add csrf token to login form

author: Roald de Vries <rdevries@thoughtworks.com> 2016-11-30 16:11:27 +0100
committer: Roald de Vries <rdevries@thoughtworks.com> 2016-11-30 16:11:27 +0100
commit: 13378255c02b97184132881599ed47826963f54a (patch)
tree: 01a47f844f581a12dae9d022be19d4010433633e /service/test/unit/resources/test_login_resource.py
parent: a493da72d53fe90d679d7fa1980dd185415d9be3 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/service/test/unit/resources/test_login_resource.py b/service/test/unit/resources/test_login_resource.py
index d3d7ba64..696b0c46 100644
--- a/service/test/unit/resources/test_login_resource.py
+++ b/service/test/unit/resources/test_login_resource.py
@@ -157,6 +157,19 @@ class TestLoginResource(unittest.TestCase):
         d.addCallback(assert_default_invalid_banner_disclaimer_rendered)
         return d
 
+    def test_form_should_contain_csrftoken_input(self):
+        request = DummyRequest([''])
+
+        d = self.web.get(request)
+
+        def assert_form_has_csrftoken_input(_):
+            input_username = 'name="csrftoken"'
+            written_response = ''.join(request.written)
+            self.assertIn(input_username, written_response)
+
+        d.addCallback(assert_form_has_csrftoken_input)
+        return d
+
 
 class TestLoginPOST(unittest.TestCase):
     def setUp(self):
author	Roald de Vries <rdevries@thoughtworks.com>	2016-11-30 16:11:27 +0100
committer	Roald de Vries <rdevries@thoughtworks.com>	2016-11-30 16:11:27 +0100
commit	13378255c02b97184132881599ed47826963f54a (patch)
tree	01a47f844f581a12dae9d022be19d4010433633e /service/test/unit/resources/test_login_resource.py
parent	a493da72d53fe90d679d7fa1980dd185415d9be3 (diff)