summaryrefslogtreecommitdiff
path: root/service/test
diff options
context:
space:
mode:
authorRoald de Vries <rdevries@thoughtworks.com>2016-11-30 16:11:27 +0100
committerRoald de Vries <rdevries@thoughtworks.com>2016-11-30 16:11:27 +0100
commit13378255c02b97184132881599ed47826963f54a (patch)
tree01a47f844f581a12dae9d022be19d4010433633e /service/test
parenta493da72d53fe90d679d7fa1980dd185415d9be3 (diff)
add csrf token to login form
Diffstat (limited to 'service/test')
-rw-r--r--service/test/unit/resources/test_login_resource.py13
-rw-r--r--service/test/unit/resources/test_session.py25
2 files changed, 38 insertions, 0 deletions
diff --git a/service/test/unit/resources/test_login_resource.py b/service/test/unit/resources/test_login_resource.py
index d3d7ba64..696b0c46 100644
--- a/service/test/unit/resources/test_login_resource.py
+++ b/service/test/unit/resources/test_login_resource.py
@@ -157,6 +157,19 @@ class TestLoginResource(unittest.TestCase):
d.addCallback(assert_default_invalid_banner_disclaimer_rendered)
return d
+ def test_form_should_contain_csrftoken_input(self):
+ request = DummyRequest([''])
+
+ d = self.web.get(request)
+
+ def assert_form_has_csrftoken_input(_):
+ input_username = 'name="csrftoken"'
+ written_response = ''.join(request.written)
+ self.assertIn(input_username, written_response)
+
+ d.addCallback(assert_form_has_csrftoken_input)
+ return d
+
class TestLoginPOST(unittest.TestCase):
def setUp(self):
diff --git a/service/test/unit/resources/test_session.py b/service/test/unit/resources/test_session.py
new file mode 100644
index 00000000..fe47483d
--- /dev/null
+++ b/service/test/unit/resources/test_session.py
@@ -0,0 +1,25 @@
+from twisted.trial import unittest
+from mockito import mock
+from pixelated.resources.session import CSRF_TOKEN_LENGTH, PixelatedSession
+
+
+class TestPixelatedSession(unittest.TestCase):
+
+ def setUp(self):
+ self.pixelated_session = PixelatedSession(mock())
+
+ def test_csrf_token_should_be_configured_length(self):
+ self.assertEqual(len(self.pixelated_session.get_csrf_token()), 2 * CSRF_TOKEN_LENGTH)
+
+ def test_csrf_token_should_be_hexdigested(self):
+ self.assertTrue(all(c in '0123456789abcdef' for c in self.pixelated_session.get_csrf_token()))
+
+ def test_csrf_token_should_always_be_the_same_for_one_session(self):
+ first_csrf_token = self.pixelated_session.get_csrf_token()
+ second_csrf_token = self.pixelated_session.get_csrf_token()
+ self.assertEqual(first_csrf_token, second_csrf_token)
+
+ def test_csrf_token_should_be_different_for_different_session(self):
+ first_csrf_token = self.pixelated_session.get_csrf_token()
+ second_csrf_token = PixelatedSession(mock()).get_csrf_token()
+ self.assertNotEqual(first_csrf_token, second_csrf_token)