include query string in password change uri (#20750)

2017-12-15 16:55:18 +01:00 · 2017-12-15 16:55:18 +01:00 · 411d6159fe
parent 60791f2420
commit 411d6159fe
2 changed files with 16 additions and 6 deletions
--- a/mandayejs/mandaye/views.py
+++ b/mandayejs/mandaye/views.py
@ -17,7 +17,7 @@
 from __future__ import absolute_import

 import logging
-from urlparse import urlparse
+import urlparse

 from django.contrib.auth.models import User
 from django.contrib.auth.decorators import login_required
@ -172,8 +172,8 @@ def post_login_do(request, *args, **kwargs):
        messages.error(request, _('invalid response from server'))
        url = resolve_url('associate')
    elif result.get('result') == 'redirect':
-        url = urlparse(result.get('url', '/'))
-        url = url.path
+        url = urlparse.urlsplit(result.get('url', '/'))
+        url = urlparse.urlunsplit((None, None, url.path, url.query, url.fragment))
    else:
        credentials.linked = True
        credentials.save()
--- a/tests/test_mandayejs.py
+++ b/tests/test_mandayejs.py
@ -333,13 +333,20 @@ def test_credentials_json_encoding(user_john):
    assert cred.locators['birth_date'] == '1995-06-11'


+@pytest.fixture(params=[
+    {'url1': 'http://mydomain.com/update_password.aspx'},
+    {'url2': 'http://mydomain.com/index?path=change_pass'}])
+def redirect_url(request):
+    return request.param
+
+
@mock.patch('mandayejs.mandaye.utils.subprocess.Popen')
@mock.patch('mandayejs.applications.Test.SITE_LOCATORS', MOCKED_SITE_LOCATORS)
-def test_post_login_do(mocked_popen, user_john):
+def test_password_redirection(mocked_popen, user_john, redirect_url):
    expected_output = {
        "result": "redirect",
        "reason": "password change required",
-        "url": "http://mydomain.com/update_password.aspx"
+        "url": redirect_url.get('url1') or redirect_url.get('url2')
    }
    expected_output = '<mandayejs>%s</mandayejs>' % json.dumps(expected_output)
    mocked_popen.return_value = MockedPopen(expected_output=(expected_output, None))
@ -353,7 +360,10 @@ def test_post_login_do(mocked_popen, user_john):
    request = request.get(reverse('post-login-do'))
    request.user = user_john
    response = post_login_do(request)
-    assert 'window.top.location = "/update_password.aspx"' in response.content
+    if 'url1' in redirect_url:
+        assert 'window.top.location = "/update_password.aspx"' in response.content
+    else:
+        assert 'window.top.location = "/index?path=change_pass"' in response.content


@mock.patch('mandayejs.mandaye.utils.subprocess.Popen')