Ratings and Reviews server

Merge lp:~fgallina/rnr-server/csrf-fix into lp:rnr-server

  1. csrf-fix
  2. Merge into trunk
Proposed by Fabián Ezequiel Gallina
Status: Merged
Approved by: Fabián Ezequiel Gallina
Approved revision: 257
Merged at revision: 257
Proposed branch: lp:~fgallina/rnr-server/csrf-fix
Merge into: lp:rnr-server
Diff against target: 39 lines (+24/-0)
2 files modified
django_project/templates/admin/login.html (+1/-0)
src/reviewsapp/tests/test_admin.py (+23/-0)
To merge this branch: bzr merge lp:~fgallina/rnr-server/csrf-fix
Reviewer Review Type Date Requested Status
Matias Bordese (community) Approve
Review via email: mp+228664@code.launchpad.net

Commit message

Include CSRF Token in admin custom login template form

To post a comment you must log in.
Revision history for this message
Matias Bordese (matiasb) wrote :

LGTM

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'django_project/templates/admin/login.html'
2--- django_project/templates/admin/login.html 2014-01-02 15:49:17 +0000
3+++ django_project/templates/admin/login.html 2014-07-29 12:22:29 +0000
4@@ -15,6 +15,7 @@
5 {% endif %}
6 <div id="content-main">
7 <form name="fopenid" action="/openid/login/" method="post">
8+ {% csrf_token %}
9 <input type="hidden" name="next" value="{{ app_path }}" />
10 <div class="form-row">
11 {{ form.openid_identifier }}
12
13=== added file 'src/reviewsapp/tests/test_admin.py'
14--- src/reviewsapp/tests/test_admin.py 1970-01-01 00:00:00 +0000
15+++ src/reviewsapp/tests/test_admin.py 2014-07-29 12:22:29 +0000
16@@ -0,0 +1,23 @@
17+from reviewsapp.tests.factory import TestCaseWithFactory
18+
19+
20+class AdminViewConfigurationTestCase(TestCaseWithFactory):
21+ """Ensure there are no configuration issues with the admin site."""
22+
23+ def setUp(self):
24+ super(AdminViewConfigurationTestCase, self).setUp()
25+
26+ def test_login(self):
27+ response = self.client.get("/admin/reviewsapp/review/")
28+ self.assertTemplateUsed(response, 'admin/login.html')
29+
30+ def test_login_form_contains_csrf_token(self):
31+ response = self.client.get("/admin/reviewsapp/review/")
32+
33+ self.assertIn('csrftoken', response.cookies)
34+
35+ csrftoken = response.cookies['csrftoken'].value
36+ tag = ("<input type='hidden' "
37+ "name='csrfmiddlewaretoken' value='%s' />") % csrftoken
38+
39+ self.assertContains(response, tag)

Subscribers

People subscribed via source and target branches