews.
 2021-03-18 20:25:20 +01:00
Tim Graham
dba44a7a7a Refs -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme. 2021-03-18 20:00:22 +01:00
François Freitag
7ca7f4495b Refs -- Added SimpleTestCase.assertNoLogs() on Python < 3.10. 2021-03-02 20:35:33 +01:00
Jon Dufresne
d6aff369ad Refs -- Simplified regex match group access with Match.__getitem__(). 
The method has been available since Python 3.6. The shorter syntax is
also marginally faster.
 2020-05-11 12:01:28 +02:00
Ram Rachum
5b09354954
Fixed -- Renamed salt to mask for CSRF tokens. 2020-02-25 14:16:19 +01:00
Claude Paroz
4d973f5939 Refs -- Deprecated passing None as get_response arg to middleware classes. 
This is the new contract since middleware refactoring in Django 1.10.

Co-authored-by: Carlton Gibson <carlton.gibson@noumenal.es>
Co-authored-by: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2020-02-18 20:03:44 +01:00
Claude Paroz
9d5a487f33 Dropped obsolete mimetype kwarg in csrf test view 2019-09-21 20:46:39 +02:00
Jon Dufresne
7785e03ba8 Fixed -- Replaced OSError aliases with the canonical OSError. 
Used more specific errors (e.g. FileExistsError) as appropriate.
 2019-01-28 11:15:06 -05:00
Michal Čihař
22e8ab0286 Fixed -- Prevented session resaving if CSRF cookie is unchanged. 2018-09-08 11:46:13 -04:00
Claude Paroz
607970f31c Replaced django.test.utils.patch_logger() with assertLogs(). 
Thanks Tim Graham for the review.
 2018-05-07 09:34:00 -04:00
CHI Cheng
98019df855 Used double quotation marks for csrf form element. 2018-05-03 08:57:18 +02:00
Alex Gaynor
9a56b4b13e Fixed -- Added support for the SameSite cookie flag. 
Thanks Alex Gaynor for contributing to the patch.
 2018-04-13 20:58:31 -04:00
Tomer Chachamu
7ec0fdf62a Fixed -- Fixed crash in CsrfViewMiddleware when an HTTPS request has an invalid host. 2018-02-14 20:24:01 -05:00
Jon Dufresne
ff05de760c Fixed -- Removed closing slash from HTML void tags. 2018-01-21 02:09:10 -05:00
Florian Apolloner
c4c128d67c Fixed -- Reallowed error handlers to access CSRF tokens. 
Regression in eef95ea96faef0b7dbbe0c8092202b74f68a899b.
 2017-09-20 16:22:18 -04:00
Florian Apolloner
77f82c4bf1 Initialized CsrfViewMiddleware once in csrf_tests. 2017-09-20 16:22:12 -04:00
Claude Paroz
c688336ebc Refs -- Assumed request COOKIES and META are str 2017-01-30 14:13:29 +01:00
chillaranand
d6eaf7c018 Refs -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Claude Paroz
2366100872 Removed unneeded force_text calls in the test suite 2017-01-24 18:45:54 +01:00
Simon Charette
cecc079168 Refs -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz
7b2f2e74ad Refs -- Removed six.<various>_types usage 
Thanks Tim Graham and Simon Charette for the reviews.
 2017-01-18 20:18:46 +01:00
Claude Paroz
d7b9aaa366 Refs -- Removed encoding preambles and future imports 2017-01-18 09:55:19 +01:00
Tim Graham
78500102b7 Moved csrf_tests views to a spearate file. 2016-11-30 18:24:29 -05:00
Raphael Michel
ddf169cdac Refs -- Allowed storing CSRF tokens in sessions. 
Major thanks to Shai for helping to refactor the tests, and to
Shai, Tim, Florian, and others for extensive and helpful review.
 2016-11-30 08:57:27 -05:00
za
321e94fa41 Refs -- Removed "Tests that", "Ensures that", etc. from test docstrings. 2016-11-10 21:30:21 -05:00
Tim Graham
7fe2d8d940 Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True. 
This is a security fix.
 2016-11-01 09:30:57 -04:00
Jon Dufresne
4f336f6652 Fixed -- Used more specific assertions in the Django test suite. 2016-06-16 14:19:18 -04:00