Commits

Mikhail Korobov committed 7b42d0b

Re-enable CSRF checks by default but make them optional.

Comments (0)

Files changed (3)

 django-webtest
 ==============
 
-django-webtest is an almost trivial app for instant integration of
-Ian Bicking's WebTest (http://pythonpaste.org/webtest/) with django's
+django-webtest is an app for instant integration of Ian Bicking's
+WebTest (http://pythonpaste.org/webtest/) with django's
 testing framework.
 
 Usage
 attributes contain a list of templates that were used to render the response
 and the context used to render these templates.
 
+Unlike django's native test client CSRF checks are not suppressed so
+missing CSRF tokens will cause test fails (and that's good).
+
+If forms are submitted via WebTest forms API then all form fields (including
+CSRF token) are submitted automagically::
+
+    class AuthTest(WebTest):
+        fixtures = ['users.json']
+
+        def test_login(self)
+            login_form = self.app.get(reverse('auth_login')).form
+            form['username'] = 'foo'
+            form['password'] = 'bar'
+            response = form.submit().follow()
+            self.assertEqual(response.context['user'].username, 'foo')
+
+However if forms are submitted via raw POST requests using ``app.post`` then
+csrf tokens become hard to construct. CSRF checks can be disabled by setting
+``csrf_checks`` attribute to False in this case::
+
+    class MyTestCase(WebTest):
+        csrf_checks = False
+        def test_post(self)
+            self.app.post('/')
+
 All of these features can be easily set up manually (thanks to WebTest
 architecture) and they are even not neccessary for using WebTest with django but
 it is nice to have some sort of integration instantly.

django_webtest/__init__.py

 class WebTest(TestCase):
 
     extra_environ = {}
+    csrf_checks = True
 
     def _patch_settings(self):
-        ''' Patch settings to add support for REMOTE_USER authorization '''
+        ''' Patch settings to add support for REMOTE_USER authorization
+            and (optional) to disable CSRF checks
+        '''
         self._MIDDLEWARE_CLASSES = settings.MIDDLEWARE_CLASSES[:]
         self._AUTHENTICATION_BACKENDS = settings.AUTHENTICATION_BACKENDS[:]
 
-        disable_csrf_middleware = 'django_webtest.middleware.DisableCSRFCheckMiddleware'
-        if not disable_csrf_middleware in settings.MIDDLEWARE_CLASSES:
-            settings.MIDDLEWARE_CLASSES = (disable_csrf_middleware,) + settings.MIDDLEWARE_CLASSES
+        if not self.csrf_checks:
+            disable_csrf_middleware = 'django_webtest.middleware.DisableCSRFCheckMiddleware'
+            if not disable_csrf_middleware in settings.MIDDLEWARE_CLASSES:
+                settings.MIDDLEWARE_CLASSES = (disable_csrf_middleware,) + settings.MIDDLEWARE_CLASSES
 
         remote_user_middleware = 'django.contrib.auth.middleware.RemoteUserMiddleware'
         if not remote_user_middleware in settings.MIDDLEWARE_CLASSES:

django_webtest_tests/testapp_tests/tests.py

 from django_webtest import WebTest
 
 
-class GetPostRequestTest(WebTest):
+class GetRequestTest(WebTest):
     def test_get_request(self):
         response = self.app.get('/')
         self.assertEqual(response.status_int, 200)
         self.assertTrue('GET' in response)
 
+class PostRequestTest(WebTest):
+    csrf_checks = False
+
     def test_post_request(self):
         response = self.app.post('/')
         self.assertEqual(response.status_int, 200)