mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 02:48:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token error messages.

Browse source
This commit is contained in:
Chris Jerdonek 2021-06-08 09:33:26 -07:00 committed by Mariusz Felisiak
parent 1a284afb07
commit fcb75651f9
2 changed files with 37 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

29
tests/csrf_tests/tests.py
View file

@ -147,12 +147,24 @@ class CsrfViewMiddlewareTestMixin:
"""
cases = [
(None, None, REASON_CSRF_TOKEN_MISSING),
(16 * 'a', None, 'CSRF token has incorrect length.'),
(64 * '*', None, 'CSRF token has invalid characters.'),
(64 * 'a', None, 'CSRF token incorrect.'),
(None, 16 * 'a', 'CSRF token has incorrect length.'),
(None, 64 * '*', 'CSRF token has invalid characters.'),
(None, 64 * 'a', 'CSRF token incorrect.'),
(16 * 'a', None, 'CSRF token from POST has incorrect length.'),
(64 * '*', None, 'CSRF token from POST has invalid characters.'),
(64 * 'a', None, 'CSRF token from POST incorrect.'),
(
None,
16 * 'a',
"CSRF token from the 'X-Csrftoken' HTTP header has incorrect length.",
),
(
None,
64 * '*',
"CSRF token from the 'X-Csrftoken' HTTP header has invalid characters.",
),
(
None,
64 * 'a',
"CSRF token from the 'X-Csrftoken' HTTP header incorrect.",
),
]
for post_token, meta_token, expected in cases:
with self.subTest(post_token=post_token, meta_token=meta_token):
@ -168,7 +180,10 @@ class CsrfViewMiddlewareTestMixin:
If a CSRF cookie is present and an invalid token is passed via a
custom CSRF_HEADER_NAME, the middleware rejects the incoming request.
"""
expected = 'CSRF token has incorrect length.'
expected = (
"CSRF token from the 'X-Csrftoken-Customized' HTTP header has "
"incorrect length."
)
self._check_bad_or_missing_token(
expected,
meta_token=16 * 'a',