entrouvert
/
authentic
16
0
Fork 0
Code Issues Pull Requests 35 Releases Activity

urls: move public view into their own prefix (#12932)

This commit is contained in:
Benjamin Dauvergne 2022-01-12 17:48:51 +01:00 committed by Frédéric Péters
parent 30b90b8ced
commit 84cf3adbdb
10 changed files with 80 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/authentic2/urls.py
View File

@ -44,13 +44,6 @@ accounts_urlpatterns = [
views.registration_completion,
name='registration_activate',
),
url(r'^register/$', views.RegistrationView.as_view(), name='registration_register'),
url(r'^register/complete/$', views.registration_complete, name='registration_complete'),
url(
r'^register/closed/$',
TemplateView.as_view(template_name='registration/registration_closed.html'),
name='registration_disallowed',
),
url(r'^delete/$', login_required(views.AccountDeleteView.as_view()), name='delete_account'),
url(
r'validate-deletion/(?P<deletion_token>[\w: -]+)/$',
@ -81,6 +74,46 @@ accounts_urlpatterns = [
dj_auth_views.PasswordChangeDoneView.as_view(),
name='password_change_done',
),
# permament redirections for views moved to root
url(r'^register/$', RedirectView.as_view(permanent=True, pattern_name='registration_register')),
url(r'^register/complete/$', RedirectView.as_view(permanent=True, pattern_name='registration_complete')),
url(r'^register/closed/$', RedirectView.as_view(permanent=True, pattern_name='registration_disallowed')),
url(
r'^password/reset/confirm/(?P<token>[A-Za-z0-9_ -]+)/$',
RedirectView.as_view(permanent=True, pattern_name='password_reset_confirm'),
),
url(r'^password/reset/$', RedirectView.as_view(permanent=True, pattern_name='password_reset')),
url(
r'^password/reset/instructions/$',
RedirectView.as_view(permanent=True, pattern_name='password_reset_instructions'),
),
url(
r'^password/reset/.*',
RedirectView.as_view(permanent=True, pattern_name='invalid-password-reset-urls'),
),
]
urlpatterns = [
url(r'^$', views.homepage, name='auth_homepage'),
url(r'^login/$', views.login, name='auth_login'),
url(r'^login/token/(?P<token>[A-Za-z0-9_ -]+)/$', views.token_login, name='token_login'),
url(r'^logout/$', views.logout, name='auth_logout'),
url(r'^su/(?P<uuid>[A-Za-z0-9_-]+)/$', views.su, name='su'),
url(r'^accounts/', include(accounts_urlpatterns)),
url(r'^admin/', admin.site.urls),
url(r'^idp/', include('authentic2.idp.urls')),
url(r'^manage/', include('authentic2.manager.urls')),
url(r'^api/', include('authentic2.api_urls')),
url(r'^continue/$', views.display_message_and_continue, name='continue'),
url(r'^\.well-known/change-password$', RedirectView.as_view(pattern_name='password_change')),
# Registration
url(r'^register/$', views.RegistrationView.as_view(), name='registration_register'),
url(r'^register/complete/$', views.registration_complete, name='registration_complete'),
url(
r'^register/closed/$',
TemplateView.as_view(template_name='registration/registration_closed.html'),
name='registration_disallowed',
),
# Password reset
url(
r'^password/reset/confirm/(?P<token>[A-Za-z0-9_ -]+)/$',
@ -104,21 +137,6 @@ accounts_urlpatterns = [
),
]
urlpatterns = [
url(r'^$', views.homepage, name='auth_homepage'),
url(r'^login/$', views.login, name='auth_login'),
url(r'^login/token/(?P<token>[A-Za-z0-9_ -]+)/$', views.token_login, name='token_login'),
url(r'^logout/$', views.logout, name='auth_logout'),
url(r'^su/(?P<uuid>[A-Za-z0-9_-]+)/$', views.su, name='su'),
url(r'^accounts/', include(accounts_urlpatterns)),
url(r'^admin/', admin.site.urls),
url(r'^idp/', include('authentic2.idp.urls')),
url(r'^manage/', include('authentic2.manager.urls')),
url(r'^api/', include('authentic2.api_urls')),
url(r'^continue/$', views.display_message_and_continue, name='continue'),
url(r'^\.well-known/change-password$', RedirectView.as_view(pattern_name='password_change')),
]
try:
if getattr(settings, 'DISCO_SERVICE', False):
urlpatterns += [

