search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
anki-bin: 24.06.3 -> 24.11 (#360722)
[NixPkgs.git] / pkgs / development / python-modules / flask-seasurf / 0001-Fix-with-new-dependency-versions.patch
blob2506a10268b2096daecbd783df0faf1a7df1eae8
1 From d3aed2c18cc3a1c88a8052af1f34d7f81f1be11a Mon Sep 17 00:00:00 2001
2 From: Flakebi <flakebi@t-online.de>
3 Date: Wed, 28 Feb 2024 23:24:14 +0100
4 Subject: [PATCH] Fix with new dependency versions
5
6 - cookie_jar is private in werkzeug 2.3, so recreate the client instead
7 - set_cookie does not take a hostname argument anymore, use domain instead
8 - Headers need to specify a content type
9 ---
10 test_seasurf.py | 71 ++++++++++++++++++++++++-------------------------
11 1 file changed, 35 insertions(+), 36 deletions(-)
12
13 diff --git a/test_seasurf.py b/test_seasurf.py
14 index 517b2d7..f940b91 100644
15 --- a/test_seasurf.py
16 +++ b/test_seasurf.py
17 @@ -71,18 +71,18 @@ class SeaSurfTestCase(BaseTestCase):
18 self.assertEqual(type(token), str)
19
20 def test_exempt_view(self):
21 - rv = self.app.test_client().post('/foo')
22 + rv = self.app.test_client().post('/foo', content_type='application/json')
23 self.assertIn(b('bar'), rv.data)
24
25 - rv = self.app.test_client().post(u'/foo/\xf8')
26 + rv = self.app.test_client().post(u'/foo/\xf8', content_type='application/json')
27 self.assertIn(b('bar'), rv.data)
28
29 def test_token_validation(self):
30 # should produce a logger warning
31 - rv = self.app.test_client().post('/bar')
32 + rv = self.app.test_client().post('/bar', content_type='application/json')
33 self.assertIn(b('403 Forbidden'), rv.data)
34
35 - rv = self.app.test_client().post(u'/bar/\xf8')
36 + rv = self.app.test_client().post(u'/bar/\xf8', content_type='application/json')
37 self.assertIn(b('403 Forbidden'), rv.data)
38
39 def test_json_token_validation_bad(self):
40 @@ -93,7 +93,7 @@ class SeaSurfTestCase(BaseTestCase):
41 with self.app.test_client() as client:
42 with client.session_transaction() as sess:
43 sess[self.csrf._csrf_name] = tokenA
44 - client.set_cookie('www.example.com', self.csrf._csrf_name, tokenB)
45 + client.set_cookie(self.csrf._csrf_name, tokenB, domain='www.example.com')
46
47 rv = client.post('/bar', data=data)
48 self.assertEqual(rv.status_code, 403, rv)
49 @@ -107,7 +107,7 @@ class SeaSurfTestCase(BaseTestCase):
50 data = {'_csrf_token': token}
51 with self.app.test_client() as client:
52 with client.session_transaction() as sess:
53 - client.set_cookie('www.example.com', self.csrf._csrf_name, token)
54 + client.set_cookie(self.csrf._csrf_name, token, domain='www.example.com')
55 sess[self.csrf._csrf_name] = token
56
57 rv = client.post('/bar', data=data)
58 @@ -121,7 +121,7 @@ class SeaSurfTestCase(BaseTestCase):
59 with client.session_transaction() as sess:
60 token = self.csrf._generate_token()
61
62 - client.set_cookie('www.example.com', self.csrf._csrf_name, token)
63 + client.set_cookie(self.csrf._csrf_name, token, domain='www.example.com')
64 sess[self.csrf._csrf_name] = token
65
66 # once this is reached the session was stored
67 @@ -144,18 +144,18 @@ class SeaSurfTestCase(BaseTestCase):
68 with client.session_transaction() as sess:
69 token = self.csrf._generate_token()
70
71 - client.set_cookie('www.example.com', self.csrf._csrf_name, token)
72 + client.set_cookie(self.csrf._csrf_name, token, domain='www.example.com')
73 sess[self.csrf._csrf_name] = token
74
75 # once this is reached the session was stored
76 - rv = client.post('/bar',
77 + rv = client.post('/bar', content_type='application/json',
78 data={self.csrf._csrf_name: token},
79 base_url='https://www.example.com',
80 headers={'Referer': 'https://www.example.com/foobar'})
81
82 self.assertEqual(rv.status_code, 200)
83
84 - rv = client.post(u'/bar/\xf8',
85 + rv = client.post(u'/bar/\xf8', content_type='application/json',
86 data={self.csrf._csrf_name: token},
87 base_url='https://www.example.com',
88 headers={'Referer': 'https://www.example.com/foobar\xf8'})
89 @@ -167,7 +167,7 @@ class SeaSurfTestCase(BaseTestCase):
