Giter Club home page Giter Club logo

Comments (3)

simonw avatar simonw commented on May 27, 2024

I tried this:

diff --git a/test_asgi_csrf.py b/test_asgi_csrf.py
index 1cb333e..d7e5bb4 100644
--- a/test_asgi_csrf.py
+++ b/test_asgi_csrf.py
@@ -5,7 +5,7 @@ from starlette.routing import Route
 from asgi_csrf import asgi_csrf
 from itsdangerous.url_safe import URLSafeSerializer
 import httpx
-from httpx._content_streams import MultipartStream
+from httpx._multipart import MultipartStream, FileField, DataField
 import json
 import os
 import pytest
@@ -232,13 +232,13 @@ async def test_multipart_failure_missing_token(csrftoken):
 class FileFirstMultipartStream(MultipartStream):
     def _iter_fields(self, data, files):
         for name, value in files.items():
-            yield self.FileField(name=name, value=value)
+            yield FileField(name=name, value=value)
         for name, value in data.items():
             if isinstance(value, list):
                 for item in value:
-                    yield self.DataField(name=name, value=item)
+                    yield DataField(name=name, value=item)
             else:
-                yield self.DataField(name=name, value=value)
+                yield DataField(name=name, value=value)
 
 
 @pytest.mark.asyncio

Now the tests fail like this:

_______________________________________________________ test_multipart_failure_file_comes_before_token _______________________________________________________

csrftoken = 'InRva2VuIg.49BUIh1HVBjcyCpg_4018iFDFdY'

    @pytest.mark.asyncio
    async def test_multipart_failure_file_comes_before_token(csrftoken):
        async with httpx.AsyncClient(
            app=asgi_csrf(hello_world_app, signing_secret=SECRET)
        ) as client:
            request = httpx.Request(
                url="http://localhost/",
                method="POST",
                stream=FileFirstMultipartStream(
                    data={"csrftoken": csrftoken},
                    files={"csv": ("data.csv", "blah,foo\n1,2", "text/csv")},
                    boundary=None,
                ),
                cookies={"csrftoken": csrftoken},
            )
            response = await client.send(request)
            assert response.status_code == 403
>           assert (
                response.text
                == "File encountered before csrftoken - make sure csrftoken is first in the HTML"
            )
E           AssertionError: assert 'Unknown content-type' == 'File encountered before csrftoken - make sure csrftoken is first in the HTML'
E             - File encountered before csrftoken - make sure csrftoken is first in the HTML
E             + Unknown content-type

from asgi-csrf.

simonw avatar simonw commented on May 27, 2024

OK, this passes the tests - but I need to dig in more to really understand what's going on:

diff --git a/test_asgi_csrf.py b/test_asgi_csrf.py
index 1cb333e..8014402 100644
--- a/test_asgi_csrf.py
+++ b/test_asgi_csrf.py
@@ -5,7 +5,7 @@ from starlette.routing import Route
 from asgi_csrf import asgi_csrf
 from itsdangerous.url_safe import URLSafeSerializer
 import httpx
-from httpx._content_streams import MultipartStream
+from httpx._multipart import MultipartStream, FileField, DataField
 import json
 import os
 import pytest
@@ -232,13 +232,13 @@ async def test_multipart_failure_missing_token(csrftoken):
 class FileFirstMultipartStream(MultipartStream):
     def _iter_fields(self, data, files):
         for name, value in files.items():
-            yield self.FileField(name=name, value=value)
+            yield FileField(name=name, value=value)
         for name, value in data.items():
             if isinstance(value, list):
                 for item in value:
-                    yield self.DataField(name=name, value=item)
+                    yield DataField(name=name, value=item)
             else:
-                yield self.DataField(name=name, value=value)
+                yield DataField(name=name, value=value)
 
 
 @pytest.mark.asyncio
@@ -252,8 +252,9 @@ async def test_multipart_failure_file_comes_before_token(csrftoken):
             stream=FileFirstMultipartStream(
                 data={"csrftoken": csrftoken},
                 files={"csv": ("data.csv", "blah,foo\n1,2", "text/csv")},
-                boundary=None,
+                boundary=b"boo",
             ),
+            headers={"content-type": "multipart/form-data; boundary=boo"},
             cookies={"csrftoken": csrftoken},
         )
         response = await client.send(request)

from asgi-csrf.

mweinelt avatar mweinelt commented on May 27, 2024

Thanks!

from asgi-csrf.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.