2
tests/auth_fc/test_auth_fc.py
View File

@ -560,7 +560,7 @@ def test_authorization_error(app, franceconnect):
def test_registration_page(settings, app, franceconnect, hooks):
assert User.objects.count() == 0
assert app.get('/accounts/register/?service=portail&next=/idp/')
assert app.get('/register/?service=portail&next=/idp/')
franceconnect.login_with_fc_fixed_params(app)
# a new user has been created

2
tests/test_api.py
View File

@ -1292,7 +1292,7 @@ def test_password_reset(app, ou1, admin, user_ou1, mailoutbox):
assert len(mailoutbox) == 1
mail = mailoutbox[0]
assert mail.to[0] == email
assert 'http://testserver/accounts/password/reset/confirm/' in mail.body
assert 'http://testserver/password/reset/confirm/' in mail.body
assert_event('manager.user.password.reset.request', user=admin, api=True)

12
tests/test_attribute_kinds.py
View File

@ -34,7 +34,7 @@ def test_string(db, app, admin, mailoutbox):
)
qs = User.objects.filter(first_name='John')
response = app.get('/accounts/register/')
response = app.get('/register/')
form = response.form
form.set('email', 'john.doe@example.com')
response = form.submit().follow()
@ -80,7 +80,7 @@ def test_string(db, app, admin, mailoutbox):
def test_fr_postcode(db, app, admin, mailoutbox):
def register_john():
response = app.get('/accounts/register/')
response = app.get('/register/')
form = response.form
form.set('email', 'john.doe@example.com')
response = form.submit().follow()
@ -191,7 +191,7 @@ def test_phone_number(db, app, admin, mailoutbox, settings):
settings.A2_EMAILS_ADDRESS_RATELIMIT = None
def register_john():
response = app.get('/accounts/register/')
response = app.get('/register/')
form = response.form
form.set('email', 'john.doe@example.com')
response = form.submit().follow()
@ -271,7 +271,7 @@ def test_french_phone_number(db, app, admin, mailoutbox, settings):
settings.A2_EMAILS_ADDRESS_RATELIMIT = None
def register_john():
response = app.get('/accounts/register/')
response = app.get('/register/')
form = response.form
form.set('email', 'john.doe@example.com')
response = form.submit().follow()
@ -402,7 +402,7 @@ def test_french_phone_number(db, app, admin, mailoutbox, settings):
def test_birthdate(db, app, admin, mailoutbox, freezer):
def register_john():
response = app.get('/accounts/register/')
response = app.get('/register/')
form = response.form
form.set('email', 'john.doe@example.com')
response = form.submit().follow()
@ -508,7 +508,7 @@ def test_profile_image(db, app, admin, mailoutbox):
def john():
return User.objects.get(first_name='John')
response = app.get('/accounts/register/')
response = app.get('/register/')
form = response.form
form.set('email', 'john.doe@example.com')
response = form.submit().follow()

6
tests/test_auth_oidc.py
View File

@ -530,10 +530,8 @@ def test_sso(app, caplog, code, oidc_provider, oidc_provider_jwkset, hooks):
with utils.check_log(caplog, "'error': 'invalid request'"):
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code):
response = app.get(
login_callback_url(oidc_provider), params={'code': 'yyyy', 'state': state}
).maybe_follow()
assert 'Requête invalide' in response
response = app.get(login_callback_url(oidc_provider), params={'code': 'yyyy', 'state': state})
assert 'Authentication on Server failed with error' in app.cookies['messages']
with utils.check_log(caplog, 'invalid id_token'):
with oidc_provider_mock(oidc_provider, oidc_provider_jwkset, code, extra_id_token={'iss': None}):
response = app.get(login_callback_url(oidc_provider), params={'code': code, 'state': state})

2
tests/test_csv_import.py
View File

@ -559,7 +559,7 @@ tnoel@entrouvert.com,Thomas,Noël,'''
assert importer.run()
thomas = User.objects.get(email='tnoel@entrouvert.com')
assert len(mail.outbox) == 1
assert 'http://testserver/accounts/password/reset/confirm/' in mail.outbox[0].body
assert 'http://testserver/password/reset/confirm/' in mail.outbox[0].body
password = thomas.password
del mail.outbox[0]