90 with client.session_transaction() as sess:
91 token = self.csrf._generate_token()
92
93 - client.set_cookie('www.example.com', self.csrf._csrf_name, token)
94 + client.set_cookie(self.csrf._csrf_name, token, domain='www.example.com')
95 sess[self.csrf._csrf_name] = token
96
97 rv = client.post('/bar',
98 @@ -187,10 +187,10 @@ class SeaSurfTestCase(BaseTestCase):
99 self.csrf._csrf_header_name: token,
100 }
101
102 - rv = client.post('/bar', headers=headers)
103 + rv = client.post('/bar', headers=headers, content_type='application/json')
104 self.assertEqual(rv.status_code, 200, rv)
105
106 - rv = client.post(u'/bar/\xf8', headers=headers)
107 + rv = client.post(u'/bar/\xf8', headers=headers, content_type='application/json')
108 self.assertEqual(rv.status_code, 200, rv)
109
110 def test_token_in_form_data(self):
111 @@ -280,14 +280,14 @@ class SeaSurfTestCaseExemptViews(BaseTestCase):
112
113 def test_exempt_view(self):
114 with self.app.test_client() as c:
115 - rv = c.post('/foo')
116 + rv = c.post('/foo', content_type='application/json')
117 self.assertIn(b('bar'), rv.data)
118 cookie = get_cookie(rv, self.csrf._csrf_name)
119 self.assertEqual(cookie, None)
120
121 def test_token_validation(self):
122 # should produce a logger warning
123 - rv = self.app.test_client().post('/bar')
124 + rv = self.app.test_client().post('/bar', content_type='application/json')
125 self.assertIn(b('403 Forbidden'), rv.data)
126
127
128 @@ -319,18 +319,18 @@ class SeaSurfTestCaseIncludeViews(BaseTestCase):
129 return 'foo'
130
131 def test_include_view(self):
132 - rv = self.app.test_client().post('/foo')
133 + rv = self.app.test_client().post('/foo', content_type='application/json')
134 self.assertIn(b('403 Forbidden'), rv.data)
135
136 - rv = self.app.test_client().post(u'/foo/\xf8')
137 + rv = self.app.test_client().post(u'/foo/\xf8', content_type='application/json')
138 self.assertIn(b('403 Forbidden'), rv.data)
139
140 def test_token_validation(self):
141 # should produce a logger warning
142 - rv = self.app.test_client().post('/bar')
143 + rv = self.app.test_client().post('/bar', content_type='application/json')
144 self.assertIn(b('foo'), rv.data)
145
146 - rv = self.app.test_client().post(u'/bar/\xf8')
147 + rv = self.app.test_client().post(u'/bar/\xf8', content_type='application/json')
148 self.assertIn(b('foo'), rv.data)
149
150
151 @@ -363,10 +363,10 @@ class SeaSurfTestCaseExemptUrls(BaseTestCase):
152 return 'foo'
153
154 def test_exempt_view(self):
155 - rv = self.app.test_client().post('/foo/baz')
156 + rv = self.app.test_client().post('/foo/baz', content_type='application/json')
157 self.assertIn(b('bar'), rv.data)
158 with self.app.test_client() as c:
159 - rv = c.post('/foo/quz')
160 + rv = c.post('/foo/quz', content_type='application/json')
161 self.assertIn(b('bar'), rv.data)
162 cookie = get_cookie(rv, self.csrf._csrf_name)
163 self.assertEqual(cookie, None)
164 @@ -374,7 +374,7 @@ class SeaSurfTestCaseExemptUrls(BaseTestCase):
165 def test_token_validation(self):
166 with self.app.test_client() as c:
167 # should produce a logger warning
168 - rv = c.post('/bar')
169 + rv = c.post('/bar', content_type='application/json')
170 self.assertIn(b('403 Forbidden'), rv.data)
171 cookie = get_cookie(rv, self.csrf._csrf_name)
172 token = self.csrf._get_token()
173 @@ -434,7 +434,7 @@ class SeaSurfTestCaseDisableCookie(unittest.TestCase):
174
175 def test_no_csrf_cookie_even_after_manually_validated(self):
176 with self.app.test_client() as c:
177 - rv = c.post('/manual')
178 + rv = c.post('/manual', content_type='application/json')
179 self.assertIn(b('403 Forbidden'), rv.data)
180 cookie = get_cookie(rv, self.csrf._csrf_name)
181 self.assertEqual(cookie, None)
182 @@ -474,14 +474,14 @@ class SeaSurfTestCaseEnableCookie(unittest.TestCase):
183
184 def test_has_csrf_cookie(self):
185 with self.app.test_client() as c:
186 - rv = c.post('/exempt_with_cookie')
187 + rv = c.post('/exempt_with_cookie', content_type='application/json')
