django 1.11: update redirect location checks (#21489)
https://code.djangoproject.com/ticket/23960
This commit is contained in:
parent
89b7740e04
commit
54eb9e5dd2
|
@ -325,10 +325,11 @@ def assert_external_redirect(external_redirect):
|
||||||
next_url, valid = external_redirect
|
next_url, valid = external_redirect
|
||||||
if valid:
|
if valid:
|
||||||
def check_location(response, default_return):
|
def check_location(response, default_return):
|
||||||
assert response['Location'] == next_url
|
assert next_url.endswith(response['Location'])
|
||||||
else:
|
else:
|
||||||
def check_location(response, default_return):
|
def check_location(response, default_return):
|
||||||
assert response['Location'] == urlparse.urljoin('http://testserver/', default_return)
|
assert urlparse.urljoin('http://testserver/', default_return)\
|
||||||
|
.endswith(response['Location'])
|
||||||
return check_location
|
return check_location
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ def test_user_admin(db, app, superuser):
|
||||||
Attribute.objects.create(label='Civilité', name='civilite', kind='title', required=False,
|
Attribute.objects.create(label='Civilité', name='civilite', kind='title', required=False,
|
||||||
user_visible=True, user_editable=True, asked_on_registration=True,
|
user_visible=True, user_editable=True, asked_on_registration=True,
|
||||||
multiple=False)
|
multiple=False)
|
||||||
resp = app.get('/admin/custom_user/user/%s/' % superuser.pk)
|
resp = app.get('/admin/custom_user/user/%s/' % superuser.pk).maybe_follow()
|
||||||
assert set(resp.form.fields.keys()) >= set(['username', 'first_name', 'last_name', 'civilite',
|
assert set(resp.form.fields.keys()) >= set(['username', 'first_name', 'last_name', 'civilite',
|
||||||
'siret', 'is_staff', 'is_superuser', 'ou', 'groups',
|
'siret', 'is_staff', 'is_superuser', 'ou', 'groups',
|
||||||
'date_joined_0', 'date_joined_1', 'last_login_0',
|
'date_joined_0', 'date_joined_1', 'last_login_0',
|
||||||
|
|
|
@ -124,7 +124,7 @@ class CasTests(Authentic2TestCase):
|
||||||
location = response['Location']
|
location = response['Location']
|
||||||
url = location.split('?')[0]
|
url = location.split('?')[0]
|
||||||
query = urlparse.parse_qs(location.split('?')[1])
|
query = urlparse.parse_qs(location.split('?')[1])
|
||||||
self.assertEquals(url, 'http://testserver/login/')
|
self.assertTrue(url.endswith('/login/'))
|
||||||
self.assertIn('nonce', query)
|
self.assertIn('nonce', query)
|
||||||
self.assertIn('next', query)
|
self.assertIn('next', query)
|
||||||
self.assertEquals(query['nonce'], [ticket.ticket_id])
|
self.assertEquals(query['nonce'], [ticket.ticket_id])
|
||||||
|
@ -169,7 +169,7 @@ class CasTests(Authentic2TestCase):
|
||||||
location = response['Location']
|
location = response['Location']
|
||||||
url = location.split('?')[0]
|
url = location.split('?')[0]
|
||||||
query = urlparse.parse_qs(location.split('?')[1])
|
query = urlparse.parse_qs(location.split('?')[1])
|
||||||
self.assertEquals(url, 'http://testserver/login/')
|
self.assertTrue(url.endswith('/login/'))
|
||||||
self.assertIn('nonce', query)
|
self.assertIn('nonce', query)
|
||||||
self.assertIn('next', query)
|
self.assertIn('next', query)
|
||||||
self.assertEquals(query['nonce'], [ticket.ticket_id])
|
self.assertEquals(query['nonce'], [ticket.ticket_id])
|
||||||
|
@ -220,7 +220,7 @@ class CasTests(Authentic2TestCase):
|
||||||
location = response['Location']
|
location = response['Location']
|
||||||
url = location.split('?')[0]
|
url = location.split('?')[0]
|
||||||
query = urlparse.parse_qs(location.split('?')[1])
|
query = urlparse.parse_qs(location.split('?')[1])
|
||||||
self.assertEquals(url, 'http://testserver/login/')
|
self.assertTrue(url.endswith('/login/'))
|
||||||
self.assertIn('nonce', query)
|
self.assertIn('nonce', query)
|
||||||
self.assertIn('next', query)
|
self.assertIn('next', query)
|
||||||
self.assertEquals(query['nonce'], [ticket.ticket_id])
|
