cake_csrf_token failed on logged-in users without AMO session cookie

2010-03-09 12:23:39 +01:00 · 2010-03-09 12:23:39 +01:00 · 3d663ee764
--- a/apps/cake/helpers.py
+++ b/apps/cake/helpers.py
@ -18,8 +18,10 @@ def cake_csrf_token(context):
    if not user.is_authenticated():
        return

-    session_id = context['request'].COOKIES.get('AMOv3').value
-    if not session_id:
+    try:
+        session_id = context['request'].COOKIES.get('AMOv3').value
+        assert session_id
+    except (AttributeError, AssertionError):
        return

    try:
--- a/apps/cake/tests.py
+++ b/apps/cake/tests.py
@ -102,3 +102,21 @@ class TestHelpers(TestCase):
        doc = pq(cake_csrf_token(ctx))
        self.assert_(doc.html())
        self.assert_(doc('input').attr('value'))
+
+    def test_csrf_token_nosession(self):
+        """No session cookie, no Cake CSRF token."""
+        mysessionid = "17f051c99f083244bf653d5798111216"
+
+        s = SessionBackend()
+        session = Session.objects.get(pk=mysessionid)
+        user = s.authenticate(session=session)
+
+        client = self.client
+
+        request = Mock()
+        request.user = user
+        request.COOKIES = client.cookies
+        ctx = {'request': request}
+
+        token = cake_csrf_token(ctx)
+        assert not token