[英]Django CSRF Protection Fails During Testing
我在Django項目中測試模板加載時遇到問題。 我想使用django.contrib.auth中包含的視圖,但是使用我自己的登錄模板。 測試失敗,並表明它們正在加載CSRF測試失敗的模板。
但是,如果我在本地服務器上運行該站點,則一切似乎都很好。
======================================================================
FAIL: test_login_template_loading (mysite.test.HomePageTest)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/mohitgupta/Documents/Development/mysite.com/src/mysite/test.py", line 23, in test_login_template_loading
self.assertIn(b'<title> Login', response.content)
AssertionError: b'<title> Login' not found in b'\n<!DOCTYPE html>\n<html lang="en">\n<head>\n <meta http-equiv="content-type" content="text/html; charset=utf-8">\n <meta name="robots" content="NONE,NOARCHIVE">\n <title>403 Forbidden</title>\n <style type="text/css">\n html * { padding:0; margin:0; }\n body * { padding:10px 20px; }\n body * * { padding:0; }\n body { font:small sans-serif; background:#eee; }\n body>div { border-bottom:1px solid #ddd; }\n h1 { font-weight:normal; margin-bottom:.4em; }\n h1 span { font-size:60%; color:#666; font-weight:normal; }\n #info { background:#f6f6f6; }\n #info ul { margin: 0.5em 4em; }\n #info p, #summary p { padding-top:10px; }\n #summary { background: #ffc; }\n #explanation { background:#eee; border-bottom: 0px none; }\n </style>\n</head>\n<body>\n<div id="summary">\n <h1>Forbidden <span>(403)</span></h1>\n <p>CSRF verification failed. Request aborted.</p>\n\n\n <p>You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>\n <p>If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.</p>\n\n</div>\n\n<div id="explanation">\n <p><small>More information is available with DEBUG=True.</small></p>\n</div>\n\n</body>\n</html>\n'
----------------------------------------------------------------------
Ran 3 tests in 0.036s
FAILED (failures=1)
這是我的測試,以確保加載正確的模板。
def test_login_template_loading(self):
request = HttpRequest()
response = login(request)
self.assertIn(b'<title> Login', response.content)
self.assertTrue(response.content.endswith(b'</html>'))
我已經在表單模板中添加了csrf令牌。 實際上,該表格是直接從Django文檔中提取的。
<!DOCTYPE html>
<html>
<head>
<title> Login </title>
</head>
<body>
<h1>TEST</h1>
{% if form.errors %}
<p>Your username and password didn't match. Please try again.</p>
{% endif %}
{% if next %}
{% if user.is_authenticated %}
<p>Your account doesn't have access to this page. To proceed,
please login with an account that has access.</p>
{% else %}
<p>Please login to see this page.</p>
{% endif %}
{% endif %}
<form method="post" action="{% url 'login' %}">
{% csrf_token %}
<table>
<tr>
<td>{{ form.username.label_tag }}</td>
<td>{{ form.username }}</td>
</tr>
<tr>
<td>{{ form.password.label_tag }}</td>
<td>{{ form.password }}</td>
</tr>
</table>
<input type="submit" value="login" />
<input type="hidden" name="next" value="{{ next }}" />
</form>
</body>
</html>
這使我的項目處於第1階段的停滯狀態,因此,我非常感謝任何有關為什么會發生這種情況的想法。
哦,天哪。。。我的睡眠不足。 這是結構不良的測試。
def test_login_template_loading(self):
response = self.client.get("/")
self.assertIn(b'<title>Login', response.content)
self.assertTrue(response.content.endswith(b'</html>'))
繼續前進...沒什么可看的:)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.