Move CSRF storage policy registration out of PHASE_1 config and simplify tests given previous improvements to CSRF.

5 files changed, 7 insertions, 17 deletions

diff --git a/docs/narr/extconfig.rst b/docs/narr/extconfig.rst
index c20685cbf..4009ec1dc 100644
--- a/docs/narr/extconfig.rst
+++ b/docs/narr/extconfig.rst
@@ -263,7 +263,6 @@ Pre-defined Phases
 - :meth:`pyramid.config.Configurator.override_asset`
 - :meth:`pyramid.config.Configurator.set_authorization_policy`
 - :meth:`pyramid.config.Configurator.set_default_csrf_options`
-- :meth:`pyramid.config.Configurator.set_csrf_storage_policy`
 - :meth:`pyramid.config.Configurator.set_default_permission`
 - :meth:`pyramid.config.Configurator.set_view_mapper`
 
diff --git a/pyramid/config/security.py b/pyramid/config/security.py
index 6f5b36d3a..9d59ca78e 100644
--- a/pyramid/config/security.py
+++ b/pyramid/config/security.py
@@ -241,7 +241,7 @@ class SecurityConfiguratorMixin(object):
         def register():
             self.registry.registerUtility(policy, ICSRFStoragePolicy)
 
-        self.action(ICSRFStoragePolicy, register, order=PHASE1_CONFIG)
+        self.action(ICSRFStoragePolicy, register)
 
 
 @implementer(IDefaultCSRFOptions)
diff --git a/pyramid/csrf.py b/pyramid/csrf.py
index ffc7b5fe3..5d183bb57 100644
--- a/pyramid/csrf.py
+++ b/pyramid/csrf.py
@@ -177,12 +177,6 @@ def check_csrf_token(request,
         supplied_token = request.POST.get(token, "")
 
     policy = request.registry.queryUtility(ICSRFStoragePolicy)
-    if policy is None:
-        # There is no policy set, but we are trying to validate a CSRF token
-        # This means explicit validation has been asked for without configuring
-        # the CSRF implementation. Fall back to SessionCSRFStoragePolicy as that is the
-        # default
-        policy = SessionCSRFStoragePolicy()
     if not policy.check_csrf_token(request, supplied_token):
         if raises:
             raise BadCSRFToken('check_csrf_token(): Invalid token')
diff --git a/pyramid/testing.py b/pyramid/testing.py
index 877b351db..69b30e83f 100644
--- a/pyramid/testing.py
+++ b/pyramid/testing.py
@@ -479,6 +479,7 @@ def setUp(registry=None, request=None, hook_zca=True, autocommit=True,
         config.add_default_view_derivers()
         config.add_default_route_predicates()
         config.add_default_tweens()
+        config.add_default_security()
     config.commit()
     global have_zca
     try:
diff --git a/pyramid/tests/test_csrf.py b/pyramid/tests/test_csrf.py
index e6ae05eec..fcb6333ee 100644
--- a/pyramid/tests/test_csrf.py
+++ b/pyramid/tests/test_csrf.py
@@ -15,11 +15,9 @@ class Test_get_csrf_token(unittest.TestCase):
         from pyramid.csrf import get_csrf_token
         return get_csrf_token(*args, **kwargs)
 
-    def test_no_csrf_utility_registered(self):
+    def test_no_override_csrf_utility_registered(self):
         request = testing.DummyRequest()
-
-        with self.assertRaises(ComponentLookupError):
-            self._callFUT(request)
+        self._callFUT(request)
 
     def test_success(self):
         self.config.set_csrf_storage_policy(DummyCSRF())
@@ -38,11 +36,9 @@ class Test_new_csrf_token(unittest.TestCase):
         from pyramid.csrf import new_csrf_token
         return new_csrf_token(*args, **kwargs)
 
-    def test_no_csrf_utility_registered(self):
+    def test_no_override_csrf_utility_registered(self):
         request = testing.DummyRequest()
-
-        with self.assertRaises(ComponentLookupError):
-            self._callFUT(request)
+        self._callFUT(request)
 
     def test_success(self):
         self.config.set_csrf_storage_policy(DummyCSRF())
@@ -188,7 +184,7 @@ class Test_check_csrf_token(unittest.TestCase):
     def setUp(self):
         self.config = testing.setUp()
 
-        # set up CSRF (this will also register SessionCSRFStoragePolicy policy)
+        # set up CSRF
         self.config.set_default_csrf_options(require_csrf=False)
 
     def _callFUT(self, *args, **kwargs):