From c09e83a6c8340bc9205c11f284d469d45f524da9 Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik@sundellopensource.se>
Date: Thu, 11 May 2023 23:13:59 +0200
Subject: [PATCH] Pass xsrf token in tests to /hub/api requests

---
 integration-tests/test_hub.py | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/integration-tests/test_hub.py b/integration-tests/test_hub.py
index 26bb745..0b282ed 100644
--- a/integration-tests/test_hub.py
+++ b/integration-tests/test_hub.py
@@ -389,7 +389,9 @@ async def test_idle_server_culled():
     )
 
     async with User(username, hub_url, partial(login_dummy, password="")) as u:
+        # Login the user
         await u.login()
+
         # Start user's server
         await u.ensure_server_simulate()
         # Assert that the user exists
@@ -400,12 +402,23 @@ async def test_idle_server_culled():
         r = await u.session.get(user_url, allow_redirects=False)
         assert r.status == 200
 
+        # Extract the xsrf token from the _xsrf cookie set after visiting
+        # /hub/login with the u.session
+        hub_cookie = u.session.cookie_jar.filter_cookies(str(u.hub_url / "hub/api/user"))
+        assert "_xsrf" in hub_cookie
+        hub_xsrf_token = hub_cookie["_xsrf"].value
+
         # Check that we can talk to JupyterHub itself
         # use this as a proxy for whether the user still exists
         async def hub_api_request():
             r = await u.session.get(
                 u.hub_url / "hub/api/user",
-                headers={"Referer": str(u.hub_url / "hub/")},
+                headers={
+                    # Referer is needed for JupyterHub <=3
+                    "Referer": str(u.hub_url / "hub/"),
+                    # X-XSRFToken is needed for JupyterHub >=4
+                    "X-XSRFToken": hub_xsrf_token,
+                },
                 allow_redirects=False,
             )
             return r