【发布时间】:2016-05-23 23:17:57
【问题描述】:
我在 django 项目中测试模板加载时遇到问题。我想使用 django.contrib.auth 中包含的视图,但使用我自己的登录模板。测试失败并表明它们正在加载 CSRF 测试失败的模板。
但是,如果我在本地服务器上运行该站点,一切似乎都很好。
======================================================================
FAIL: test_login_template_loading (mysite.test.HomePageTest)
----------------------------------------------------------------------
Traceback (most recent call last):
File "/Users/mohitgupta/Documents/Development/mysite.com/src/mysite/test.py", line 23, in test_login_template_loading
self.assertIn(b'<title> Login', response.content)
AssertionError: b'<title> Login' not found in b'\n<!DOCTYPE html>\n<html lang="en">\n<head>\n <meta http-equiv="content-type" content="text/html; charset=utf-8">\n <meta name="robots" content="NONE,NOARCHIVE">\n <title>403 Forbidden</title>\n <style type="text/css">\n html * { padding:0; margin:0; }\n body * { padding:10px 20px; }\n body * * { padding:0; }\n body { font:small sans-serif; background:#eee; }\n body>div { border-bottom:1px solid #ddd; }\n h1 { font-weight:normal; margin-bottom:.4em; }\n h1 span { font-size:60%; color:#666; font-weight:normal; }\n #info { background:#f6f6f6; }\n #info ul { margin: 0.5em 4em; }\n #info p, #summary p { padding-top:10px; }\n #summary { background: #ffc; }\n #explanation { background:#eee; border-bottom: 0px none; }\n </style>\n</head>\n<body>\n<div id="summary">\n <h1>Forbidden <span>(403)</span></h1>\n <p>CSRF verification failed. Request aborted.</p>\n\n\n <p>You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.</p>\n <p>If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.</p>\n\n</div>\n\n<div id="explanation">\n <p><small>More information is available with DEBUG=True.</small></p>\n</div>\n\n</body>\n</html>\n'
----------------------------------------------------------------------
Ran 3 tests in 0.036s
FAILED (failures=1)
这是我的测试,以确保加载正确的模板。
def test_login_template_loading(self):
request = HttpRequest()
response = login(request)
self.assertIn(b'<title> Login', response.content)
self.assertTrue(response.content.endswith(b'</html>'))
我已将 csrf 令牌包含在我的表单模板中。事实上,表单是直接从 Django 文档中提取的。
<!DOCTYPE html>
<html>
<head>
<title> Login </title>
</head>
<body>
<h1>TEST</h1>
{% if form.errors %}
<p>Your username and password didn't match. Please try again.</p>
{% endif %}
{% if next %}
{% if user.is_authenticated %}
<p>Your account doesn't have access to this page. To proceed,
please login with an account that has access.</p>
{% else %}
<p>Please login to see this page.</p>
{% endif %}
{% endif %}
<form method="post" action="{% url 'login' %}">
{% csrf_token %}
<table>
<tr>
<td>{{ form.username.label_tag }}</td>
<td>{{ form.username }}</td>
</tr>
<tr>
<td>{{ form.password.label_tag }}</td>
<td>{{ form.password }}</td>
</tr>
</table>
<input type="submit" value="login" />
<input type="hidden" name="next" value="{{ next }}" />
</form>
</body>
</html>
这使我的项目在第 1 阶段停滞不前,所以我非常感谢任何关于为什么会发生这种情况的想法。
【问题讨论】:
标签: python django django-templates csrf-protection