search

AndrewIngram / django-extra-views

Django's class-based generic views are awesome, let's have more of them.
MIT License
1.38k stars 172 forks source link

Smoke tests result in ValidationError: ['ManagementForm data is missing or has been tampered with'] #215

Closed jayvdb closed 4 years ago

jayvdb commented 4 years ago

I have been running smoke tests on Oscar, described in most detail at https://github.com/django-oscar/django-oscar/issues/3420

The non-admin smoke tests invoked on Oscar views which use extra_views fail like so:

======================================================================
ERROR: test_smoke_POST_oscar/^basket/^$ (django_smoke_tests.tests.SmokeTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/django_smoke_tests/generator.py", line 90, in test
    response = http_method_function(url, {})
  File "/usr/lib/python3.8/site-packages/django/test/client.py", line 526, in post
    response = super().post(path, data=data, content_type=content_type, secure=secure, **extra)
  File "/usr/lib/python3.8/site-packages/django/test/client.py", line 355, in post
    return self.generic('POST', path, post_data, content_type,
  File "/usr/lib/python3.8/site-packages/django/test/client.py", line 421, in generic
    return self.request(**r)
  File "/usr/lib/python3.8/site-packages/django/test/client.py", line 496, in request
    raise exc_value
  File "/usr/lib/python3.8/site-packages/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
  File "/usr/lib/python3.8/site-packages/django/core/handlers/base.py", line 115, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/usr/lib/python3.8/site-packages/django/core/handlers/base.py", line 113, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/usr/lib/python3.8/site-packages/django/views/generic/base.py", line 71, in view
    return self.dispatch(request, *args, **kwargs)
  File "/usr/lib/python3.8/site-packages/django/views/generic/base.py", line 97, in dispatch
    return handler(request, *args, **kwargs)
  File "/usr/lib/python3.8/site-packages/extra_views/formsets.py", line 335, in post
    return super(BaseModelFormSetView, self).post(request, *args, **kwargs)
  File "/usr/lib/python3.8/site-packages/extra_views/formsets.py", line 301, in post
    if formset.is_valid():
  File "/usr/lib/python3.8/site-packages/django/forms/formsets.py", line 308, in is_valid
    self.errors
  File "/usr/lib/python3.8/site-packages/django/forms/formsets.py", line 288, in errors
    self.full_clean()
  File "/usr/lib/python3.8/site-packages/django/forms/formsets.py", line 329, in full_clean
    for i in range(0, self.total_form_count()):
  File "/usr/lib/python3.8/site-packages/django/forms/formsets.py", line 112, in total_form_count
    return min(self.management_form.cleaned_data[TOTAL_FORM_COUNT], self.absolute_max)
  File "/usr/lib/python3.8/site-packages/django/utils/functional.py", line 48, in __get__
    res = instance.__dict__[self.name] = self.func(instance)
  File "/usr/lib/python3.8/site-packages/django/forms/formsets.py", line 92, in management_form
    raise ValidationError(
django.core.exceptions.ValidationError: ['ManagementForm data is missing or has been tampered with']

Is it possible to get a more descriptive exception? e.g. What was missing?

And/or, can there be an mode where that exception is caught and a more appropriate Http status is used to describe the situation, such as 400 or a SuspiciousOperation exception if it really looks like the requests are being "tampered with" which sounds rather nefarious.

btw, I've submitted this and all the other oscar deps oscar for inclusion in openSUSE.

jonashaag commented 4 years ago

Thanks for the report. What is Django's default behavior for formsets in this case?