From 76510b0f51d0da02023396000625680c935b0760 Mon Sep 17 00:00:00 2001
From: Erik Sundell <erik.i.sundell@gmail.com>
Date: Sun, 4 Jun 2023 22:52:15 +0200
Subject: [PATCH] maint: adjust test against jupyterhub to pass _xsrf token

---
 binderhub/tests/test_auth.py | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/binderhub/tests/test_auth.py b/binderhub/tests/test_auth.py
index 74121b055..7ef9e9a2b 100644
--- a/binderhub/tests/test_auth.py
+++ b/binderhub/tests/test_auth.py
@@ -44,15 +44,22 @@ async def test_auth(app, path, authenticated, use_session):
         # not authenticated, we should get the page and be done
         assert r.url == url
         return
+    assert "/hub/login" in urlparse(r.url).path
+
+    # acquire a _xsrf cookie to pass in the post request we are about to make
+    login_url = f"{app.hub_url}/hub/login"
+    r2 = await async_requests.get(login_url)
+    assert r2.status_code == 200, f"{r2.status_code} {r2.url}"
+    _xsrf_cookie = r2.cookies.get("_xsrf", path="/hub/")
+    assert _xsrf_cookie
 
     # submit login form
-    assert "/hub/login" in urlparse(r.url).path
-    r2 = await async_requests.post(
-        r.url, data={"username": "dummy", "password": "dummy"}
+    r3 = await async_requests.post(
+        r.url, data={"username": "dummy", "password": "dummy", "_xsrf": _xsrf_cookie}
     )
-    assert r2.status_code == 200, f"{r2.status_code} {r.url}"
+    assert r3.status_code == 200, f"{r3.status_code} {r3.url}"
     # verify that we landed at the destination after auth
-    assert r2.url == url
+    assert r3.url == url
 
 
 @skip_remote