测试期间Django CSRF保护失败

Question

我在Django项目中测试模板加载时遇到问题。 我想使用django.contrib.auth中包含的视图，但是使用我自己的登录模板。 测试失败，并表明它们正在加载CSRF测试失败的模板。

但是，如果我在本地服务器上运行该站点，则一切似乎都很好。

======================================================================
FAIL: test_login_template_loading (mysite.test.HomePageTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/mohitgupta/Documents/Development/mysite.com/src/mysite/test.py", line 23, in test_login_template_loading
    self.assertIn(b'<title> Login', response.content)
AssertionError: b'<title> Login' not found in b'\n<!DOCTYPE html>\n<html lang="en">\n<head>\n  <meta http-equiv="content-type" content="text/html; charset=utf-8">\n  <meta name="robots" content="NONE,NOARCHIVE">\n  <title>403 Forbidden</title>\n  <style type="text/css">\n    html * { padding:0; margin:0; }\n    body * { padding:10px 20px; }\n    body * * { padding:0; }\n    body { font:small sans-serif; background:#eee; }\n    body>div { border-bottom:1px solid #ddd; }\n    h1 { font-weight:normal; margin-bottom:.4em; }\n    h1 span { font-size:60%; color:#666; font-weight:normal; }\n    #info { background:#f6f6f6; }\n    #info ul { margin: 0.5em 4em; }\n    #info p, #summary p { padding-top:10px; }\n    #summary { background: #ffc; }\n    #explanation { background:#eee; border-bottom: 0px none; }\n  </style>\n</head>\n<body>\n<div id="summary">\n  <h1>Forbidden <span>(403)</span></h1>\n  <p>CSRF verification failed. Request aborted.</p>\n\n\n  <p>You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>\n  <p>If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for &#39;same-origin&#39; requests.</p>\n\n</div>\n\n<div id="explanation">\n  <p><small>More information is available with DEBUG=True.</small></p>\n</div>\n\n</body>\n</html>\n'

----------------------------------------------------------------------
Ran 3 tests in 0.036s

FAILED (failures=1)

这是我的测试，以确保加载正确的模板。

def test_login_template_loading(self):
    request = HttpRequest()
    response = login(request)
    self.assertIn(b'<title> Login', response.content)
    self.assertTrue(response.content.endswith(b'</html>'))

我已经在表单模板中添加了csrf令牌。 实际上，该表格是直接从Django文档中提取的。

<!DOCTYPE html>
<html>
    <head>
        <title> Login </title>
    </head>
    <body>
        <h1>TEST</h1>
        {% if form.errors %}
            <p>Your username and password didn't match. Please try again.</p>
        {% endif %}

        {% if next %}
            {% if user.is_authenticated %}
            <p>Your account doesn't have access to this page. To proceed,
            please login with an account that has access.</p>
            {% else %}
            <p>Please login to see this page.</p>
            {% endif %}
        {% endif %}

        <form method="post" action="{% url 'login' %}">
            {% csrf_token %}
            <table>
            <tr>
                <td>{{ form.username.label_tag }}</td>
                <td>{{ form.username }}</td>
            </tr>
            <tr>
                <td>{{ form.password.label_tag }}</td>
                <td>{{ form.password }}</td>
            </tr>
            </table>

            <input type="submit" value="login" />
            <input type="hidden" name="next" value="{{ next }}" />
        </form>
    </body>
</html>

这使我的项目处于第1阶段的停滞状态，因此，我非常感谢任何有关为什么会发生这种情况的想法。

Answer 1

哦，天哪。。。我的睡眠不足。 这是结构不良的测试。

def test_login_template_loading(self):
    response = self.client.get("/")
    self.assertIn(b'<title>Login', response.content)
    self.assertTrue(response.content.endswith(b'</html>'))

继续前进...没什么可看的:)