Beispiel #1
0
def test_redirect_uri(app_rest):
    """Test redirect uri."""
    with app_rest.test_client() as client:
        # Test redirect
        resp = client.get(
            url_for(
                'invenio_oauthclient.rest_login',
                remote_app='test',
                next='http://inveniosoftware.org'))
        assert resp.status_code == 302

        # Verify parameters
        params = parse_qs(urlparse(resp.location).query)
        assert params['response_type'] == ['code']
        assert params['client_id'] == ['testid']
        assert params['redirect_uri']
        assert params['state']

        # Verify next parameter in state token does not allow blanco redirects
        state = serializer.loads(params['state'][0])
        assert state['next'] is None

        # Assert redirect uri does not have any parameters.
        params = parse_qs(urlparse(params['redirect_uri'][0]).query)
        assert params == {}

        # Assert that local redirects are allowed
        test_urls = [
            '/',
            '/search'
        ]
        for url in test_urls:
            resp = client.get(
                url_for(
                    'invenio_oauthclient.rest_login',
                    remote_app='test', next=url))
            check_response_redirect_url(resp, url)

        # Assert that absolute redirects are allowed only if
        # `APP_ALLOWED_HOSTS` is set and includes them. Otherwise, the relative
        # path of the url is extracted and returned. Note if you need to
        # redirect to index page you should pass '/' as next parameter.

        test_url = 'http://inveniosoftware.org/test'

        resp = client.get(
            url_for(
                'invenio_oauthclient.rest_login',
                remote_app='test', next=test_url))

        check_response_redirect_url(resp, urlparse(test_url).path)

        app_rest.config.update({"APP_ALLOWED_HOSTS": ["inveniosoftware.org"]})

        resp = client.get(
            url_for(
                'invenio_oauthclient.rest_login',
                remote_app='test', next=test_url))

        check_response_redirect_url(resp, test_url)
def test_redirect_uri():
    """Test redirect uri."""
    app = setup_app()
    with app.test_client() as client:
        # Test redirect
        resp = client.get(
            url_for("invenio_oauthclient.login", remote_app='test',
                    next='http://invenio-software.org')
        )
        assert resp.status_code == 302

        # Verify parameters
        params = parse_qs(urlparse(resp.location).query)
        assert params['response_type'] == ['code']
        assert params['client_id'] == ['testid']
        assert params['redirect_uri']
        assert params['state']

        # Verify next parameter in state token does not allow blanco redirects
        state = serializer.loads(params['state'][0])
        assert state['next'] is None

        # Assert redirect uri does not have any parameters.
        params = parse_qs(urlparse(params['redirect_uri'][0]).query)
        assert params == {}

        # Assert that local redirects are allowed
        test_urls = [
            '/search',
            url_for('invenio_oauthclient.disconnect', remote_app='test',
                    _external=True)
        ]
        for url in test_urls:
            resp = client.get(
                url_for("invenio_oauthclient.login", remote_app='test',
                        next=url)
            )
            assert resp.status_code == 302
            state = serializer.loads(
                parse_qs(urlparse(resp.location).query)['state'][0]
            )
            assert url == state['next']
Beispiel #3
0
def test_redirect_uri(views_fixture):
    """Test redirect uri."""
    app = views_fixture
    with app.test_client() as client:
        # Test redirect
        resp = client.get(
            url_for("invenio_oauthclient.login",
                    remote_app='test',
                    next='http://invenio-software.org'))
        assert resp.status_code == 302

        # Verify parameters
        params = parse_qs(urlparse(resp.location).query)
        assert params['response_type'] == ['code']
        assert params['client_id'] == ['testid']
        assert params['redirect_uri']
        assert params['state']

        # Verify next parameter in state token does not allow blanco redirects
        state = serializer.loads(params['state'][0])
        assert state['next'] is None

        # Assert redirect uri does not have any parameters.
        params = parse_qs(urlparse(params['redirect_uri'][0]).query)
        assert params == {}

        # Assert that local redirects are allowed
        test_urls = [
            '/search',
            url_for('invenio_oauthclient.disconnect',
                    remote_app='test',
                    _external=True)
        ]
        for url in test_urls:
            resp = client.get(
                url_for("invenio_oauthclient.login",
                        remote_app='test',
                        next=url))
            assert resp.status_code == 302
            state = serializer.loads(
                parse_qs(urlparse(resp.location).query)['state'][0])
            assert url == state['next']
    def test_redirect_uri(self):
        from invenio_oauthclient.views.client import serializer

        # Test redirect
        resp = self.client.get(
            url_for("oauthclient.login", remote_app='test',
                    next='http://invenio-software.org')
        )
        self.assertStatus(resp, 302)

        # Verify parameters
        params = parse_qs(urlparse(resp.location).query)
        self.assertEqual(params['response_type'], ['code'])
        self.assertEqual(params['client_id'], ['testid'])
        assert params['redirect_uri']
        assert params['state']

        # Verify next parameter in state token does not allow blanco redirects
        state = serializer.loads(params['state'][0])
        self.assertIsNone(state['next'])

        # Assert redirect uri does not have any parameters.
        params = parse_qs(urlparse(params['redirect_uri'][0]).query)
        self.assertEqual(params, {})

        # Assert that local redirects are allowed
        test_urls = [
            '/search',
            url_for('oauthclient.disconnect', remote_app='test',
                    _external=True)
        ]
        for url in test_urls:
            resp = self.client.get(
                url_for("oauthclient.login", remote_app='test', next=url)
            )
            self.assertStatus(resp, 302)
            state = serializer.loads(
                parse_qs(urlparse(resp.location).query)['state'][0]
            )
            self.assertEqual(url, state['next'])
Beispiel #5
0
    def test_redirect_uri(self):
        from invenio_oauthclient.views.client import serializer

        # Test redirect
        resp = self.client.get(
            url_for("oauthclient.login",
                    remote_app='test',
                    next='http://invenio-software.org'))
        self.assertStatus(resp, 302)

        # Verify parameters
        params = parse_qs(urlparse(resp.location).query)
        self.assertEqual(params['response_type'], ['code'])
        self.assertEqual(params['client_id'], ['testid'])
        assert params['redirect_uri']
        assert params['state']

        # Verify next parameter in state token does not allow blanco redirects
        state = serializer.loads(params['state'][0])
        self.assertIsNone(state['next'])

        # Assert redirect uri does not have any parameters.
        params = parse_qs(urlparse(params['redirect_uri'][0]).query)
        self.assertEqual(params, {})

        # Assert that local redirects are allowed
        test_urls = [
            '/search',
            url_for('oauthclient.disconnect',
                    remote_app='test',
                    _external=True)
        ]
        for url in test_urls:
            resp = self.client.get(
                url_for("oauthclient.login", remote_app='test', next=url))
            self.assertStatus(resp, 302)
            state = serializer.loads(
                parse_qs(urlparse(resp.location).query)['state'][0])
            self.assertEqual(url, state['next'])
Beispiel #6
0
def check_response_redirect_url(response, expected_url):
    """Check response redirect url."""
    assert response.status_code == 302
    state = serializer.loads(
        parse_qs(urlparse(response.location).query)['state'][0])
    assert expected_url == state['next']