PageRenderTime 42ms CodeModel.GetById 20ms app.highlight 9ms RepoModel.GetById 11ms app.codeStats 0ms

/django/contrib/flatpages/tests/csrf.py

https://code.google.com/p/mango-py/
Python | 79 lines | 68 code | 11 blank | 0 comment | 6 complexity | 7c3808913d1979f43f8c42efa9b7e11f MD5 | raw file
 1import os
 2from django.conf import settings
 3from django.contrib.auth.models import User
 4from django.test import TestCase, Client
 5
 6class FlatpageCSRFTests(TestCase):
 7    fixtures = ['sample_flatpages']
 8    urls = 'django.contrib.flatpages.tests.urls'
 9
10    def setUp(self):
11        self.client = Client(enforce_csrf_checks=True)
12        self.old_MIDDLEWARE_CLASSES = settings.MIDDLEWARE_CLASSES
13        flatpage_middleware_class = 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware'
14        csrf_middleware_class = 'django.middleware.csrf.CsrfViewMiddleware'
15        if csrf_middleware_class not in settings.MIDDLEWARE_CLASSES:
16            settings.MIDDLEWARE_CLASSES += (csrf_middleware_class,)
17        if flatpage_middleware_class not in settings.MIDDLEWARE_CLASSES:
18            settings.MIDDLEWARE_CLASSES += (flatpage_middleware_class,)
19        self.old_TEMPLATE_DIRS = settings.TEMPLATE_DIRS
20        settings.TEMPLATE_DIRS = (
21            os.path.join(
22                os.path.dirname(__file__),
23                'templates'
24            ),
25        )
26        self.old_LOGIN_URL = settings.LOGIN_URL
27        settings.LOGIN_URL = '/accounts/login/'
28
29    def tearDown(self):
30        settings.MIDDLEWARE_CLASSES = self.old_MIDDLEWARE_CLASSES
31        settings.TEMPLATE_DIRS = self.old_TEMPLATE_DIRS
32        settings.LOGIN_URL = self.old_LOGIN_URL
33
34    def test_view_flatpage(self):
35        "A flatpage can be served through a view, even when the middleware is in use"
36        response = self.client.get('/flatpage_root/flatpage/')
37        self.assertEqual(response.status_code, 200)
38        self.assertContains(response, "<p>Isn't it flat!</p>")
39
40    def test_view_non_existent_flatpage(self):
41        "A non-existent flatpage raises 404 when served through a view, even when the middleware is in use"
42        response = self.client.get('/flatpage_root/no_such_flatpage/')
43        self.assertEqual(response.status_code, 404)
44
45    def test_view_authenticated_flatpage(self):
46        "A flatpage served through a view can require authentication"
47        response = self.client.get('/flatpage_root/sekrit/')
48        self.assertRedirects(response, '/accounts/login/?next=/flatpage_root/sekrit/')
49        User.objects.create_user('testuser', 'test@example.com', 's3krit')
50        self.client.login(username='testuser',password='s3krit')
51        response = self.client.get('/flatpage_root/sekrit/')
52        self.assertEqual(response.status_code, 200)
53        self.assertContains(response, "<p>Isn't it sekrit!</p>")
54
55    def test_fallback_flatpage(self):
56        "A flatpage can be served by the fallback middlware"
57        response = self.client.get('/flatpage/')
58        self.assertEqual(response.status_code, 200)
59        self.assertContains(response, "<p>Isn't it flat!</p>")
60
61    def test_fallback_non_existent_flatpage(self):
62        "A non-existent flatpage raises a 404 when served by the fallback middlware"
63        response = self.client.get('/no_such_flatpage/')
64        self.assertEqual(response.status_code, 404)
65
66    def test_post_view_flatpage(self):
67        "POSTing to a flatpage served through a view will raise a CSRF error if no token is provided (Refs #14156)"
68        response = self.client.post('/flatpage_root/flatpage/')
69        self.assertEqual(response.status_code, 403)
70
71    def test_post_fallback_flatpage(self):
72        "POSTing to a flatpage served by the middleware will raise a CSRF error if no token is provided (Refs #14156)"
73        response = self.client.post('/flatpage/')
74        self.assertEqual(response.status_code, 403)
75
76    def test_post_unknown_page(self):
77        "POSTing to an unknown page isn't caught as a 403 CSRF error"
78        response = self.client.post('/no_such_page/')
79        self.assertEqual(response.status_code, 404)