Ratings and Reviews server

Merge lp:~fgallina/rnr-server/csrf-fix into lp:rnr-server

  1. csrf-fix
  2. Merge into trunk
Proposed by Fabián Ezequiel Gallina
Status: Merged
Approved by: Fabián Ezequiel Gallina
Approved revision: 256
Merged at revision: 256
Proposed branch: lp:~fgallina/rnr-server/csrf-fix
Merge into: lp:rnr-server
Diff against target: 80 lines (+29/-1)
4 files modified
src/reviewsapp/templates/reviewsapp/reviewmoderation_form.html (+1/-0)
src/reviewsapp/templates/reviewsapp/reviewmoderation_list.html (+1/-0)
src/reviewsapp/tests/test_views.py (+26/-0)
src/reviewsapp/views/moderation.py (+1/-1)
To merge this branch: bzr merge lp:~fgallina/rnr-server/csrf-fix
Reviewer Review Type Date Requested Status
Ricardo Kirkner (community) Approve
Review via email: mp+228548@code.launchpad.net

Commit message

Add csrftoken input to moderation forms

To post a comment you must log in.
Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/reviewsapp/templates/reviewsapp/reviewmoderation_form.html'
2--- src/reviewsapp/templates/reviewsapp/reviewmoderation_form.html 2013-04-10 13:15:09 +0000
3+++ src/reviewsapp/templates/reviewsapp/reviewmoderation_form.html 2014-07-28 17:40:56 +0000
4@@ -16,6 +16,7 @@
5 <p>Perhaps with previous/later moderations in the footer.</p>
6
7 <form method="post" action="{% url 'rnr-reviewmoderation-moderate' review_moderation.id %}">
8+ {% csrf_token %}
9 {{ form }}
10 </form>
11
12
13=== modified file 'src/reviewsapp/templates/reviewsapp/reviewmoderation_list.html'
14--- src/reviewsapp/templates/reviewsapp/reviewmoderation_list.html 2013-04-10 13:15:09 +0000
15+++ src/reviewsapp/templates/reviewsapp/reviewmoderation_list.html 2014-07-28 17:40:56 +0000
16@@ -74,6 +74,7 @@
17 <td>
18 {% if review_moderation|can_moderate_item:user %}
19 <form method="post" action="{% url 'rnr-reviewmoderation-moderate' review_moderation.id %}">
20+ {% csrf_token %}
21 <p><button type="submit" name="status"
22 value="1">{% trans "Keep Review" %}</button></p>
23 <p><button type="submit" name="status"
24
25=== modified file 'src/reviewsapp/tests/test_views.py'
26--- src/reviewsapp/tests/test_views.py 2013-04-10 15:01:13 +0000
27+++ src/reviewsapp/tests/test_views.py 2014-07-28 17:40:56 +0000
28@@ -276,6 +276,19 @@
29 response,
30 '<form method="post" action="{0}"'.format(action_url))
31
32+ def test_csrftoken_is_included(self):
33+ self.factory.makeReviewModeration()
34+
35+ response = self._request_url_as_moderator()
36+
37+ self.assertIn('csrftoken', response.cookies)
38+
39+ csrftoken = response.cookies['csrftoken'].value
40+ tag = ("<input type='hidden' "
41+ "name='csrfmiddlewaretoken' value='%s' />") % csrftoken
42+
43+ self.assertContains(response, tag)
44+
45
46 class ReviewModerationModerateViewTestCase(TestCaseWithFactory):
47 """Tests for the moderate view methed."""
48@@ -475,6 +488,19 @@
49
50 self.assertEqual(403, response.status_code)
51
52+ def test_csrftoken_is_included(self):
53+ review_moderation = self.factory.makeReviewModeration()
54+
55+ response = self._request_moderation_url(review_moderation.id)
56+
57+ self.assertIn('csrftoken', response.cookies)
58+
59+ csrftoken = response.cookies['csrftoken'].value
60+ tag = ("<input type='hidden' "
61+ "name='csrfmiddlewaretoken' value='%s' />") % csrftoken
62+
63+ self.assertContains(response, tag)
64+
65
66 class ReviewModerationDetailsTestCase(TestCaseWithFactory):
67 """Tests for the show_moderation_details view method."""
68
69=== modified file 'src/reviewsapp/views/moderation.py'
70--- src/reviewsapp/views/moderation.py 2014-06-23 20:19:03 +0000
71+++ src/reviewsapp/views/moderation.py 2014-07-28 17:40:56 +0000
72@@ -162,7 +162,7 @@
73 }
74 return render_to_response(
75 'reviewsapp/reviewmoderation_form.html',
76- context)
77+ context, RequestContext(request))
78
79
80 @timed_call

Subscribers

People subscribed via source and target branches