Comments (3)
I tried this:
diff --git a/test_asgi_csrf.py b/test_asgi_csrf.py
index 1cb333e..d7e5bb4 100644
--- a/test_asgi_csrf.py
+++ b/test_asgi_csrf.py
@@ -5,7 +5,7 @@ from starlette.routing import Route
from asgi_csrf import asgi_csrf
from itsdangerous.url_safe import URLSafeSerializer
import httpx
-from httpx._content_streams import MultipartStream
+from httpx._multipart import MultipartStream, FileField, DataField
import json
import os
import pytest
@@ -232,13 +232,13 @@ async def test_multipart_failure_missing_token(csrftoken):
class FileFirstMultipartStream(MultipartStream):
def _iter_fields(self, data, files):
for name, value in files.items():
- yield self.FileField(name=name, value=value)
+ yield FileField(name=name, value=value)
for name, value in data.items():
if isinstance(value, list):
for item in value:
- yield self.DataField(name=name, value=item)
+ yield DataField(name=name, value=item)
else:
- yield self.DataField(name=name, value=value)
+ yield DataField(name=name, value=value)
@pytest.mark.asyncio
Now the tests fail like this:
_______________________________________________________ test_multipart_failure_file_comes_before_token _______________________________________________________
csrftoken = 'InRva2VuIg.49BUIh1HVBjcyCpg_4018iFDFdY'
@pytest.mark.asyncio
async def test_multipart_failure_file_comes_before_token(csrftoken):
async with httpx.AsyncClient(
app=asgi_csrf(hello_world_app, signing_secret=SECRET)
) as client:
request = httpx.Request(
url="http://localhost/",
method="POST",
stream=FileFirstMultipartStream(
data={"csrftoken": csrftoken},
files={"csv": ("data.csv", "blah,foo\n1,2", "text/csv")},
boundary=None,
),
cookies={"csrftoken": csrftoken},
)
response = await client.send(request)
assert response.status_code == 403
> assert (
response.text
== "File encountered before csrftoken - make sure csrftoken is first in the HTML"
)
E AssertionError: assert 'Unknown content-type' == 'File encountered before csrftoken - make sure csrftoken is first in the HTML'
E - File encountered before csrftoken - make sure csrftoken is first in the HTML
E + Unknown content-type
from asgi-csrf.
OK, this passes the tests - but I need to dig in more to really understand what's going on:
diff --git a/test_asgi_csrf.py b/test_asgi_csrf.py
index 1cb333e..8014402 100644
--- a/test_asgi_csrf.py
+++ b/test_asgi_csrf.py
@@ -5,7 +5,7 @@ from starlette.routing import Route
from asgi_csrf import asgi_csrf
from itsdangerous.url_safe import URLSafeSerializer
import httpx
-from httpx._content_streams import MultipartStream
+from httpx._multipart import MultipartStream, FileField, DataField
import json
import os
import pytest
@@ -232,13 +232,13 @@ async def test_multipart_failure_missing_token(csrftoken):
class FileFirstMultipartStream(MultipartStream):
def _iter_fields(self, data, files):
for name, value in files.items():
- yield self.FileField(name=name, value=value)
+ yield FileField(name=name, value=value)
for name, value in data.items():
if isinstance(value, list):
for item in value:
- yield self.DataField(name=name, value=item)
+ yield DataField(name=name, value=item)
else:
- yield self.DataField(name=name, value=value)
+ yield DataField(name=name, value=value)
@pytest.mark.asyncio
@@ -252,8 +252,9 @@ async def test_multipart_failure_file_comes_before_token(csrftoken):
stream=FileFirstMultipartStream(
data={"csrftoken": csrftoken},
files={"csv": ("data.csv", "blah,foo\n1,2", "text/csv")},
- boundary=None,
+ boundary=b"boo",
),
+ headers={"content-type": "multipart/form-data; boundary=boo"},
cookies={"csrftoken": csrftoken},
)
response = await client.send(request)
from asgi-csrf.
Thanks!
from asgi-csrf.
Related Issues (20)
- Bug: I'm not correctly passing through headers
- Skip CSRF checks if no cookies or if authorization: bearer xxx headers
- Switch to GitHub Actions HOT 1
- Get 100% test coverage HOT 4
- Throws errors if scope["method"] is missing HOT 1
- Always generate a token even if scope not called HOT 3
- sdist release in addition to wheel HOT 2
- Remove dependency on undocumented httpx classes HOT 3
- Callback for skipping checks HOT 8
- IndexError thrown on form posts HOT 1
- Option to skip checks if custom header present
- setup.py has test dependencies, but there are no tests in the repository HOT 1
- 2 test_multipart tests failures
- Add options to set csrftoken cookie attributes
- Confirm that replay_receive mechanism works correctly HOT 1
- Set cookie with path=/
- Only set missing csrftoken cookie if needed by current page HOT 1
- Add Vary: Cookie header to the response if cookie is set HOT 1
- Vary: Cookie on pages that show csrftoken in form, not pages that set cookies
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from asgi-csrf.