Added workaround for unit testing. Updated documentation for same. Version bump

Author: btimby

README.rst

@@ -59,5 +59,24 @@ Usage
 
         name = forms.CharField()
 
+
+Unit Testing
+------------
+
+If you want to write unit tests for forms that derive from SecureForm, you will
+need to let this application know you are testing. SecureForm looks for
+settings.TESTING to evaluate to True. If so, it disables the security allowing
+the Django test client to send POST data using the original field names.
+
+In the future, I would rather provide tools so that testing can happen with
+security enabled, but this is a quick workaround. Our test framework uses an
+environment variable to set settings.TESTING. For example, in settings.py...
+
+::
+
+    import os
+
+    TESTING = True if 'TESTING' in os.environ else False
+
 .. _SmartFile: http://www.smartfile.com/
 .. _Read more: http://www.smartfile.com/open-source.html

django_secureform/forms/__init__.py

@@ -1,7 +1,9 @@
 import time
 import string
+
 from Crypto.Random import random
 from Crypto.Cipher import Blowfish
+
 from django import forms
 from django.conf import settings
 from django.core.cache import cache
@@ -15,6 +17,7 @@
 from django.utils.translation import ugettext as _
 from django.utils.safestring import mark_safe
 
+
 # Chars that are safe to use in field names.
 SAFE_CHARS = string.ascii_letters + string.digits
 
@@ -43,6 +46,14 @@ def random_name(choices=SAFE_CHARS, length=16):
     return ''.join(random.sample(choices, length))
 
 
+def testing():
+    """
+    Detects if we are running under Django unit tests. If so, security is
+    disabled.
+    """
+    return getattr(settings, 'TESTING', False)
+
+
 class SecureFormException(Exception):
     'Base exception for security faults.'
 
@@ -174,11 +185,12 @@ def __iter__(self):
 
     def __getitem__(self, name):
         'Returns a SecureBoundField with the given name.'
-        try:
-            field = self.fields[name]
-        except KeyError:
-            raise KeyError('Key %r not found in Form' % name)
-        return SecureBoundField(self, field, name)
+        if not testing():
+            try:
+                    return SecureBoundField(self, self.fields[name], name)
+            except KeyError:
+                raise KeyError('Key %r not found in Form' % name)
+        return super(SecureFormBase, self).__getitem__(name)
 
     def _script(self):
         '''Generates the JavaScript necessary for hiding the honeypots or an empty string
@@ -211,6 +223,8 @@ def decode_data(self):
         and while the honeypots are checked to ensure they are empty.'''
         if not self.is_bound:
             return
+        if testing():
+            return
         cleaned_data = {}
         secure = self.data[self._meta.secure_field_name]
         secure = self.crypt.decrypt(secure.decode('hex')).rstrip()
@@ -266,6 +280,8 @@ def full_clean(self):
 
     def secure_data(self):
         'Prepares the secure data before the form is rendered.'
+        if testing():
+            return
         # Empty out the previous map, we will generate a new one.
         self._secure_field_map = {}
         labels = []

setup.py

@@ -4,7 +4,7 @@
 from distutils.core import setup
 
 name = 'django-secureform'
-version = '0.2'
+version = '0.3'
 release = '1'
 versrel = version + '-' + release
 readme = os.path.join(os.path.dirname(__file__), 'README.rst')