1 files changed, 13 insertions, 12 deletions

diff --git a/mediagoblin/tests/test_csrf_middleware.py b/mediagoblin/tests/test_csrf_middleware.py
index ad433fe8..22a0eb04 100644
--- a/mediagoblin/tests/test_csrf_middleware.py
+++ b/mediagoblin/tests/test_csrf_middleware.py
@@ -14,13 +14,12 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from mediagoblin.tests.tools import setup_fresh_app
+from mediagoblin.tests.tools import get_test_app
 from mediagoblin import mg_globals
 
 
-@setup_fresh_app
-def test_csrf_cookie_set(test_app):
-
+def test_csrf_cookie_set():
+    test_app = get_test_app(dump_old_app=False)
     cookie_name = mg_globals.app_config['csrf_cookie_name']
 
     # get login page
@@ -34,8 +33,11 @@ def test_csrf_cookie_set(test_app):
     assert response.headers.get('Vary', False) == 'Cookie'
 
 
-@setup_fresh_app
-def test_csrf_token_must_match(test_app):
+def test_csrf_token_must_match():
+    # We need a fresh app for this test on webtest < 1.3.6.
+    # We do not understand why, but it fixes the tests.
+    # If we require webtest >= 1.3.6, we can switch to a non fresh app here.
+    test_app = get_test_app(dump_old_app=True)
 
     # construct a request with no cookie or form token
     assert test_app.post('/auth/login/',
@@ -44,7 +46,7 @@ def test_csrf_token_must_match(test_app):
 
     # construct a request with a cookie, but no form token
     assert test_app.post('/auth/login/',
-                         headers={'Cookie': str('%s=foo; ' %
+                         headers={'Cookie': str('%s=foo' %
                                   mg_globals.app_config['csrf_cookie_name'])},
                          extra_environ={'gmg.verify_csrf': True},
                          expect_errors=True).status_int == 403
@@ -52,7 +54,7 @@ def test_csrf_token_must_match(test_app):
     # if both the cookie and form token are provided, they must match
     assert test_app.post('/auth/login/',
                          {'csrf_token': 'blarf'},
-                         headers={'Cookie': str('%s=foo; ' %
+                         headers={'Cookie': str('%s=foo' %
                                   mg_globals.app_config['csrf_cookie_name'])},
                          extra_environ={'gmg.verify_csrf': True},
                          expect_errors=True).\
@@ -60,14 +62,13 @@ def test_csrf_token_must_match(test_app):
 
     assert test_app.post('/auth/login/',
                          {'csrf_token': 'foo'},
-                         headers={'Cookie': str('%s=foo; ' %
+                         headers={'Cookie': str('%s=foo' %
                                   mg_globals.app_config['csrf_cookie_name'])},
                          extra_environ={'gmg.verify_csrf': True}).\
                          status_int == 200
 
-@setup_fresh_app
-def test_csrf_exempt(test_app):
-
+def test_csrf_exempt():
+    test_app = get_test_app(dump_old_app=False)
     # monkey with the views to decorate a known endpoint
     import mediagoblin.auth.views
     from mediagoblin.meddleware.csrf import csrf_exempt