From 4b3603ad2f4850605c45e1b7bf4f077584303641 Mon Sep 17 00:00:00 2001 From: Matthew Wilkes Date: Wed, 26 Apr 2017 15:43:18 +0100 Subject: Move CSRF storage policy registration out of PHASE_1 config and simplify tests given previous improvements to CSRF. --- docs/narr/extconfig.rst | 1 - pyramid/config/security.py | 2 +- pyramid/csrf.py | 6 ------ pyramid/testing.py | 1 + pyramid/tests/test_csrf.py | 14 +++++--------- 5 files changed, 7 insertions(+), 17 deletions(-) diff --git a/docs/narr/extconfig.rst b/docs/narr/extconfig.rst index c20685cbf..4009ec1dc 100644 --- a/docs/narr/extconfig.rst +++ b/docs/narr/extconfig.rst @@ -263,7 +263,6 @@ Pre-defined Phases - :meth:`pyramid.config.Configurator.override_asset` - :meth:`pyramid.config.Configurator.set_authorization_policy` - :meth:`pyramid.config.Configurator.set_default_csrf_options` -- :meth:`pyramid.config.Configurator.set_csrf_storage_policy` - :meth:`pyramid.config.Configurator.set_default_permission` - :meth:`pyramid.config.Configurator.set_view_mapper` diff --git a/pyramid/config/security.py b/pyramid/config/security.py index 6f5b36d3a..9d59ca78e 100644 --- a/pyramid/config/security.py +++ b/pyramid/config/security.py @@ -241,7 +241,7 @@ class SecurityConfiguratorMixin(object): def register(): self.registry.registerUtility(policy, ICSRFStoragePolicy) - self.action(ICSRFStoragePolicy, register, order=PHASE1_CONFIG) + self.action(ICSRFStoragePolicy, register) @implementer(IDefaultCSRFOptions) diff --git a/pyramid/csrf.py b/pyramid/csrf.py index ffc7b5fe3..5d183bb57 100644 --- a/pyramid/csrf.py +++ b/pyramid/csrf.py @@ -177,12 +177,6 @@ def check_csrf_token(request, supplied_token = request.POST.get(token, "") policy = request.registry.queryUtility(ICSRFStoragePolicy) - if policy is None: - # There is no policy set, but we are trying to validate a CSRF token - # This means explicit validation has been asked for without configuring - # the CSRF implementation. Fall back to SessionCSRFStoragePolicy as that is the - # default - policy = SessionCSRFStoragePolicy() if not policy.check_csrf_token(request, supplied_token): if raises: raise BadCSRFToken('check_csrf_token(): Invalid token') diff --git a/pyramid/testing.py b/pyramid/testing.py index 877b351db..69b30e83f 100644 --- a/pyramid/testing.py +++ b/pyramid/testing.py @@ -479,6 +479,7 @@ def setUp(registry=None, request=None, hook_zca=True, autocommit=True, config.add_default_view_derivers() config.add_default_route_predicates() config.add_default_tweens() + config.add_default_security() config.commit() global have_zca try: diff --git a/pyramid/tests/test_csrf.py b/pyramid/tests/test_csrf.py index e6ae05eec..fcb6333ee 100644 --- a/pyramid/tests/test_csrf.py +++ b/pyramid/tests/test_csrf.py @@ -15,11 +15,9 @@ class Test_get_csrf_token(unittest.TestCase): from pyramid.csrf import get_csrf_token return get_csrf_token(*args, **kwargs) - def test_no_csrf_utility_registered(self): + def test_no_override_csrf_utility_registered(self): request = testing.DummyRequest() - - with self.assertRaises(ComponentLookupError): - self._callFUT(request) + self._callFUT(request) def test_success(self): self.config.set_csrf_storage_policy(DummyCSRF()) @@ -38,11 +36,9 @@ class Test_new_csrf_token(unittest.TestCase): from pyramid.csrf import new_csrf_token return new_csrf_token(*args, **kwargs) - def test_no_csrf_utility_registered(self): + def test_no_override_csrf_utility_registered(self): request = testing.DummyRequest() - - with self.assertRaises(ComponentLookupError): - self._callFUT(request) + self._callFUT(request) def test_success(self): self.config.set_csrf_storage_policy(DummyCSRF()) @@ -188,7 +184,7 @@ class Test_check_csrf_token(unittest.TestCase): def setUp(self): self.config = testing.setUp() - # set up CSRF (this will also register SessionCSRFStoragePolicy policy) + # set up CSRF self.config.set_default_csrf_options(require_csrf=False) def _callFUT(self, *args, **kwargs): -- cgit v1.2.3