heckyel/mediagoblin
0
0
Fork 0
Code Issues Pull Requests Releases Activity

Issue 680 Allow decorating views to prevent CSRF protection.

Browse Source
This commit is contained in:
Nathan Yergler
2011-11-26 15:32:35 -08:00
parent 91cf67385a
commit ca9ebfe2e0
2 changed files with 32 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
mediagoblin/tests/test_csrf_middleware.py
View File

@@ -27,7 +27,7 @@ from mediagoblin import mg_globals
def test_csrf_cookie_set(test_app):
cookie_name = mg_globals.app_config['csrf_cookie_name']
# get login page
response = test_app.get('/auth/login/')
@@ -69,3 +69,22 @@ def test_csrf_token_must_match(test_app):
mg_globals.app_config['csrf_cookie_name'])},
extra_environ={'gmg.verify_csrf': True}).\
status_int == 200
@setup_fresh_app
def test_csrf_exempt(test_app):
# monkey with the views to decorate a known endpoint
import mediagoblin.auth.views
from mediagoblin.meddleware.csrf import csrf_exempt
mediagoblin.auth.views.login = csrf_exempt(
mediagoblin.auth.views.login
)
# construct a request with no cookie or form token
assert test_app.post('/auth/login/',
extra_environ={'gmg.verify_csrf': True},
expect_errors=False).status_int == 200
# restore the CSRF protection in case other tests expect it
mediagoblin.auth.views.login.csrf_enabled = True