There are several things you can try: 1. Mocking csrf token functions 2. Passing the csrf token context from first HTML generation to the second HTML generation 3. Wiping out the csrf token parts from both HTML before comparing them.
On Thu, 28 Mar 2019, 23:54 Simon Charette, <charett...@gmail.com> wrote: > This is effectively failing because of a mechanism added in 1.10 to protect > against BREACH attacks[0] by salting the CSRF token. > > I'm not aware of any way to disable this mechanism but testing against the > exact HTML returned from a view seems fragile. > > I suggest you use assertContains[1] (with or without html=True) and > assertTemplateUsed[2] instead. > > Cheers, > Simon > > [0] https://docs.djangoproject.com/en/2.1/ref/csrf/#how-it-works > [1] > https://docs.djangoproject.com/en/2.1/topics/testing/tools/#django.test.SimpleTestCase.assertContains > [2] > https://docs.djangoproject.com/en/2.1/topics/testing/tools/#django.test.SimpleTestCase.assertTemplateUsed > > Le jeudi 28 mars 2019 12:16:43 UTC-4, OnlineJudge95 a écrit : >> >> Hi people, >> >> I am following the book Test-Driven Development with Python >> <https://www.amazon.in/Test-Driven-Development-Python-Selenium-JavaScript/dp/1491958707> >> by >> *Harry J.W. Perceval.* The book is using Django version 1.7 which is >> outdated as of now so I started with version 2.1. >> >> I am trying to unit test my index view. One unit-test that I have written >> is testing whether the index view returns correct HTML or not by comparing >> the input received through >> django.template.loader.render_to_string >> the unit-test fail with the following traceback >> python manage.py test >> Creating test database for alias 'default'... >> .System check identified no issues (0 silenced). >> F. >> ====================================================================== >> FAIL: test_index_view_returns_correct_html (lists.tests.IndexViewTest) >> ---------------------------------------------------------------------- >> Traceback (most recent call last): >> File "tests.py", line 24, in test_index_view_returns_correct_html >> self.assertEqual(expected_html, actual_html) >> AssertionError: '<!DO[263 >> chars]lue="BJMT1b9fxuXOGugp00SDypeTYZxvlmc6KtBSYMDon[198 chars]l>\n' != >> '<!DO[263 chars]lue="R05ZiWMASEWMurA8Rdo8bnA0mTwqFTqA0KUYfxgJI[198 >> chars]l>\n' >> >> ---------------------------------------------------------------------- >> Ran 3 tests in 0.006s >> >> FAILED (failures=1) >> Destroying test database for alias 'default'... >> >> Process finished with exit code 1 >> >> >> It was clear that the csrf token is causing the test to fail. Is there >> any way to test it, or should it be tested? I ask this as when I changed my >> Django version to 1.7, the tests were passing, even after giving the csrf >> token field in the form. I tried going through the changelogs but 1.7 is >> far behind (beginner here). Please find the code snippets, directory >> structure provided below. >> >> >> *lists/views.py* >> >> >> >> >> >> >> >> >> >> >> *from django.http import HttpResponsefrom django.shortcuts import render# >> Create your views here.def index(request): if request.method == 'POST': >> return HttpResponse(request.POST['item_text']) return >> render(request, 'index.html')* >> >> >> *lists/test.py* >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> *from django.http import HttpRequestfrom django.template.loader import >> render_to_stringfrom django.test import TestCasefrom django.urls import >> resolvefrom lists.views import index# Create your tests here.class >> IndexViewTest(TestCase): def >> test_root_url_resolves_to_home_page_view(self): [...] def >> test_index_view_returns_correct_html(self): request = HttpRequest() >> response = index(request) actual_html = >> response.content.decode() expected_html = >> render_to_string('index.html', request=request) >> self.assertEqual(expected_html, actual_html) def >> test_index_view_can_save_a_post_request(self): [...]requirements.txt* >> >> >> >> >> >> *Django==2.1.7pytz==2018.9selenium==3.141.0urllib3==1.24.* >> *settings.py* >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> *[...]# Application definitionINSTALLED_APPS = [ 'django.contrib.admin', >> 'django.contrib.auth', 'django.contrib.contenttypes', >> 'django.contrib.sessions', 'django.contrib.messages', >> 'django.contrib.staticfiles', 'lists',][...]* >> *Directory Structure* >> >> [image: Screen Shot 2019-03-28 at 9.36.56 PM.png] >> >> -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at https://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/7f0f12be-fc3e-43c3-ba07-e48158def051%40googlegroups.com > <https://groups.google.com/d/msgid/django-users/7f0f12be-fc3e-43c3-ba07-e48158def051%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAN7EoAb8Ov7GXZXV7Eao%3Dj_-w4bKKG75ebF0fnjbTzHO%2BxmB%3DA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
