Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
itminedu
synnefo
Commits
adfa2b0a
Commit
adfa2b0a
authored
Jun 11, 2013
by
Kostas Papadimitriou
Browse files
astakos: Updated tests
include weblogin view tests
parent
efb324c1
Changes
3
Hide whitespace changes
Inline
Side-by-side
snf-astakos-app/astakos/im/tests/auth.py
View file @
adfa2b0a
...
...
@@ -31,6 +31,9 @@
# interpreted as representing official policies, either expressed
# or implied, of GRNET S.A.
import
urlparse
import
urllib
from
astakos.im.tests.common
import
*
ui_url
=
lambda
url
:
'/'
+
astakos_settings
.
BASE_PATH
+
'/ui/%s'
%
url
...
...
@@ -1297,3 +1300,58 @@ class TestActivationBackend(TestCase):
self
.
assertTrue
(
user
.
moderated_at
)
self
.
assertEqual
(
user
.
email_verified
,
True
)
self
.
assertTrue
(
user
.
activation_sent
)
class
TestWebloginRedirect
(
TestCase
):
@
with_settings
(
settings
,
COOKIE_DOMAIN
=
'.astakos.synnefo.org'
)
def
test_restricts_domains
(
self
):
get_local_user
(
'user1@synnefo.org'
)
# next url construct helpers
weblogin
=
lambda
nxt
:
reverse
(
'weblogin'
)
+
'?next=%s'
%
nxt
weblogin_quoted
=
lambda
nxt
:
reverse
(
'weblogin'
)
+
'?next=%s'
%
\
urllib
.
quote_plus
(
nxt
)
# common cases
invalid_domain
=
weblogin
(
"https://www.invaliddomain.synnefo.org"
)
invalid_scheme
=
weblogin
(
"customscheme://localhost"
)
invalid_scheme_with_valid_domain
=
\
weblogin
(
"http://www.invaliddomain.com"
)
valid_scheme
=
weblogin
(
"pithos://localhost/"
)
# to be used in assertRedirects
valid_scheme_quoted
=
weblogin_quoted
(
"pithos://localhost/"
)
# not authenticated, redirects to login which contains next param with
# additional nested quoted next params
r
=
self
.
client
.
get
(
valid_scheme
,
follow
=
True
)
login_redirect
=
reverse
(
'index'
)
+
'?next='
+
\
urllib
.
quote_plus
(
"http://testserver"
+
valid_scheme_quoted
)
self
.
assertRedirects
(
r
,
login_redirect
)
# authenticate client
self
.
client
.
login
(
username
=
"user1@synnefo.org"
,
password
=
"password"
)
# valid scheme
r
=
self
.
client
.
get
(
valid_scheme
,
follow
=
True
)
self
.
assertEqual
(
len
(
r
.
redirect_chain
),
3
)
url
=
r
.
redirect_chain
[
1
][
0
]
# scheme preserved
self
.
assertTrue
(
url
.
startswith
(
'pithos://localhost/'
))
# redirect contains token param
params
=
urlparse
.
urlparse
(
urlparse
.
urlparse
(
url
).
path
,
'https'
).
query
params
=
urlparse
.
parse_qs
(
params
)
self
.
assertEqual
(
params
[
'token'
][
0
],
AstakosUser
.
objects
.
get
().
auth_token
)
# does not contain uuid
self
.
assertFalse
(
'uuid'
in
params
)
# invalid cases
r
=
self
.
client
.
get
(
invalid_scheme
,
follow
=
True
)
self
.
assertEqual
(
r
.
status_code
,
403
)
r
=
self
.
client
.
get
(
invalid_scheme_with_valid_domain
,
follow
=
True
)
self
.
assertEqual
(
r
.
status_code
,
403
)
r
=
self
.
client
.
get
(
invalid_domain
,
follow
=
True
)
self
.
assertEqual
(
r
.
status_code
,
403
)
snf-astakos-app/astakos/im/util.py
View file @
adfa2b0a
...
...
@@ -112,9 +112,9 @@ def restrict_next(url, domain=None, allowed_schemes=()):
redirect location of an http redirect response. The method parses the
provided url and identifies if it conforms CORS against provided domain
AND url scheme matches any of the schemes in `allowed_schemes` parameter.
If verirication succeeds sanitized safe url is returned
so you must use
the method's res
ponse
in the response location header and not the
originally
provided url. If verification fails the method returns None.
If verirication succeeds sanitized safe url is returned
. Consider using
the method's res
ult
in the response location header and not the
originally
provided url. If verification fails the method returns None.
>>> print restrict_next('/im/feedback', '.okeanos.grnet.gr')
/im/feedback
...
...
@@ -162,6 +162,7 @@ def restrict_next(url, domain=None, allowed_schemes=()):
if
not
domain
and
not
allowed_schemes
:
return
url
# domain validation
if
domain
:
if
not
parts
.
netloc
:
return
url
...
...
@@ -170,6 +171,7 @@ def restrict_next(url, domain=None, allowed_schemes=()):
else
:
return
None
# scheme validation
if
allowed_schemes
:
if
parts
.
scheme
in
allowed_schemes
:
return
url
...
...
snf-astakos-app/astakos/im/weblogin_urls.py
View file @
adfa2b0a
...
...
@@ -34,5 +34,6 @@
from
django.conf.urls.defaults
import
patterns
,
url
urlpatterns
=
(
url
(
r
'^login$'
,
'astakos.im.views.target.redirect.login'
),
url
(
r
'^login$'
,
'astakos.im.views.target.redirect.login'
,
name
=
"weblogin"
),
)
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment