diff options
| author | Michael Merickel <michael@merickel.org> | 2024-01-28 21:34:28 -0700 |
|---|---|---|
| committer | Michael Merickel <michael@merickel.org> | 2024-01-28 21:40:20 -0700 |
| commit | d545eef5f5411c0236f04ead9e4e52d93d9a2451 (patch) | |
| tree | 14516e1e240103d6b76e6a04b63d150be14fc7ea | |
| parent | 55f9eb0bb0b72fe60ecde7529edbc27aceade187 (diff) | |
| download | pyramid-d545eef5f5411c0236f04ead9e4e52d93d9a2451.tar.gz pyramid-d545eef5f5411c0236f04ead9e4e52d93d9a2451.tar.bz2 pyramid-d545eef5f5411c0236f04ead9e4e52d93d9a2451.zip | |
fix BadCSRFOrigin and BadCSRFToken returning invalid HTTP status lines
| -rw-r--r-- | src/pyramid/exceptions.py | 22 | ||||
| -rw-r--r-- | tests/test_exceptions.py | 10 |
2 files changed, 20 insertions, 12 deletions
diff --git a/src/pyramid/exceptions.py b/src/pyramid/exceptions.py index 16aeb7e4f..9f19a4bb4 100644 --- a/src/pyramid/exceptions.py +++ b/src/pyramid/exceptions.py @@ -10,12 +10,11 @@ class BadCSRFOrigin(HTTPBadRequest): origin validation. """ - title = "Bad CSRF Origin" explanation = ( - "Access is denied. This server can not verify that the origin or " - "referrer of your request matches the current site. Either your " - "browser supplied the wrong Origin or Referrer or it did not supply " - "one at all." + "Bad CSRF Origin. Access is denied. This server can not verify that " + "the origin or referrer of your request matches the current site. " + "Either your browser supplied the wrong Origin or Referrer or it did " + "not supply one at all." ) @@ -25,14 +24,13 @@ class BadCSRFToken(HTTPBadRequest): forgery token validation. """ - title = 'Bad CSRF Token' explanation = ( - 'Access is denied. This server can not verify that your cross-site ' - 'request forgery token belongs to your login session. Either you ' - 'supplied the wrong cross-site request forgery token or your session ' - 'no longer exists. This may be due to session timeout or because ' - 'browser is not supplying the credentials required, as can happen ' - 'when the browser has cookies turned off.' + 'Bad CSRF token received. Access is denied. This server can not ' + 'verify that your cross-site request forgery token belongs to your ' + 'login session. Either you supplied the wrong cross-site request ' + 'forgery token or your session no longer exists. This may be due to ' + 'session timeout or because browser is not supplying the credentials ' + 'required, as can happen when the browser has cookies turned off.' ) diff --git a/tests/test_exceptions.py b/tests/test_exceptions.py index e7a2871a5..d5f247c2a 100644 --- a/tests/test_exceptions.py +++ b/tests/test_exceptions.py @@ -16,12 +16,22 @@ class TestBWCompat(unittest.TestCase): self.assertTrue(one is two) +class TestBadCSRFOrigin(unittest.TestCase): + def test_response_equivalence(self): + from pyramid.exceptions import BadCSRFOrigin + from pyramid.httpexceptions import HTTPBadRequest + + self.assertTrue(isinstance(BadCSRFOrigin(), HTTPBadRequest)) + self.assertEqual(BadCSRFOrigin().status, HTTPBadRequest().status) + + class TestBadCSRFToken(unittest.TestCase): def test_response_equivalence(self): from pyramid.exceptions import BadCSRFToken from pyramid.httpexceptions import HTTPBadRequest self.assertTrue(isinstance(BadCSRFToken(), HTTPBadRequest)) + self.assertEqual(BadCSRFToken().status, HTTPBadRequest().status) class TestNotFound(unittest.TestCase): |