188 cookie = get_cookie(rv, self.csrf._csrf_name)
189 token = self.csrf._get_token()
190 self.assertEqual(cookie, token)
191
192 def test_has_csrf_cookie_but_doesnt_validate(self):
193 with self.app.test_client() as c:
194 - rv = c.post('/exempt_with_cookie')
195 + rv = c.post('/exempt_with_cookie', content_type='application/json')
196 self.assertIn(b('exempt_with_cookie'), rv.data)
197 cookie = get_cookie(rv, self.csrf._csrf_name)
198 token = self.csrf._get_token()
199 @@ -530,7 +530,7 @@ class SeaSurfTestCaseSkipValidation(unittest.TestCase):
200
201 def test_skips_validation(self):
202 with self.app.test_client() as c:
203 - rv = c.post('/foo/quz')
204 + rv = c.post('/foo/quz', content_type='application/json')
205 self.assertIn(b('bar'), rv.data)
206 cookie = get_cookie(rv, self.csrf._csrf_name)
207 token = self.csrf._get_token()
208 @@ -538,20 +538,20 @@ class SeaSurfTestCaseSkipValidation(unittest.TestCase):
209
210 def test_enforces_validation_reject(self):
211 with self.app.test_client() as c:
212 - rv = c.delete('/foo/baz')
213 + rv = c.delete('/foo/baz', content_type='application/json')
214 self.assertIn(b('403 Forbidden'), rv.data)
215
216 def test_enforces_validation_accept(self):
217 with self.app.test_client() as c:
218 # GET generates CSRF token
219 c.get('/foo/baz')
220 - rv = c.delete('/foo/baz',
221 + rv = c.delete('/foo/baz', content_type='application/json',
222 headers={'X-CSRFToken': self.csrf._get_token()})
223 self.assertIn(b('bar'), rv.data)
224
225 def test_manual_validation(self):
226 with self.app.test_client() as c:
227 - rv = c.post('/manual')
228 + rv = c.post('/manual', content_type='application/json')
229 self.assertIn(b('403 Forbidden'), rv.data)
230
231
232 @@ -578,7 +578,7 @@ class SeaSurfTestManualValidation(unittest.TestCase):
233
234 def test_can_manually_validate_exempt_views(self):
235 with self.app.test_client() as c:
236 - rv = c.post('/manual')
237 + rv = c.post('/manual', content_type='application/json')
238 self.assertIn(b('403 Forbidden'), rv.data)
239 cookie = get_cookie(rv, self.csrf._csrf_name)
240 token = self.csrf._get_token()
241 @@ -651,7 +651,7 @@ class SeaSurfTestCaseReferer(BaseTestCase):
242 with client.session_transaction() as sess:
243 token = self.csrf._generate_token()
244
245 - client.set_cookie('www.example.com', self.csrf._csrf_name, token)
246 + client.set_cookie(self.csrf._csrf_name, token, domain='www.example.com')
247 sess[self.csrf._csrf_name] = token
248
249 # once this is reached the session was stored
250 @@ -728,8 +728,7 @@ class SeaSurfTestCaseSetCookie(BaseTestCase):
251 res3.headers.get('Set-Cookie', ''),
252 'CSRF cookie always be re-set if a token is requested by the template')
253
254 - client.cookie_jar.clear()
255 -
256 + with self.app.test_client() as client:
257 res4 = client.get('/foo')
258
259 self.assertIn(self.csrf._csrf_name,
260 @@ -739,14 +738,14 @@ class SeaSurfTestCaseSetCookie(BaseTestCase):
261 def test_header_set_on_post(self):
262 with self.app.test_client() as client:
263 headers = {}
264 - res1 = client.post('/bar', headers=headers)
265 + res1 = client.post('/bar', headers=headers, content_type='application/json')
266 self.assertEqual(res1.status_code, 403)
267
268 for cookie in client.cookie_jar:
269 if cookie.name == self.csrf._csrf_name:
270 headers[self.csrf._csrf_header_name] = cookie.value
271
272 - res2 = client.post('/bar', headers=headers)
273 + res2 = client.post('/bar', headers=headers, content_type='application/json')
274 self.assertEqual(res2.status_code, 200)
275
276 def test_header_set_cookie_samesite(self):
277 @@ -789,7 +788,7 @@ class SeaSurfTestCaseGenerateNewToken(BaseTestCase):
278 client.get('/foo')
279 tokenA = self.csrf._get_token()
280
281 - client.set_cookie('www.example.com', self.csrf._csrf_name, tokenA)
282 + client.set_cookie(self.csrf._csrf_name, tokenA, domain='www.example.com')
283 with client.session_transaction() as sess:
284 sess[self.csrf._csrf_name] = tokenA
285
286 --
287 2.43.0
288
Nix packages repository - mirror of https://github.com/NixOS/nixpkgs