def test_redirect_uri(app_rest): """Test redirect uri.""" with app_rest.test_client() as client: # Test redirect resp = client.get( url_for( 'invenio_oauthclient.rest_login', remote_app='test', next='http://inveniosoftware.org')) assert resp.status_code == 302 # Verify parameters params = parse_qs(urlparse(resp.location).query) assert params['response_type'] == ['code'] assert params['client_id'] == ['testid'] assert params['redirect_uri'] assert params['state'] # Verify next parameter in state token does not allow blanco redirects state = serializer.loads(params['state'][0]) assert state['next'] is None # Assert redirect uri does not have any parameters. params = parse_qs(urlparse(params['redirect_uri'][0]).query) assert params == {} # Assert that local redirects are allowed test_urls = [ '/', '/search' ] for url in test_urls: resp = client.get( url_for( 'invenio_oauthclient.rest_login', remote_app='test', next=url)) check_response_redirect_url(resp, url) # Assert that absolute redirects are allowed only if # `APP_ALLOWED_HOSTS` is set and includes them. Otherwise, the relative # path of the url is extracted and returned. Note if you need to # redirect to index page you should pass '/' as next parameter. test_url = 'http://inveniosoftware.org/test' resp = client.get( url_for( 'invenio_oauthclient.rest_login', remote_app='test', next=test_url)) check_response_redirect_url(resp, urlparse(test_url).path) app_rest.config.update({"APP_ALLOWED_HOSTS": ["inveniosoftware.org"]}) resp = client.get( url_for( 'invenio_oauthclient.rest_login', remote_app='test', next=test_url)) check_response_redirect_url(resp, test_url)
def test_redirect_uri(): """Test redirect uri.""" app = setup_app() with app.test_client() as client: # Test redirect resp = client.get( url_for("invenio_oauthclient.login", remote_app='test', next='http://invenio-software.org') ) assert resp.status_code == 302 # Verify parameters params = parse_qs(urlparse(resp.location).query) assert params['response_type'] == ['code'] assert params['client_id'] == ['testid'] assert params['redirect_uri'] assert params['state'] # Verify next parameter in state token does not allow blanco redirects state = serializer.loads(params['state'][0]) assert state['next'] is None # Assert redirect uri does not have any parameters. params = parse_qs(urlparse(params['redirect_uri'][0]).query) assert params == {} # Assert that local redirects are allowed test_urls = [ '/search', url_for('invenio_oauthclient.disconnect', remote_app='test', _external=True) ] for url in test_urls: resp = client.get( url_for("invenio_oauthclient.login", remote_app='test', next=url) ) assert resp.status_code == 302 state = serializer.loads( parse_qs(urlparse(resp.location).query)['state'][0] ) assert url == state['next']
def test_redirect_uri(views_fixture): """Test redirect uri.""" app = views_fixture with app.test_client() as client: # Test redirect resp = client.get( url_for("invenio_oauthclient.login", remote_app='test', next='http://invenio-software.org')) assert resp.status_code == 302 # Verify parameters params = parse_qs(urlparse(resp.location).query) assert params['response_type'] == ['code'] assert params['client_id'] == ['testid'] assert params['redirect_uri'] assert params['state'] # Verify next parameter in state token does not allow blanco redirects state = serializer.loads(params['state'][0]) assert state['next'] is None # Assert redirect uri does not have any parameters. params = parse_qs(urlparse(params['redirect_uri'][0]).query) assert params == {} # Assert that local redirects are allowed test_urls = [ '/search', url_for('invenio_oauthclient.disconnect', remote_app='test', _external=True) ] for url in test_urls: resp = client.get( url_for("invenio_oauthclient.login", remote_app='test', next=url)) assert resp.status_code == 302 state = serializer.loads( parse_qs(urlparse(resp.location).query)['state'][0]) assert url == state['next']
def test_redirect_uri(self): from invenio_oauthclient.views.client import serializer # Test redirect resp = self.client.get( url_for("oauthclient.login", remote_app='test', next='http://invenio-software.org') ) self.assertStatus(resp, 302) # Verify parameters params = parse_qs(urlparse(resp.location).query) self.assertEqual(params['response_type'], ['code']) self.assertEqual(params['client_id'], ['testid']) assert params['redirect_uri'] assert params['state'] # Verify next parameter in state token does not allow blanco redirects state = serializer.loads(params['state'][0]) self.assertIsNone(state['next']) # Assert redirect uri does not have any parameters. params = parse_qs(urlparse(params['redirect_uri'][0]).query) self.assertEqual(params, {}) # Assert that local redirects are allowed test_urls = [ '/search', url_for('oauthclient.disconnect', remote_app='test', _external=True) ] for url in test_urls: resp = self.client.get( url_for("oauthclient.login", remote_app='test', next=url) ) self.assertStatus(resp, 302) state = serializer.loads( parse_qs(urlparse(resp.location).query)['state'][0] ) self.assertEqual(url, state['next'])
def test_redirect_uri(self): from invenio_oauthclient.views.client import serializer # Test redirect resp = self.client.get( url_for("oauthclient.login", remote_app='test', next='http://invenio-software.org')) self.assertStatus(resp, 302) # Verify parameters params = parse_qs(urlparse(resp.location).query) self.assertEqual(params['response_type'], ['code']) self.assertEqual(params['client_id'], ['testid']) assert params['redirect_uri'] assert params['state'] # Verify next parameter in state token does not allow blanco redirects state = serializer.loads(params['state'][0]) self.assertIsNone(state['next']) # Assert redirect uri does not have any parameters. params = parse_qs(urlparse(params['redirect_uri'][0]).query) self.assertEqual(params, {}) # Assert that local redirects are allowed test_urls = [ '/search', url_for('oauthclient.disconnect', remote_app='test', _external=True) ] for url in test_urls: resp = self.client.get( url_for("oauthclient.login", remote_app='test', next=url)) self.assertStatus(resp, 302) state = serializer.loads( parse_qs(urlparse(resp.location).query)['state'][0]) self.assertEqual(url, state['next'])
def check_response_redirect_url(response, expected_url): """Check response redirect url.""" assert response.status_code == 302 state = serializer.loads( parse_qs(urlparse(response.location).query)['state'][0]) assert expected_url == state['next']