2 from django
.conf
import settings
3 from django
.contrib
.auth
.models
import User
4 from django
.test
import TestCase
, Client
6 class FlatpageCSRFTests(TestCase
):
7 fixtures
= ['sample_flatpages']
8 urls
= 'django.contrib.flatpages.tests.urls'
11 self
.client
= Client(enforce_csrf_checks
=True)
12 self
.old_MIDDLEWARE_CLASSES
= settings
.MIDDLEWARE_CLASSES
13 flatpage_middleware_class
= 'django.contrib.flatpages.middleware.FlatpageFallbackMiddleware'
14 csrf_middleware_class
= 'django.middleware.csrf.CsrfViewMiddleware'
15 if csrf_middleware_class
not in settings
.MIDDLEWARE_CLASSES
:
16 settings
.MIDDLEWARE_CLASSES
+= (csrf_middleware_class
,)
17 if flatpage_middleware_class
not in settings
.MIDDLEWARE_CLASSES
:
18 settings
.MIDDLEWARE_CLASSES
+= (flatpage_middleware_class
,)
19 self
.old_TEMPLATE_DIRS
= settings
.TEMPLATE_DIRS
20 settings
.TEMPLATE_DIRS
= (
22 os
.path
.dirname(__file__
),
26 self
.old_LOGIN_URL
= settings
.LOGIN_URL
27 settings
.LOGIN_URL
= '/accounts/login/'
30 settings
.MIDDLEWARE_CLASSES
= self
.old_MIDDLEWARE_CLASSES
31 settings
.TEMPLATE_DIRS
= self
.old_TEMPLATE_DIRS
32 settings
.LOGIN_URL
= self
.old_LOGIN_URL
34 def test_view_flatpage(self
):
35 "A flatpage can be served through a view, even when the middleware is in use"
36 response
= self
.client
.get('/flatpage_root/flatpage/')
37 self
.assertEqual(response
.status_code
, 200)
38 self
.assertContains(response
, "<p>Isn't it flat!</p>")
40 def test_view_non_existent_flatpage(self
):
41 "A non-existent flatpage raises 404 when served through a view, even when the middleware is in use"
42 response
= self
.client
.get('/flatpage_root/no_such_flatpage/')
43 self
.assertEqual(response
.status_code
, 404)
45 def test_view_authenticated_flatpage(self
):
46 "A flatpage served through a view can require authentication"
47 response
= self
.client
.get('/flatpage_root/sekrit/')
48 self
.assertRedirects(response
, '/accounts/login/?next=/flatpage_root/sekrit/')
49 User
.objects
.create_user('testuser', 'test@example.com', 's3krit')
50 self
.client
.login(username
='testuser',password
='s3krit')
51 response
= self
.client
.get('/flatpage_root/sekrit/')
52 self
.assertEqual(response
.status_code
, 200)
53 self
.assertContains(response
, "<p>Isn't it sekrit!</p>")
55 def test_fallback_flatpage(self
):
56 "A flatpage can be served by the fallback middlware"
57 response
= self
.client
.get('/flatpage/')
58 self
.assertEqual(response
.status_code
, 200)
59 self
.assertContains(response
, "<p>Isn't it flat!</p>")
61 def test_fallback_non_existent_flatpage(self
):
62 "A non-existent flatpage raises a 404 when served by the fallback middlware"
63 response
= self
.client
.get('/no_such_flatpage/')
64 self
.assertEqual(response
.status_code
, 404)
66 def test_post_view_flatpage(self
):
67 "POSTing to a flatpage served through a view will raise a CSRF error if no token is provided (Refs #14156)"
68 response
= self
.client
.post('/flatpage_root/flatpage/')
69 self
.assertEqual(response
.status_code
, 403)
71 def test_post_fallback_flatpage(self
):
72 "POSTing to a flatpage served by the middleware will raise a CSRF error if no token is provided (Refs #14156)"
73 response
= self
.client
.post('/flatpage/')
74 self
.assertEqual(response
.status_code
, 403)
76 def test_post_unknown_page(self
):
77 "POSTing to an unknown page isn't caught as a 403 CSRF error"
78 response
= self
.client
.post('/no_such_page/')
79 self
.assertEqual(response
.status_code
, 404)