Skip to content

Add test coverage for csrf.py #1564

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 5 commits into from
Jun 7, 2025
Merged

Add test coverage for csrf.py #1564

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
8354f54
Add test coverage for csrf.py
bandhan-majumder Jun 6, 2025
73dbfeb
Merge branch 'main' into feature/test-csrf
bandhan-majumder Jun 6, 2025
ab9263c
Merge branch 'main' into feature/test-csrf
bandhan-majumder Jun 6, 2025
a1f9cdd
Merge branch 'main' into feature/test-csrf
bandhan-majumder Jun 7, 2025
c59d0c7
Update code
arkid15r Jun 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
93 changes: 93 additions & 0 deletions backend/tests/apps/core/api/csrf_test.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
import json

import pytest
from django.contrib.sessions.backends.cache import SessionStore
from django.test import RequestFactory
from requests import codes

from apps.core.api.csrf import get_csrf_token


class TestGetCSRFTokenView:
@pytest.fixture(autouse=True)
def setup_client(self):
self.factory = RequestFactory()

def _make_request_with_session(self, path="/", method="get"):
request = self.factory.post(path) if method.lower() == "post" else self.factory.get(path)

request.session = SessionStore()
request.session.create()

return request

def _assert_valid_csrf_response(self, response):
assert response.status_code == codes.ok
assert response["Content-Type"] == "application/json"

data = json.loads(response.content)
assert "csrftoken" in data
assert isinstance(data["csrftoken"], str)
assert len(data["csrftoken"]) > 0

def test_get_csrf_token_success(self):
request = self._make_request_with_session()
response = get_csrf_token(request)

self._assert_valid_csrf_response(response)

def test_get_csrf_token_returns_json(self):
request = self._make_request_with_session()
response = get_csrf_token(request)

data = json.loads(response.content)
assert isinstance(data, dict)
assert len(data) == 1 # Should only contain csrftoken key
assert "csrftoken" in data

def test_get_csrf_token_different_requests(self):
request1 = self._make_request_with_session()
request2 = self._make_request_with_session()

response1 = get_csrf_token(request1)
response2 = get_csrf_token(request2)

self._assert_valid_csrf_response(response1)
self._assert_valid_csrf_response(response2)

data1 = json.loads(response1.content)
data2 = json.loads(response2.content)

# Different sessions should have different tokens
assert data1["csrftoken"] != data2["csrftoken"]

def test_get_csrf_token_response_structure(self):
request = self._make_request_with_session()
response = get_csrf_token(request)

assert response["Content-Type"] == "application/json"

data = json.loads(response.content)
assert isinstance(data, dict)
assert "csrftoken" in data
assert len(data["csrftoken"]) > 0

def test_get_csrf_token_no_session(self):
request = self.factory.get("/")

response = get_csrf_token(request)
self._assert_valid_csrf_response(response)

def test_get_csrf_token_json_response_format(self):
request = self._make_request_with_session()
response = get_csrf_token(request)

assert hasattr(response, "content")
assert response["Content-Type"] == "application/json"

data = json.loads(response.content)
assert isinstance(data, dict)

assert list(data.keys()) == ["csrftoken"]
assert isinstance(data["csrftoken"], str)
assert data["csrftoken"] != ""