self.assertEquals(query['nonce'], [ticket.ticket_id])
|
||||||
|
@ -269,7 +269,7 @@ class CasTests(Authentic2TestCase):
|
||||||
location = response['Location']
|
location = response['Location']
|
||||||
url = location.split('?')[0]
|
url = location.split('?')[0]
|
||||||
query = urlparse.parse_qs(location.split('?')[1])
|
query = urlparse.parse_qs(location.split('?')[1])
|
||||||
self.assertEquals(url, 'http://testserver/login/')
|
self.assertTrue(url.endswith('/login/'))
|
||||||
self.assertIn('nonce', query)
|
self.assertIn('nonce', query)
|
||||||
self.assertIn('next', query)
|
self.assertIn('next', query)
|
||||||
self.assertEquals(query['nonce'], [ticket.ticket_id])
|
self.assertEquals(query['nonce'], [ticket.ticket_id])
|
||||||
|
@ -321,7 +321,7 @@ class CasTests(Authentic2TestCase):
|
||||||
location = response['Location']
|
location = response['Location']
|
||||||
url = location.split('?')[0]
|
url = location.split('?')[0]
|
||||||
query = urlparse.parse_qs(location.split('?')[1])
|
query = urlparse.parse_qs(location.split('?')[1])
|
||||||
self.assertEquals(url, 'http://testserver/login/')
|
self.assertTrue(url.endswith('/login/'))
|
||||||
self.assertIn('nonce', query)
|
self.assertIn('nonce', query)
|
||||||
self.assertIn('next', query)
|
self.assertIn('next', query)
|
||||||
self.assertEquals(query['nonce'], [ticket.ticket_id])
|
self.assertEquals(query['nonce'], [ticket.ticket_id])
|
||||||
|
|
|
@ -51,7 +51,7 @@ def test_registration(app, db, settings, mailoutbox, external_redirect):
|
||||||
assert 'You have just created an account.' in response.content
|
assert 'You have just created an account.' in response.content
|
||||||
assert next_url in response.content
|
assert next_url in response.content
|
||||||
else:
|
else:
|
||||||
assert response['Location'] == 'http://testserver/'
|
assert urlparse(response['Location']).path == '/'
|
||||||
response = response.follow()
|
response = response.follow()
|
||||||
assert 'You have just created an account.' in response.content
|
assert 'You have just created an account.' in response.content
|
||||||
assert User.objects.count() == 1
|
assert User.objects.count() == 1
|
||||||
|
|
|
@ -1,3 +1,5 @@
|
||||||
|
from urlparse import urlparse
|
||||||
|
|
||||||
from utils import login
|
from utils import login
|
||||||
import pytest
|
import pytest
|
||||||
|
|
||||||
|
@ -28,9 +30,9 @@ def test_account_delete(app, simple_user):
|
||||||
response = page.form.submit(name='submit').follow()
|
response = page.form.submit(name='submit').follow()
|
||||||
response = response.form.submit()
|
response = response.form.submit()
|
||||||
assert not User.objects.get(pk=simple_user.pk).is_active
|
assert not User.objects.get(pk=simple_user.pk).is_active
|
||||||
assert response.location == 'http://testserver/'
|
assert urlparse(response.location).path == '/'
|
||||||
response = response.follow().follow()
|
response = response.follow().follow()
|
||||||
assert response.request.url.startswith('http://testserver/login/')
|
assert response.request.url.endswith('/login/?next=/')
|
||||||
|
|
||||||
|
|
||||||
def test_login_invalid_next(app):
|
def test_login_invalid_next(app):
|
||||||
|
|
|
@ -92,7 +92,7 @@ class Authentic2TestCase(TestCase):
|
||||||
scheme, netloc, path, query, fragment = urlparse.urlsplit(response.url)
|
scheme, netloc, path, query, fragment = urlparse.urlsplit(response.url)
|
||||||
e_scheme, e_netloc, e_path, e_query, e_fragment = \
|
e_scheme, e_netloc, e_path, e_query, e_fragment = \
|
||||||
urlparse.urlsplit(expected_url)
|
urlparse.urlsplit(expected_url)
|
||||||
e_scheme = e_scheme if e_scheme else scheme or 'http'
|
e_scheme = e_scheme if e_scheme else scheme
|
||||||
e_netloc = e_netloc if e_netloc else netloc
|
e_netloc = e_netloc if e_netloc else netloc
|
||||||
expected_url = urlparse.urlunsplit((e_scheme, e_netloc, e_path,
|
expected_url = urlparse.urlunsplit((e_scheme, e_netloc, e_path,
|
||||||
e_query, e_fragment))
|
e_query, e_fragment))
|
||||||
|
|
Loading…
Reference in New Issue