Python Django CSRF保护在测试期间失败
我在django项目中测试模板加载时遇到问题。我想使用django.contrib.auth中包含的视图,但使用我自己的登录模板。测试失败,表明他们正在加载CSRF测试失败的模板 但是,如果我在本地服务器上运行该站点,一切似乎都正常Python Django CSRF保护在测试期间失败,python,django,django-templates,csrf-protection,Python,Django,Django Templates,Csrf Protection,我在django项目中测试模板加载时遇到问题。我想使用django.contrib.auth中包含的视图,但使用我自己的登录模板。测试失败,表明他们正在加载CSRF测试失败的模板 但是,如果我在本地服务器上运行该站点,一切似乎都正常 ====================================================================== FAIL: test_login_template_loading (mysite.test.HomePageTest) -
======================================================================
FAIL: test_login_template_loading (mysite.test.HomePageTest)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/mohitgupta/Documents/Development/mysite.com/src/mysite/test.py", line 23, in test_login_template_loading
self.assertIn(b'<title> Login', response.content)
AssertionError: b'<title> Login' not found in b'\n<!DOCTYPE html>\n<html lang="en">\n<head>\n <meta http-equiv="content-type" content="text/html; charset=utf-8">\n <meta name="robots" content="NONE,NOARCHIVE">\n <title>403 Forbidden</title>\n <style type="text/css">\n html * { padding:0; margin:0; }\n body * { padding:10px 20px; }\n body * * { padding:0; }\n body { font:small sans-serif; background:#eee; }\n body>div { border-bottom:1px solid #ddd; }\n h1 { font-weight:normal; margin-bottom:.4em; }\n h1 span { font-size:60%; color:#666; font-weight:normal; }\n #info { background:#f6f6f6; }\n #info ul { margin: 0.5em 4em; }\n #info p, #summary p { padding-top:10px; }\n #summary { background: #ffc; }\n #explanation { background:#eee; border-bottom: 0px none; }\n </style>\n</head>\n<body>\n<div id="summary">\n <h1>Forbidden <span>(403)</span></h1>\n <p>CSRF verification failed. Request aborted.</p>\n\n\n <p>You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>\n <p>If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.</p>\n\n</div>\n\n<div id="explanation">\n <p><small>More information is available with DEBUG=True.</small></p>\n</div>\n\n</body>\n</html>\n'
----------------------------------------------------------------------
Ran 3 tests in 0.036s
FAILED (failures=1)
======================================================================
失败:测试\登录\模板\加载(mysite.test.HomePageTest)
----------------------------------------------------------------------
回溯(最近一次呼叫最后一次):
文件“/Users/mohitgupta/Documents/Development/mysite.com/src/mysite/test.py”,第23行,在测试\登录\模板\加载中
断言(b'Login',response.content)
AssertionError:b'Login'未在b'\n\n\n\n\n 403中找到\n\n html*{padding:0;margin:0;}\n body*{padding:10px 20px;}\n body**{padding:0;}\n body{font:small sans serif;background:#eee;}\n body>div{边框底部:1px solid#ddd;}\n h1{字体重量:正常;边框底部:.4em;}\n h1{font size:60%;color:666;font-weight:normal;}\n#info{background:f6f6f6;}\n#info ul{margin:0.5em 4em;}\n#info p,#summary p{padding top:10px;}\n#summary{background background:#ffc;}\n#解释{background eee:eee;border:none\pxn\n\n\n\n\n\nCSRF验证失败。请求中止。\n\n\n您看到此消息是因为此网站在提交表单时需要CSRF cookie。出于安全原因,需要此cookie,以确保您的浏览器未被第三方劫持。\n如果您已将浏览器配置为禁用cookie,请重新启动请至少为此站点或同一来源的请求禁用它们。\n\n\n\n有关DEBUG=True的详细信息,请参见。\n\n\n\n
----------------------------------------------------------------------
在0.036秒内运行了3次测试
失败(失败=1)
这是我的测试,以确保加载正确的模板
def test_login_template_loading(self):
request = HttpRequest()
response = login(request)
self.assertIn(b'<title> Login', response.content)
self.assertTrue(response.content.endswith(b'</html>'))
def测试\登录\模板\加载(自):
request=HttpRequest()
响应=登录(请求)
断言(b'Login',response.content)
self.assertTrue(response.content.endswith(b''))
我已经在我的表单模板中包含了csrf令牌。事实上,表单直接取自Django文档
<!DOCTYPE html>
<html>
<head>
<title> Login </title>
</head>
<body>
<h1>TEST</h1>
{% if form.errors %}
<p>Your username and password didn't match. Please try again.</p>
{% endif %}
{% if next %}
{% if user.is_authenticated %}
<p>Your account doesn't have access to this page. To proceed,
please login with an account that has access.</p>
{% else %}
<p>Please login to see this page.</p>
{% endif %}
{% endif %}
<form method="post" action="{% url 'login' %}">
{% csrf_token %}
<table>
<tr>
<td>{{ form.username.label_tag }}</td>
<td>{{ form.username }}</td>
</tr>
<tr>
<td>{{ form.password.label_tag }}</td>
<td>{{ form.password }}</td>
</tr>
</table>
<input type="submit" value="login" />
<input type="hidden" name="next" value="{{ next }}" />
</form>
</body>
</html>
登录
试验
{%if form.errors%}
您的用户名和密码不匹配。请重试
{%endif%}
{%if next%}
{%if user.u经过身份验证%}
您的帐户无权访问此页面。若要继续,
请使用具有访问权限的帐户登录
{%else%}
请登录以查看此页面
{%endif%}
{%endif%}
{%csrf_令牌%}
{{form.username.label_tag}
{{form.username}
{{form.password.label_tag}}
{{form.password}}
这会使我的项目在第一阶段陷入停顿,所以我非常感谢大家能告诉我为什么会发生这种情况。哦,天哪……我没有睡好觉。这是一个结构不好的测试
def test_login_template_loading(self):
response = self.client.get("/")
self.assertIn(b'<title>Login', response.content)
self.assertTrue(response.content.endswith(b'</html>'))
def测试\登录\模板\加载(自):
response=self.client.get(“/”)
断言(b'Login',response.content)
self.assertTrue(response.content.endswith(b''))
往前走……这里没什么可看的:)