rotate_token via test client in 1.7a2

54 views
Skip to first unread message

Val Neekman

unread,
Mar 16, 2014, 7:03:34 PM3/16/14
to django-d...@googlegroups.com
Just wondering if CSRF token should be also rotated when accessed via unittest client.
Middleware is in place and rotation happens via a browser.

Bug or intended behaviour, or perhaps a misuse ?

        # Example
        self.client = Client(enforce_csrf_checks=True)
        resp = self.client.get(reverse('admin:login'))
        csrf_token_from_cookie_pre_login = self.client.cookies['csrftoken'].value

        credentials = {
            'username': 'me',
            'password': 'pass',
            'csrfmiddlewaretoken': csrf_token_from_cookie_pre_login,
        }
        resp = self.client.post(reverse('admin:login'), data=credentials)
        csrf_token_from_cookie_post_login = self.client.cookies['csrftoken'].value
        
       self.assertNotEqual(csrf_token_from_cookie_post_login, csrf_token_from_cookie_pre_login)
       # They are equal

Thanks,

Val

Reply all
Reply to author
Forward
0 new messages