22
tests/test_password_reset.py
View File

@ -69,10 +69,10 @@ def test_reset_by_email(app, simple_user, mailoutbox, settings):
def test_can_reset_by_username(app, db, simple_user, settings, mailoutbox):
resp = app.get('/accounts/password/reset/')
resp = app.get('/password/reset/')
assert 'email_or_username' not in resp.form.fields
settings.A2_USER_CAN_RESET_PASSWORD_BY_USERNAME = True
resp = app.get('/accounts/password/reset/')
resp = app.get('/password/reset/')
assert 'email_or_username' in resp.form.fields
resp.form.set('email_or_username', simple_user.username)
@ -94,7 +94,7 @@ def test_can_reset_by_username(app, db, simple_user, settings, mailoutbox):
def test_can_reset_by_username_with_email(app, db, simple_user, settings, mailoutbox):
settings.A2_USER_CAN_RESET_PASSWORD_BY_USERNAME = True
resp = app.get('/accounts/password/reset/')
resp = app.get('/password/reset/')
resp.form.set('email_or_username', simple_user.email)
resp = resp.form.submit().follow()
assert 'An email has been sent to %s' % simple_user.username in resp
@ -102,7 +102,7 @@ def test_can_reset_by_username_with_email(app, db, simple_user, settings, mailou
def test_reset_by_email_no_account(app, db, mailoutbox):
resp = app.get('/accounts/password/reset/')
resp = app.get('/password/reset/')
resp.form.set('email', 'john.doe@example.com')
resp = resp.form.submit().follow()
@ -114,7 +114,7 @@ def test_reset_by_email_no_account(app, db, mailoutbox):
def test_can_reset_by_username_no_account(app, db, settings, mailoutbox):
settings.A2_USER_CAN_RESET_PASSWORD_BY_USERNAME = True
resp = app.get('/accounts/password/reset/')
resp = app.get('/password/reset/')
resp.form.set('email_or_username', 'john.doe')
resp = resp.form.submit().follow()
assert 'An email has been sent to john.doe' in resp
@ -124,7 +124,7 @@ def test_can_reset_by_username_no_account(app, db, settings, mailoutbox):
def test_can_reset_by_username_no_account_email(app, db, settings, mailoutbox):
settings.A2_USER_CAN_RESET_PASSWORD_BY_USERNAME = True
resp = app.get('/accounts/password/reset/')
resp = app.get('/password/reset/')
resp.form.set('email_or_username', 'john.doe@example.com')
resp = resp.form.submit().follow()
assert 'An email has been sent to john.doe' in resp
@ -143,8 +143,8 @@ def test_user_exclude(app, simple_user, mailoutbox, settings):
def test_old_url_redirect(app):
response = app.get('/accounts/password/reset/whatever')
assert response.location == '/accounts/password/reset/'
response = app.get('/password/reset/whatever')
assert response.location == '/password/reset/'
response = response.follow()
assert 'please reset your password again' in response
@ -165,9 +165,9 @@ def test_send_password_reset_email_no_account(app, db, mailoutbox, settings, reg
for body in (mail.body, mail.alternatives[0][0]):
assert 'no account was found associated with this address' in body
if settings.REGISTRATION_OPEN:
assert 'http://testserver/accounts/register/' in body
assert 'http://testserver/register/' in body
else:
assert 'http://testserver/accounts/register/' not in body
assert 'http://testserver/register/' not in body
def test_send_password_reset_email_disabled_account(app, simple_user, mailoutbox):
@ -185,7 +185,7 @@ def test_send_password_reset_email_disabled_account(app, simple_user, mailoutbox
def test_email_validation(app, db):
resp = app.get('/accounts/password/reset/')
resp = app.get('/password/reset/')
resp.form.set('email', 'coin@')
resp = resp.form.submit()
assert 'Enter a valid email address.' in resp

