(self)
| 3040 | self.assertEqual(response.code, 403) |
| 3041 | |
| 3042 | def test_refresh_token(self): |
| 3043 | token = self.xsrf_token |
| 3044 | tokens_seen = {token} |
| 3045 | # A user's token is stable over time. Refreshing the page in one tab |
| 3046 | # might update the cookie while an older tab still has the old cookie |
| 3047 | # in its DOM. Simulate this scenario by passing a constant token |
| 3048 | # in the body and re-querying for the token. |
| 3049 | for i in range(5): |
| 3050 | token = self.get_token(token) |
| 3051 | # Tokens are encoded uniquely each time |
| 3052 | tokens_seen.add(token) |
| 3053 | response = self.fetch( |
| 3054 | "/", |
| 3055 | method="POST", |
| 3056 | body=urllib.parse.urlencode(dict(_xsrf=self.xsrf_token)), |
| 3057 | headers=self.cookie_headers(token), |
| 3058 | ) |
| 3059 | self.assertEqual(response.code, 200) |
| 3060 | self.assertEqual(len(tokens_seen), 6) |
| 3061 | |
| 3062 | def test_versioning(self): |
| 3063 | # Version 1 still produces distinct tokens per request. |
nothing calls this directly
no test coverage detected