Revision 5b65fb47 snf-astakos-app/astakos/im/tests/auth.py
b/snf-astakos-app/astakos/im/tests/auth.py | ||
---|---|---|
31 | 31 |
# interpreted as representing official policies, either expressed |
32 | 32 |
# or implied, of GRNET S.A. |
33 | 33 |
|
34 |
import urlparse |
|
35 |
import urllib |
|
36 |
|
|
34 | 37 |
from astakos.im.tests.common import * |
35 | 38 |
|
36 | 39 |
ui_url = lambda url: '/' + astakos_settings.BASE_PATH + '/ui/%s' % url |
... | ... | |
1297 | 1300 |
self.assertTrue(user.moderated_at) |
1298 | 1301 |
self.assertEqual(user.email_verified, True) |
1299 | 1302 |
self.assertTrue(user.activation_sent) |
1303 |
|
|
1304 |
|
|
1305 |
class TestWebloginRedirect(TestCase): |
|
1306 |
|
|
1307 |
@with_settings(settings, COOKIE_DOMAIN='.astakos.synnefo.org') |
|
1308 |
def test_restricts_domains(self): |
|
1309 |
get_local_user('user1@synnefo.org') |
|
1310 |
|
|
1311 |
# next url construct helpers |
|
1312 |
weblogin = lambda nxt: reverse('weblogin') + '?next=%s' % nxt |
|
1313 |
weblogin_quoted = lambda nxt: reverse('weblogin') + '?next=%s' % \ |
|
1314 |
urllib.quote_plus(nxt) |
|
1315 |
|
|
1316 |
# common cases |
|
1317 |
invalid_domain = weblogin("https://www.invaliddomain.synnefo.org") |
|
1318 |
invalid_scheme = weblogin("customscheme://localhost") |
|
1319 |
invalid_scheme_with_valid_domain = \ |
|
1320 |
weblogin("http://www.invaliddomain.com") |
|
1321 |
valid_scheme = weblogin("pithos://localhost/") |
|
1322 |
# to be used in assertRedirects |
|
1323 |
valid_scheme_quoted = weblogin_quoted("pithos://localhost/") |
|
1324 |
|
|
1325 |
# not authenticated, redirects to login which contains next param with |
|
1326 |
# additional nested quoted next params |
|
1327 |
r = self.client.get(valid_scheme, follow=True) |
|
1328 |
login_redirect = reverse('index') + '?next=' + \ |
|
1329 |
urllib.quote_plus("http://testserver" + valid_scheme_quoted) |
|
1330 |
self.assertRedirects(r, login_redirect) |
|
1331 |
|
|
1332 |
# authenticate client |
|
1333 |
self.client.login(username="user1@synnefo.org", password="password") |
|
1334 |
|
|
1335 |
# valid scheme |
|
1336 |
r = self.client.get(valid_scheme, follow=True) |
|
1337 |
self.assertEqual(len(r.redirect_chain), 3) |
|
1338 |
url = r.redirect_chain[1][0] |
|
1339 |
# scheme preserved |
|
1340 |
self.assertTrue(url.startswith('pithos://localhost/')) |
|
1341 |
# redirect contains token param |
|
1342 |
params = urlparse.urlparse(urlparse.urlparse(url).path, 'https').query |
|
1343 |
params = urlparse.parse_qs(params) |
|
1344 |
self.assertEqual(params['token'][0], |
|
1345 |
AstakosUser.objects.get().auth_token) |
|
1346 |
# does not contain uuid |
|
1347 |
self.assertFalse('uuid' in params) |
|
1348 |
|
|
1349 |
# invalid cases |
|
1350 |
r = self.client.get(invalid_scheme, follow=True) |
|
1351 |
self.assertEqual(r.status_code, 403) |
|
1352 |
|
|
1353 |
r = self.client.get(invalid_scheme_with_valid_domain, follow=True) |
|
1354 |
self.assertEqual(r.status_code, 403) |
|
1355 |
|
|
1356 |
r = self.client.get(invalid_domain, follow=True) |
|
1357 |
self.assertEqual(r.status_code, 403) |
Also available in: Unified diff