0
我已經寫了單元測試delete REST API及其對Django的單元測試失敗是由於CSRF的cookie沒有設置
{u'detail': u'CSRF Failed: CSRF cookie not set.'}
不知道失敗的原因及其檢查CSRF餅乾,雖然我已經設置測試案例頂部的enforce_csrf_checks=True。
這裏是我的測試案例
def setUp(self):
self.user = Customer.objects.create_user(email="[email protected]", password="12345678open", username="tanvir")
self.requirement_header = RequirementHeader.objects.create_requirement_header(user=self.user)
self.requirement_header_id = self.requirement_header.id
self.description = "Description"
self.file = '/requirements/test_data/test.txt'
self.requirement_lines = RequirementLine.objects.get_or_create(
requirement_header=self.requirement_header,
description=self.description,
file=self.file,
)[0]
def test_delete_requirement_line(self):
client = APIClient(enforce_csrf_checks=True)
logged_in = client.login(username=self.user.email, password='12345678open')
if logged_in:
data = {
'deleting_user': self.user.email
}
response = client.delete('/api/requirements/requirement-line/%d/' % self.requirement_lines.id, data, format='json')
self.assertEqual(response.status_code, 204)
事實上,這裏response.data回報{u'detail': u'CSRF Failed: CSRF cookie not set.'},這就是爲什麼狀態代碼是303和測試失敗。
我的API查看:
class RequirementLineRetrieveUpdateDestroyAPIView(BaseRetrieveUpdateDestroyAPIView):
serializer_class = RequirementLineSerializer
parser_classes = (MultiPartParser,)
def delete(self, request, requirement_line_id, *args, **kwargs):
deleting_user = request.user
try:
obj = RequirementService().delete_requirement_line(
deleting_user=deleting_user,
requirement_line_id=requirement_line_id,
)
return Response(status=status.HTTP_204_NO_CONTENT)
except ObjectDoesNotExist as e:
return Response(e.message, status=status.HTTP_404_NOT_FOUND)
我使用Django 1.9和DRF 3.X
這樣的修復,但這樣的用戶,謝謝! – RTan
好的,有一個問題,只是一個額外的問題,如果我不用csrf檢查編寫單元測試可以嗎? – RTan
在測試過程中,csrf檢查會自動禁用,所以我會說沒關係爲他們編寫測試。 Django的csrf保護代碼本身也是由Django自己的測試測試的。 – C14L