def test_login_next_parameter(self):
'''Test with a valid ?next=url parameter.'''
next = '/kb/new'
# Verify that next parameter is set in form hidden field.
response = self.client.get(urlparams(reverse('users.login'),
next=next))
eq_(200, response.status_code)
doc = pq(response.content)
eq_(next, doc('input[name="next"]')[0].attrib['value'])
# Verify that it gets used on form POST.
response = self.client.post(reverse('users.login'),
{'username': '******',
'password': '******',
'next': next})
eq_(302, response.status_code)
eq_('http://testserver' + next, response['location'])
def test_login_next_parameter(self):
'''Test with a valid ?next=url parameter.'''
next = '/kb/new'
# Verify that next parameter is set in form hidden field.
response = self.client.get(urlparams(reverse('users.login'),
next=next))
eq_(200, response.status_code)
doc = pq(response.content)
eq_(next, doc('input[name="next"]')[0].attrib['value'])
# Verify that it gets used on form POST.
response = self.client.post(reverse('users.login'), {
'username': '******',
'password': '******',
'next': next
})
eq_(302, response.status_code)
eq_('http://testserver' + next, response['location'])
def test_login_invalid_next_parameter(self, get_current):
'''Test with an invalid ?next=http://example.com parameter.'''
get_current.return_value.domain = 'testserver.com'
invalid_next = 'http://foobar.com/evil/'
valid_next = reverse('desktop.home', locale=settings.LANGUAGE_CODE)
# Verify that _valid_ next parameter is set in form hidden field.
response = self.client.get(urlparams(reverse('users.login'),
next=invalid_next))
eq_(200, response.status_code)
doc = pq(response.content)
eq_(valid_next, doc('input[name="next"]')[0].attrib['value'])
# Verify that it gets used on form POST.
response = self.client.post(reverse('users.login'),
{'username': '******',
'password': '******',
'next': invalid_next})
eq_(302, response.status_code)
eq_('http://testserver' + valid_next, response['location'])
def test_login_invalid_next_parameter(self, get_current):
'''Test with an invalid ?next=http://example.com parameter.'''
get_current.return_value.domain = 'testserver.com'
invalid_next = 'http://foobar.com/evil/'
valid_next = reverse('desktop.home', locale=settings.LANGUAGE_CODE)
# Verify that _valid_ next parameter is set in form hidden field.
response = self.client.get(
urlparams(reverse('users.login'), next=invalid_next))
eq_(200, response.status_code)
doc = pq(response.content)
eq_(valid_next, doc('input[name="next"]')[0].attrib['value'])
# Verify that it gets used on form POST.
response = self.client.post(reverse('users.login'), {
'username': '******',
'password': '******',
'next': invalid_next
})
eq_(302, response.status_code)
eq_('http://testserver' + valid_next, response['location'])
def _social_sharing_url(self, service):
# django_reverse used instead of reverse because we don't want a locale preprended to sharing links.
url = urlparams(django_reverse('desktop.user', args=[self.user.username]),
f=service)
return absolute_url(url)
def generic_sharing_url(self):
url = urlparams(django_reverse('desktop.user', args=[self.user.username]))
return absolute_url(url)
def qr_code_download(self):
"""Returns the URL of a QR code which, when scanned, points to: https://[domain]/download?f=qr&user=[username]
"""
url = absolute_url(urlparams(django_reverse('sharing.download'), user=self.user.username))
return sharing_utils.url2qr(url)
