lundberg/porchlight
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: add CSRF token handling to admin tests after merge

Browse source 
The CSRF middleware added to main after the admin-pages branch was
created caused all admin test POSTs/DELETEs to be rejected. Add
get_csrf_token() calls and X-CSRF-Token headers to login helpers and
all mutation requests, matching the pattern used by other tests.
This commit is contained in:
Johan Lundberg 2026-02-19 15:02:51 +01:00
parent 33a61ecc2a
commit befcef9395
No known key found for this signature in database
GPG key ID: A6C152738D03C7D1
2 changed files with 42 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tests/test_admin/test_admin_guard.py
View file

@ -6,6 +6,7 @@ from httpx import AsyncClient
from porchlight.authn.password import PasswordService
from porchlight.models import PasswordCredential, User
from tests.conftest import get_csrf_token
async def _login(
@ -32,10 +33,11 @@ async def _login(
if existing is None:
await cred_repo.create_password(PasswordCredential(user_id=user.userid, password_hash=svc.hash(password)))
token = await get_csrf_token(client)
await client.post(
"/login/password",
data={"username": username, "password": password},
headers={"HX-Request": "true"},
headers={"HX-Request": "true", "X-CSRF-Token": token},
)