PageRenderTime 88ms CodeModel.GetById 16ms RepoModel.GetById 1ms app.codeStats 0ms

/django/contrib/flatpages/tests/csrf.py

https://code.google.com/p/mango-py/
Python | 79 lines | 68 code | 11 blank | 0 comment | 2 complexity | 7c3808913d1979f43f8c42efa9b7e11f MD5 | raw file
Possible License(s): BSD-3-Clause
  1. import os
  2. from django.conf import settings
  3. from django.contrib.auth.models import User
  4. from django.test import TestCase, Client
  5. class FlatpageCSRFTests(TestCase):
  6. fixtures = ['sample_flatpages']
  7. urls = 'django.contrib.flatpages.tests.urls'
  8. def setUp(self):
  9. self.client = Client(enforce_csrf_checks=True)
  10. self.old_MIDDLEWARE_CLASSES = settings.MIDDLEWARE_CLASSES
  11. flatpage_middleware_class = 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware'
  12. csrf_middleware_class = 'django.middleware.csrf.CsrfViewMiddleware'
  13. if csrf_middleware_class not in settings.MIDDLEWARE_CLASSES:
  14. settings.MIDDLEWARE_CLASSES += (csrf_middleware_class,)
  15. if flatpage_middleware_class not in settings.MIDDLEWARE_CLASSES:
  16. settings.MIDDLEWARE_CLASSES += (flatpage_middleware_class,)
  17. self.old_TEMPLATE_DIRS = settings.TEMPLATE_DIRS
  18. settings.TEMPLATE_DIRS = (
  19. os.path.join(
  20. os.path.dirname(__file__),
  21. 'templates'
  22. ),
  23. )
  24. self.old_LOGIN_URL = settings.LOGIN_URL
  25. settings.LOGIN_URL = '/accounts/login/'
  26. def tearDown(self):
  27. settings.MIDDLEWARE_CLASSES = self.old_MIDDLEWARE_CLASSES
  28. settings.TEMPLATE_DIRS = self.old_TEMPLATE_DIRS
  29. settings.LOGIN_URL = self.old_LOGIN_URL
  30. def test_view_flatpage(self):
  31. "A flatpage can be served through a view, even when the middleware is in use"
  32. response = self.client.get('/flatpage_root/flatpage/')
  33. self.assertEqual(response.status_code, 200)
  34. self.assertContains(response, "<p>Isn't it flat!</p>")
  35. def test_view_non_existent_flatpage(self):
  36. "A non-existent flatpage raises 404 when served through a view, even when the middleware is in use"
  37. response = self.client.get('/flatpage_root/no_such_flatpage/')
  38. self.assertEqual(response.status_code, 404)
  39. def test_view_authenticated_flatpage(self):
  40. "A flatpage served through a view can require authentication"
  41. response = self.client.get('/flatpage_root/sekrit/')
  42. self.assertRedirects(response, '/accounts/login/?next=/flatpage_root/sekrit/')
  43. User.objects.create_user('testuser', 'test@example.com', 's3krit')
  44. self.client.login(username='testuser',password='s3krit')
  45. response = self.client.get('/flatpage_root/sekrit/')
  46. self.assertEqual(response.status_code, 200)
  47. self.assertContains(response, "<p>Isn't it sekrit!</p>")
  48. def test_fallback_flatpage(self):
  49. "A flatpage can be served by the fallback middlware"
  50. response = self.client.get('/flatpage/')
  51. self.assertEqual(response.status_code, 200)
  52. self.assertContains(response, "<p>Isn't it flat!</p>")
  53. def test_fallback_non_existent_flatpage(self):
  54. "A non-existent flatpage raises a 404 when served by the fallback middlware"
  55. response = self.client.get('/no_such_flatpage/')
  56. self.assertEqual(response.status_code, 404)
  57. def test_post_view_flatpage(self):
  58. "POSTing to a flatpage served through a view will raise a CSRF error if no token is provided (Refs #14156)"
  59. response = self.client.post('/flatpage_root/flatpage/')
  60. self.assertEqual(response.status_code, 403)
  61. def test_post_fallback_flatpage(self):
  62. "POSTing to a flatpage served by the middleware will raise a CSRF error if no token is provided (Refs #14156)"
  63. response = self.client.post('/flatpage/')
  64. self.assertEqual(response.status_code, 403)
  65. def test_post_unknown_page(self):
  66. "POSTing to an unknown page isn't caught as a 403 CSRF error"
  67. response = self.client.post('/no_such_page/')
  68. self.assertEqual(response.status_code, 404)