18
tests/test_registration.py
View File

@ -393,7 +393,7 @@ def test_attribute_model(app, db, settings, mailoutbox):
def test_registration_email_blacklist(app, settings, db):
def test_register(email):
response = app.get('/accounts/register/')
response = app.get('/register/')
assert 'email' in response.form.fields
response.form.set('email', email)
response = response.form.submit()
@ -427,7 +427,7 @@ def test_registration_confirm_data(app, settings, db, rf):
models.Attribute.objects.filter(name='first_name').update(required=False)
activation_url = utils_misc.build_activation_url(
rf.post('/accounts/register/'),
rf.post('/register/'),
email='john.doe@example.com',
next_url='/',
first_name='John',
@ -439,7 +439,7 @@ def test_registration_confirm_data(app, settings, db, rf):
response = app.get(activation_url, status=302)
activation_url = utils_misc.build_activation_url(
rf.post('/accounts/register/'),
rf.post('/register/'),
email='john.doe@example.com',
next_url='/',
last_name='Doe',
@ -452,7 +452,7 @@ def test_registration_confirm_data(app, settings, db, rf):
assert set(response.context['form'].fields.keys()) == {'first_name', 'last_name'}
activation_url = utils_misc.build_activation_url(
rf.post('/accounts/register/'),
rf.post('/register/'),
email='john.doe@example.com',
next_url='/',
last_name='Doe',
@ -630,7 +630,7 @@ def test_registration_activate_passwords_not_equal(app, db, settings, mailoutbox
def test_authentication_method(app, db, rf, hooks):
activation_url = utils_misc.build_activation_url(
rf.post('/accounts/register/'),
rf.post('/register/'),
email='john.doe@example.com',
next_url='/',
first_name='John',
@ -647,7 +647,7 @@ def test_authentication_method(app, db, rf, hooks):
assert hooks.calls['event'][-1]['kwargs']['how'] == 'email'
activation_url = utils_misc.build_activation_url(
rf.post('/accounts/register/'),
rf.post('/register/'),
email='jane.doe@example.com',
next_url='/',
first_name='Jane',
@ -691,7 +691,7 @@ def test_registration_no_email_full_profile_no_password(app, db, rf, mailoutbox)
'authentication_method': 'france-connect',
}
activation_url = utils_misc.build_activation_url(rf.post('/accounts/register/'), next_url='/', **data)
activation_url = utils_misc.build_activation_url(rf.post('/register/'), next_url='/', **data)
response = app.get(activation_url)
response.form.set('first_name', data['first_name'])
@ -778,7 +778,7 @@ def test_registration_email_not_verified_required_and_unrequired_attributes(app,
'authentication_method': 'france-connect',
}
activation_url = utils_misc.build_activation_url(rf.post('/accounts/register/'), next_url='/', **data)
activation_url = utils_misc.build_activation_url(rf.post('/register/'), next_url='/', **data)
response = app.get(activation_url)
response.form.set('first_name', data['first_name'])
@ -895,7 +895,7 @@ def test_registration_service_integration(app, service, settings):
service.home_url = 'https://portail.example.net/'
service.save()
response = app.get('/accounts/register/?next=https://portail.example.net/page/')
response = app.get('/register/?next=https://portail.example.net/page/')
assert app.session['home_url'] == 'https://portail.example.net/page/'
assert app.session['service_pk'] == service.pk
assert response.context['home_ou'] == service.ou

4
tests/test_utils.py
View File

@ -77,9 +77,9 @@ def test_same_origin():
def test_select_next_url(db, rf, settings):
request = rf.get('/accounts/register/', data={'next': '/admin/'})
request = rf.get('/register/', data={'next': '/admin/'})
assert select_next_url(request, '/') == '/admin/'
request = rf.get('/accounts/register/', data={'next': 'http://example.com/'})
request = rf.get('/register/', data={'next': 'http://example.com/'})
assert select_next_url(request, '/') == '/'
settings.A2_REDIRECT_WHITELIST = ['//example.com/']
assert select_next_url(request, '/') == 'http://example.com/'

7
tests/test_views.py
View File

@ -323,3 +323,10 @@ def test_set_home_url(settings, app, simple_user, service, monkeypatch):
assert app.session['service_pk'] == service.pk
app.get('/accounts/?next=https://not-example.com/')
assert 'service_pk' not in app.session
def test_redirected_views(app):
assert app.get('/accounts/register/').location == '/register/'
assert (
app.get('/accounts/password/reset/confirm/abcd1234/').location == '/password/reset/confirm/abcd1234/'
)