search

maxcountryman / flask-seasurf

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).
http://readthedocs.org/docs/flask-seasurf/
Other
190 stars 49 forks source link

Test errors: test_header_set_cookie, test_header_set_on_post, test_https_good_referer, test_https_referer_check_disabled #141

Open pbsds opened 12 months ago

pbsds commented 12 months ago 
======================================================================
ERROR: test_header_set_cookie (test_seasurf.SeaSurfTestCaseSetCookie.test_header_set_cookie)
Test that the Set-Cookie header was passed on a new request
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/build/source/test_seasurf.py", line 731, in test_header_set_cookie
    client.cookie_jar.clear()
    ^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'dict_values' object has no attribute 'clear'

======================================================================
ERROR: test_header_set_on_post (test_seasurf.SeaSurfTestCaseSetCookie.test_header_set_on_post)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/build/source/test_seasurf.py", line 746, in test_header_set_on_post
    if cookie.name == self.csrf._csrf_name:
       ^^^^^^^^^^^
AttributeError: 'Cookie' object has no attribute 'name'

======================================================================
FAIL: test_https_good_referer (test_seasurf.SeaSurfTestCase.test_https_good_referer)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/build/source/test_seasurf.py", line 156, in test_https_good_referer
    self.assertEqual(rv.status_code, 200)
AssertionError: 403 != 200

======================================================================
FAIL: test_https_referer_check_disabled (test_seasurf.SeaSurfTestCaseReferer.test_https_referer_check_disabled)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/build/source/test_seasurf.py", line 663, in test_https_referer_check_disabled
    self.assertEqual(200, rv.status_code)
AssertionError: 200 != 403
amiantos commented 11 months ago

I fixed the cookie jar ones but I can't figure out what is wrong with the other ones. This is a big blocker for me unfortunately, really trying to figure out how to update this package to support Werkzeug 3...

amiantos commented 11 months ago

If it helps I think the test issues are around with self.app.test_client() as client, in the latest flask updates there is a big issue with stacks in flask, you can no longer rely on them just having the newest client on top, so when you grab test_client() it can be returning one from a prior test setup... kind of ridiculous but I don't totally understand the reasoning behind the changes.

amiantos commented 11 months ago

I hid my comments as off topic because I learned my upgrade issues were NOT caused by flask-seasurf but by some flask-oauthlib residual code that was wrong, if anyone else lands here, look for headers["Authorization"] = request.authorization and change it to headers["Authorization"] = request.authorization.to_header() because the object type of request.authorization has changed in werkzeug >=2.3