Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Convert duplicated getCookie methods to helper function #92

Merged
merged 1 commit into from Aug 22, 2019
Merged

Convert duplicated getCookie methods to helper function #92

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
65 changes: 17 additions & 48 deletions test_seasurf.py
View file
Open in desktop
Expand Up @@ -25,6 +25,15 @@
b = lambda s: s.encode('utf-8')


def get_cookie(response, cookie_name):
cookies = response.headers.getlist('Set-Cookie')
for cookie in cookies:
value = parse_cookie(cookie).get(cookie_name)
if value:
return value
return None


class BaseTestCase(unittest.TestCase):
# Methods for backwards compatibility with python 2.5 & 2.6
def assertIn(self, value, container, err=None):
Expand Down Expand Up @@ -271,22 +280,14 @@ def test_exempt_view(self):
with self.app.test_client() as c:
rv = c.post('/foo')
self.assertIn(b('bar'), rv.data)
cookie = self.getCookie(rv, self.csrf._csrf_name)
cookie = get_cookie(rv, self.csrf._csrf_name)
self.assertEqual(cookie, None)

def test_token_validation(self):
# should produce a logger warning
rv = self.app.test_client().post('/bar')
self.assertIn(b('403 Forbidden'), rv.data)

def getCookie(self, response, cookie_name):
cookies = response.headers.getlist('Set-Cookie')
for cookie in cookies:
value = parse_cookie(cookie).get(cookie_name)
if value:
return value
return None


class SeaSurfTestCaseIncludeViews(BaseTestCase):
def setUp(self):
Expand Down Expand Up @@ -365,26 +366,18 @@ def test_exempt_view(self):
with self.app.test_client() as c:
rv = c.post('/foo/quz')
self.assertIn(b('bar'), rv.data)
cookie = self.getCookie(rv, self.csrf._csrf_name)
cookie = get_cookie(rv, self.csrf._csrf_name)
self.assertEqual(cookie, None)

def test_token_validation(self):
with self.app.test_client() as c:
# should produce a logger warning
rv = c.post('/bar')
self.assertIn(b('403 Forbidden'), rv.data)
cookie = self.getCookie(rv, self.csrf._csrf_name)
cookie = get_cookie(rv, self.csrf._csrf_name)
token = self.csrf._get_token()
self.assertEqual(cookie, token)

def getCookie(self, response, cookie_name):
cookies = response.headers.getlist('Set-Cookie')
for cookie in cookies:
value = parse_cookie(cookie).get(cookie_name)
if value:
return value
return None


class SeaSurfTestCaseDisableCookie(unittest.TestCase):
def setUp(self):
Expand Down Expand Up @@ -427,31 +420,23 @@ def test_has_csrf_cookie(self):
with self.app.test_client() as c:
rv = c.get('/foo/quz')
self.assertIn(b('bar'), rv.data)
cookie = self.getCookie(rv, self.csrf._csrf_name)
cookie = get_cookie(rv, self.csrf._csrf_name)
token = self.csrf._get_token()
self.assertEqual(cookie, token)

def test_no_csrf_cookie(self):
with self.app.test_client() as c:
rv = c.get('/foo/baz')
cookie = self.getCookie(rv, self.csrf._csrf_name)
cookie = get_cookie(rv, self.csrf._csrf_name)
self.assertEqual(cookie, None)

def test_no_csrf_cookie_even_after_manually_validated(self):
with self.app.test_client() as c:
rv = c.post('/manual')
self.assertIn(b('403 Forbidden'), rv.data)
cookie = self.getCookie(rv, self.csrf._csrf_name)
cookie = get_cookie(rv, self.csrf._csrf_name)
self.assertEqual(cookie, None)

def getCookie(self, response, cookie_name):
cookies = response.headers.getlist('Set-Cookie')
for cookie in cookies:
value = parse_cookie(cookie).get(cookie_name)
if value:
return value
return None


class SeaSurfTestCaseSkipValidation(unittest.TestCase):
def setUp(self):
Expand Down Expand Up @@ -497,7 +482,7 @@ def test_skips_validation(self):
with self.app.test_client() as c:
rv = c.post('/foo/quz')
self.assertIn(b('bar'), rv.data)
cookie = self.getCookie(rv, self.csrf._csrf_name)
cookie = get_cookie(rv, self.csrf._csrf_name)
token = self.csrf._get_token()
self.assertEqual(cookie, token)

Expand All @@ -519,14 +504,6 @@ def test_manual_validation(self):
rv = c.post('/manual')
self.assertIn(b('403 Forbidden'), rv.data)

def getCookie(self, response, cookie_name):
cookies = response.headers.getlist('Set-Cookie')
for cookie in cookies:
value = parse_cookie(cookie).get(cookie_name)
if value:
return value
return None


class SeaSurfTestManualValidation(unittest.TestCase):
def setUp(self):
Expand All @@ -553,18 +530,10 @@ def test_can_manually_validate_exempt_views(self):
with self.app.test_client() as c:
rv = c.post('/manual')
self.assertIn(b('403 Forbidden'), rv.data)
cookie = self.getCookie(rv, self.csrf._csrf_name)
cookie = get_cookie(rv, self.csrf._csrf_name)
token = self.csrf._get_token()
self.assertEqual(cookie, token)

def getCookie(self, response, cookie_name):
cookies = response.headers.getlist('Set-Cookie')
for cookie in cookies:
value = parse_cookie(cookie).get(cookie_name)
if value:
return value
return None


class SeaSurfTestCaseSave(BaseTestCase):
def setUp(self):
Expand Down