summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/narr/extconfig.rst1
-rw-r--r--pyramid/config/security.py2
-rw-r--r--pyramid/csrf.py6
-rw-r--r--pyramid/testing.py1
-rw-r--r--pyramid/tests/test_csrf.py14
5 files changed, 7 insertions, 17 deletions
diff --git a/docs/narr/extconfig.rst b/docs/narr/extconfig.rst
index c20685cbf..4009ec1dc 100644
--- a/docs/narr/extconfig.rst
+++ b/docs/narr/extconfig.rst
@@ -263,7 +263,6 @@ Pre-defined Phases
- :meth:`pyramid.config.Configurator.override_asset`
- :meth:`pyramid.config.Configurator.set_authorization_policy`
- :meth:`pyramid.config.Configurator.set_default_csrf_options`
-- :meth:`pyramid.config.Configurator.set_csrf_storage_policy`
- :meth:`pyramid.config.Configurator.set_default_permission`
- :meth:`pyramid.config.Configurator.set_view_mapper`
diff --git a/pyramid/config/security.py b/pyramid/config/security.py
index 6f5b36d3a..9d59ca78e 100644
--- a/pyramid/config/security.py
+++ b/pyramid/config/security.py
@@ -241,7 +241,7 @@ class SecurityConfiguratorMixin(object):
def register():
self.registry.registerUtility(policy, ICSRFStoragePolicy)
- self.action(ICSRFStoragePolicy, register, order=PHASE1_CONFIG)
+ self.action(ICSRFStoragePolicy, register)
@implementer(IDefaultCSRFOptions)
diff --git a/pyramid/csrf.py b/pyramid/csrf.py
index ffc7b5fe3..5d183bb57 100644
--- a/pyramid/csrf.py
+++ b/pyramid/csrf.py
@@ -177,12 +177,6 @@ def check_csrf_token(request,
supplied_token = request.POST.get(token, "")
policy = request.registry.queryUtility(ICSRFStoragePolicy)
- if policy is None:
- # There is no policy set, but we are trying to validate a CSRF token
- # This means explicit validation has been asked for without configuring
- # the CSRF implementation. Fall back to SessionCSRFStoragePolicy as that is the
- # default
- policy = SessionCSRFStoragePolicy()
if not policy.check_csrf_token(request, supplied_token):
if raises:
raise BadCSRFToken('check_csrf_token(): Invalid token')
diff --git a/pyramid/testing.py b/pyramid/testing.py
index 877b351db..69b30e83f 100644
--- a/pyramid/testing.py
+++ b/pyramid/testing.py
@@ -479,6 +479,7 @@ def setUp(registry=None, request=None, hook_zca=True, autocommit=True,
config.add_default_view_derivers()
config.add_default_route_predicates()
config.add_default_tweens()
+ config.add_default_security()
config.commit()
global have_zca
try:
diff --git a/pyramid/tests/test_csrf.py b/pyramid/tests/test_csrf.py
index e6ae05eec..fcb6333ee 100644
--- a/pyramid/tests/test_csrf.py
+++ b/pyramid/tests/test_csrf.py
@@ -15,11 +15,9 @@ class Test_get_csrf_token(unittest.TestCase):
from pyramid.csrf import get_csrf_token
return get_csrf_token(*args, **kwargs)
- def test_no_csrf_utility_registered(self):
+ def test_no_override_csrf_utility_registered(self):
request = testing.DummyRequest()
-
- with self.assertRaises(ComponentLookupError):
- self._callFUT(request)
+ self._callFUT(request)
def test_success(self):
self.config.set_csrf_storage_policy(DummyCSRF())
@@ -38,11 +36,9 @@ class Test_new_csrf_token(unittest.TestCase):
from pyramid.csrf import new_csrf_token
return new_csrf_token(*args, **kwargs)
- def test_no_csrf_utility_registered(self):
+ def test_no_override_csrf_utility_registered(self):
request = testing.DummyRequest()
-
- with self.assertRaises(ComponentLookupError):
- self._callFUT(request)
+ self._callFUT(request)
def test_success(self):
self.config.set_csrf_storage_policy(DummyCSRF())
@@ -188,7 +184,7 @@ class Test_check_csrf_token(unittest.TestCase):
def setUp(self):
self.config = testing.setUp()
- # set up CSRF (this will also register SessionCSRFStoragePolicy policy)
+ # set up CSRF
self.config.set_default_csrf_options(require_csrf=False)
def _callFUT(self, *args, **kwargs):
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-11 18:25:17 +0000