move HTTPBadCSRFToken to p.exceptions.BadCSRFToken

5 files changed, 26 insertions, 26 deletions

diff --git a/pyramid/exceptions.py b/pyramid/exceptions.py
index a8fca1d84..c59d109df 100644
--- a/pyramid/exceptions.py
+++ b/pyramid/exceptions.py
@@ -1,4 +1,5 @@
 from pyramid.httpexceptions import (
+    HTTPBadRequest,
     HTTPNotFound,
     HTTPForbidden,
     )
@@ -8,6 +9,20 @@ Forbidden = HTTPForbidden # bw compat
 
 CR = '\n'
 
+class BadCSRFToken(HTTPBadRequest):
+    """
+    This exception indicates the request has failed cross-site request
+    forgery token validation.
+    """
+    title = 'Bad CSRF Token'
+    explanation = (
+        'Access is denied.  This server can not verify that your cross-site '
+        'request forgery token belongs to your login session.  Either you '
+        'supplied the wrong cross-site request forgery token or your session '
+        'no longer exists.  This may be due to session timeout or because '
+        'browser is not supplying the credentials required, as can happen '
+        'when the browser has cookies turned off.')
+
 class PredicateMismatch(HTTPNotFound):
     """
     This exception is raised by multiviews when no view matches
diff --git a/pyramid/httpexceptions.py b/pyramid/httpexceptions.py
index 21d862a6b..5e8d8ccd8 100644
--- a/pyramid/httpexceptions.py
+++ b/pyramid/httpexceptions.py
@@ -35,9 +35,6 @@ Exception
     HTTPError
       HTTPClientError
         * 400 - HTTPBadRequest
-
-          * 400 - HTTPBadCSRFToken
-
         * 401 - HTTPUnauthorized
         * 402 - HTTPPaymentRequired
         * 403 - HTTPForbidden
@@ -581,24 +578,6 @@ class HTTPBadRequest(HTTPClientError):
     """
     pass
 
-class HTTPBadCSRFToken(HTTPClientError):
-    """
-    subclass of :class:`~HTTPBadRequest`
-
-    This indicates the request has failed cross-site request forgery token
-    validation.
-
-    title: Bad CSRF Token
-    """
-    title = 'Bad CSRF Token'
-    explanation = (
-        'Access is denied.  This server can not verify that your cross-site '
-        'request forgery token belongs to your login session.  Either you '
-        'supplied the wrong cross-site request forgery token or your session '
-        'no longer exists.  This may be due to session timeout or because '
-        'browser is not supplying the credentials required, as can happen '
-        'when the browser has cookies turned off.')
-
 class HTTPUnauthorized(HTTPClientError):
     """
     subclass of :class:`~HTTPClientError`
diff --git a/pyramid/session.py b/pyramid/session.py
index 72b69117c..d3318cbda 100644
--- a/pyramid/session.py
+++ b/pyramid/session.py
@@ -15,7 +15,7 @@ from pyramid.compat import (
     native_,
     )
 
-from pyramid.httpexceptions import HTTPBadCSRFToken
+from pyramid.exceptions import BadCSRFToken
 from pyramid.interfaces import ISession
 from pyramid.util import strings_differ
 
@@ -95,7 +95,7 @@ def check_csrf_token(request,
     If the value supplied by param or by header doesn't match the value
     supplied by ``request.session.get_csrf_token()``, and ``raises`` is
     ``True``, this function will raise an
-    :exc:`pyramid.httpexceptions.HTTPBadCSRFToken` exception.
+    :exc:`pyramid.exceptions.BadCSRFToken` exception.
     If the check does succeed and ``raises`` is ``False``, this
     function will return ``False``.  If the CSRF check is successful, this
     function will return ``True`` unconditionally.
@@ -108,7 +108,7 @@ def check_csrf_token(request,
     supplied_token = request.params.get(token, request.headers.get(header))
     if supplied_token != request.session.get_csrf_token():
         if raises:
-            raise HTTPBadCSRFToken('check_csrf_token(): Invalid token')
+            raise BadCSRFToken('check_csrf_token(): Invalid token')
         return False
     return True
 
diff --git a/pyramid/tests/test_exceptions.py b/pyramid/tests/test_exceptions.py
index aa5ebb376..993209046 100644
--- a/pyramid/tests/test_exceptions.py
+++ b/pyramid/tests/test_exceptions.py
@@ -11,6 +11,12 @@ class TestBWCompat(unittest.TestCase):
         from pyramid.httpexceptions import HTTPForbidden as two
         self.assertTrue(one is two)
 
+class TestBadCSRFToken(unittest.TestCase):
+    def test_response_equivalence(self):
+        from pyramid.exceptions import BadCSRFToken
+        from pyramid.httpexceptions import HTTPBadRequest
+        self.assertTrue(isinstance(BadCSRFToken(), HTTPBadRequest))
+
 class TestNotFound(unittest.TestCase):
     def _makeOne(self, message):
         from pyramid.exceptions import NotFound
diff --git a/pyramid/tests/test_session.py b/pyramid/tests/test_session.py
index a928af43e..9337ab8eb 100644
--- a/pyramid/tests/test_session.py
+++ b/pyramid/tests/test_session.py
@@ -381,9 +381,9 @@ class Test_check_csrf_token(unittest.TestCase):
         self.assertEqual(self._callFUT(request), True)
 
     def test_failure_raises(self):
-        from pyramid.httpexceptions import HTTPBadCSRFToken
+        from pyramid.exceptions import BadCSRFToken
         request = testing.DummyRequest()
-        self.assertRaises(HTTPBadCSRFToken, self._callFUT, request,
+        self.assertRaises(BadCSRFToken, self._callFUT, request,
                           'csrf_token')
 
     def test_failure_no_raises(self):