allow redirection after sso (#19350)
This commit is contained in:
parent
e6a1342392
commit
462211e672
|
@ -6,7 +6,7 @@
|
|||
<body>
|
||||
Please wait...
|
||||
<br/>
|
||||
<iframe id="post-login-frame" src="{% url 'post-login-do' %}" style="display: none;">
|
||||
<iframe id="post-login-frame" src="{% url 'post-login-do' %}{% if next_url %}?next_url={{ next_url|iriencode }}{% endif %}" style="display: none;">
|
||||
</iframe>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -95,8 +95,8 @@ def post_login(request, *args, **kwargs):
|
|||
logger.debug(credentials)
|
||||
except (UserCredentials.DoesNotExist,):
|
||||
return HttpResponseRedirect(resolve_url('associate'))
|
||||
|
||||
return render(request, 'mandaye/post-login.html', {})
|
||||
next_url = request.GET.get('next_url')
|
||||
return render(request, 'mandaye/post-login.html', {'next_url': next_url})
|
||||
|
||||
|
||||
@login_required
|
||||
|
@ -170,6 +170,9 @@ def post_login_do(request, *args, **kwargs):
|
|||
credentials.save()
|
||||
url = result.get('url', '/')
|
||||
|
||||
# redirect user only if SSO successful
|
||||
if request.GET.get('next_url') and result['result'] == 'ok':
|
||||
url = request.GET['next_url']
|
||||
template = Template('<script type="text/javascript">\
|
||||
window.top.location = "{{url}}";</script>')
|
||||
context = RequestContext(request, {'url': url})
|
||||
|
|
|
@ -370,3 +370,42 @@ def test_enclosed_response(mocked_popen):
|
|||
mocked_popen.return_value = MockedPopen(expected_output=('<mandayejs></mandayejs>', None))
|
||||
result = exec_phantom(LOGIN_INFO)
|
||||
assert result['result'] == 'json_error'
|
||||
|
||||
|
||||
@mock.patch('mandayejs.mandaye.utils.subprocess.Popen')
|
||||
@mock.patch('mandayejs.applications.Test.SITE_LOCATORS', MOCKED_SITE_LOCATORS)
|
||||
def test_post_login_do_with_next_url(mocked_popen, user_john):
|
||||
# when sso fails
|
||||
expected_output = {
|
||||
"result": "redirect",
|
||||
"reason": "password change required",
|
||||
"url": "http://mydomain.com/update_password.aspx"
|
||||
}
|
||||
expected_output = '<mandayejs>%s</mandayejs>' % json.dumps(expected_output)
|
||||
mocked_popen.return_value = MockedPopen(expected_output=(expected_output, None))
|
||||
|
||||
UserCredentials.objects.create(user=user_john,
|
||||
locators={
|
||||
'login': 'johnny', 'password': 'jumper',
|
||||
'birth_date': '1995-06-11'})
|
||||
|
||||
request = RequestFactory()
|
||||
url = '%s?next=http://example.net/' % reverse('post-login-do')
|
||||
request = request.get(url)
|
||||
request.user = user_john
|
||||
response = post_login_do(request)
|
||||
assert 'window.top.location = "http://example.net/"' not in response.content
|
||||
|
||||
# when SSO succeeds
|
||||
expected_output = {
|
||||
"result": "ok",
|
||||
"url": "http://mydomain.com/account.aspx"
|
||||
}
|
||||
expected_output = '<mandayejs>%s</mandayejs>' % json.dumps(expected_output)
|
||||
mocked_popen.return_value = MockedPopen(expected_output=(expected_output, None))
|
||||
request = RequestFactory()
|
||||
url = '%s?next_url=http://example.net/' % reverse('post-login-do')
|
||||
request = request.get(url)
|
||||
request.user = user_john
|
||||
response = post_login_do(request)
|
||||
assert 'window.top.location = "http://example.net/"' in response.content
|
||||
|
|
Reference in New Issue