Pass xsrf token in tests to /hub/api requests

2025-12-18 21:54:05 +08:00 · 2023-05-11 23:13:59 +02:00
parent b3365fbe45
commit c09e83a6c8
1 changed files with 14 additions and 1 deletions
--- a/integration-tests/test_hub.py
+++ b/integration-tests/test_hub.py
@@ -389,7 +389,9 @@ async def test_idle_server_culled():
    )

    async with User(username, hub_url, partial(login_dummy, password="")) as u:
+        # Login the user
        await u.login()
+
        # Start user's server
        await u.ensure_server_simulate()
        # Assert that the user exists
@@ -400,12 +402,23 @@ async def test_idle_server_culled():
        r = await u.session.get(user_url, allow_redirects=False)
        assert r.status == 200

+        # Extract the xsrf token from the _xsrf cookie set after visiting
+        # /hub/login with the u.session
+        hub_cookie = u.session.cookie_jar.filter_cookies(str(u.hub_url / "hub/api/user"))
+        assert "_xsrf" in hub_cookie
+        hub_xsrf_token = hub_cookie["_xsrf"].value
+
        # Check that we can talk to JupyterHub itself
        # use this as a proxy for whether the user still exists
        async def hub_api_request():
            r = await u.session.get(
                u.hub_url / "hub/api/user",
-                headers={"Referer": str(u.hub_url / "hub/")},
+                headers={
+                    # Referer is needed for JupyterHub <=3
+                    "Referer": str(u.hub_url / "hub/"),
+                    # X-XSRFToken is needed for JupyterHub >=4
+                    "X-XSRFToken": hub_xsrf_token,
+                },
                allow_redirects=False,
            )
            return r