Adding tests where no csrf token is given

SELab-2 · Apr 28, 2024 · d53a31c · d53a31c
1 parent 13e9b2e
commit d53a31c
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/backend/tests/endpoints/conftest.py b/backend/tests/endpoints/conftest.py
@@ -34,8 +34,9 @@ def auth_test(
 
     for k, v in data_map.items():
         endpoint = endpoint.replace(k, str(v))
+    csrf = get_csrf_from_login(client, token) if token else None
 
-    return endpoint, getattr(client, method), get_csrf_from_login(client, token), allowed
+    return endpoint, getattr(client, method), csrf, allowed
 
 
 

diff --git a/backend/tests/endpoints/endpoint.py b/backend/tests/endpoints/endpoint.py
@@ -8,7 +8,7 @@ def authentication_tests(endpoint: str, methods: list[str]) -> list[Any]:
     tests = []
 
     for method in methods:
-        for token in ["0123456789", "login"]:
+        for token in [None, "0123456789", "login"]:
             allowed = token == "login"
             tests.append(param(
                 (endpoint, method, token, allowed),
@@ -89,7 +89,10 @@ def authentication(self, auth_test: tuple[str, Any, str, bool]):
 
         endpoint, method, csrf, allowed = auth_test
 
-        response = method(endpoint, headers = {"X-CSRF-TOKEN":csrf})
+        if csrf:
+            response = method(endpoint, headers = {"X-CSRF-TOKEN":csrf})
+        else:
+            response = method(endpoint)
         assert allowed == (response.status_code != 401)
 
     def authorization(self, auth_test: tuple[str, Any, str, bool]):