1

I'm in the process of writing a test for the login portion of an app I'm creating in Flask. However, when I pass data using the test_client.post() method my test data isn't being passed correctly.

What's more, the manual login test POSTs and redirects fine.

The test case code is:

# Ensure Login behaves correctly given the correct credentials
    def test_correct_login(self):
        tester = app.test_client(self)
        response = tester.post('/login',data= dict(username = 'bigtest', password = 'testing2'), follow_redirects = True, content_type='application/x-www-form-urlencoded')
        self.assertIn(b'Section title', response.data)

The response given shows that the username is passed correct, but the password does not have a value.

This is the response returned in console:

<div class="form-group required">
    <label class="control-label" for="username">username</label>
    <input class="form-control" id="username" name="username" required type="text" value="bigtest">
</div>
<div class="form-group required">
    <label class="control-label" for="password">password</label>
    <input class="form-control" id="password" name="password" required type="password" value="">

I'm not sure what the issue is here. Has this happened to anyone else before?

Joel Carter
  • 151
  • 12
  • What is the point of `hashed = generate_password_hash('testing2', method='sha256')`? You never actually use it. – John Gordon Sep 25 '18 at 04:08
  • I tried to theory with that line to see if it wasn't working because the password in my database is being hashed. That didn't work either, but I forgot to edit it out of the code in the question. Thanks for pointing that out. – Joel Carter Sep 25 '18 at 04:12
  • Does the login view set/read any cookies? – John Gordon Sep 25 '18 at 04:18
  • @JohnGordon Yes sir it does, from what I can tell in the network tab of the chrome dev tools. The cookie being set is the CSRF token passed from my flask form. – Joel Carter Sep 25 '18 at 04:20
  • Then the problem might be that you aren't first doing a GET on the login form to set the CSRF token. – John Gordon Sep 25 '18 at 04:22
  • Hmmm...interesting, this is a first I've encountered that. So does that mean I would need to have two response variables? That's what I'm assuming at first glance. – Joel Carter Sep 25 '18 at 04:26
  • 1
    Typically, when using a web framework's built-in test engine, you'd want to disable CSRF checking altogether, as it just gets in the way. Try googling for "flask tester csrf". – John Gordon Sep 25 '18 at 04:28
  • Although if CRSF is the culprit, it's sort of odd that it works like this. I would expect an actual error response, instead of just omitting the password. Are there any logs you can look at? – John Gordon Sep 25 '18 at 04:29
  • That's interesting, I'm looking that up now thanks. Currently, the only log that is produced from the test is the direct output from the test suite. – Joel Carter Sep 25 '18 at 04:36

0 Answers0