def test_redirect_uri(app_rest):
"""Test redirect uri."""
with app_rest.test_client() as client:
# Test redirect
resp = client.get(
url_for(
'invenio_oauthclient.rest_login',
remote_app='test',
next='http://inveniosoftware.org'))
assert resp.status_code == 302
# Verify parameters
params = parse_qs(urlparse(resp.location).query)
assert params['response_type'] == ['code']
assert params['client_id'] == ['testid']
assert params['redirect_uri']
assert params['state']
# Verify next parameter in state token does not allow blanco redirects
state = serializer.loads(params['state'][0])
assert state['next'] is None
# Assert redirect uri does not have any parameters.
params = parse_qs(urlparse(params['redirect_uri'][0]).query)
assert params == {}
# Assert that local redirects are allowed
test_urls = [
'/',
'/search'
]
for url in test_urls:
resp = client.get(
url_for(
'invenio_oauthclient.rest_login',
remote_app='test', next=url))
check_response_redirect_url(resp, url)
# Assert that absolute redirects are allowed only if
# `APP_ALLOWED_HOSTS` is set and includes them. Otherwise, the relative
# path of the url is extracted and returned. Note if you need to
# redirect to index page you should pass '/' as next parameter.
test_url = 'http://inveniosoftware.org/test'
resp = client.get(
url_for(
'invenio_oauthclient.rest_login',
remote_app='test', next=test_url))
check_response_redirect_url(resp, urlparse(test_url).path)
app_rest.config.update({"APP_ALLOWED_HOSTS": ["inveniosoftware.org"]})
resp = client.get(
url_for(
'invenio_oauthclient.rest_login',
remote_app='test', next=test_url))
check_response_redirect_url(resp, test_url)
def test_redirect_uri():
"""Test redirect uri."""
app = setup_app()
with app.test_client() as client:
# Test redirect
resp = client.get(
url_for("invenio_oauthclient.login", remote_app='test',
next='http://invenio-software.org')
)
assert resp.status_code == 302
# Verify parameters
params = parse_qs(urlparse(resp.location).query)
assert params['response_type'] == ['code']
assert params['client_id'] == ['testid']
assert params['redirect_uri']
assert params['state']
# Verify next parameter in state token does not allow blanco redirects
state = serializer.loads(params['state'][0])
assert state['next'] is None
# Assert redirect uri does not have any parameters.
params = parse_qs(urlparse(params['redirect_uri'][0]).query)
assert params == {}
# Assert that local redirects are allowed
test_urls = [
'/search',
url_for('invenio_oauthclient.disconnect', remote_app='test',
_external=True)
]
for url in test_urls:
resp = client.get(
url_for("invenio_oauthclient.login", remote_app='test',
next=url)
)
assert resp.status_code == 302
state = serializer.loads(
parse_qs(urlparse(resp.location).query)['state'][0]
)
assert url == state['next']
def test_redirect_uri(views_fixture):
"""Test redirect uri."""
app = views_fixture
with app.test_client() as client:
# Test redirect
resp = client.get(
url_for("invenio_oauthclient.login",
remote_app='test',
next='http://invenio-software.org'))
assert resp.status_code == 302
# Verify parameters
params = parse_qs(urlparse(resp.location).query)
assert params['response_type'] == ['code']
assert params['client_id'] == ['testid']
assert params['redirect_uri']
assert params['state']
# Verify next parameter in state token does not allow blanco redirects
state = serializer.loads(params['state'][0])
assert state['next'] is None
# Assert redirect uri does not have any parameters.
params = parse_qs(urlparse(params['redirect_uri'][0]).query)
assert params == {}
# Assert that local redirects are allowed
test_urls = [
'/search',
url_for('invenio_oauthclient.disconnect',
remote_app='test',
_external=True)
]
for url in test_urls:
resp = client.get(
url_for("invenio_oauthclient.login",
remote_app='test',
next=url))
assert resp.status_code == 302
state = serializer.loads(
parse_qs(urlparse(resp.location).query)['state'][0])
assert url == state['next']
def test_redirect_uri(self):
from invenio_oauthclient.views.client import serializer
# Test redirect
resp = self.client.get(
url_for("oauthclient.login", remote_app='test',
next='http://invenio-software.org')
)
self.assertStatus(resp, 302)
# Verify parameters
params = parse_qs(urlparse(resp.location).query)
self.assertEqual(params['response_type'], ['code'])
self.assertEqual(params['client_id'], ['testid'])
assert params['redirect_uri']
assert params['state']
# Verify next parameter in state token does not allow blanco redirects
state = serializer.loads(params['state'][0])
self.assertIsNone(state['next'])
# Assert redirect uri does not have any parameters.
params = parse_qs(urlparse(params['redirect_uri'][0]).query)
self.assertEqual(params, {})
# Assert that local redirects are allowed
test_urls = [
'/search',
url_for('oauthclient.disconnect', remote_app='test',
_external=True)
]
for url in test_urls:
resp = self.client.get(
url_for("oauthclient.login", remote_app='test', next=url)
)
self.assertStatus(resp, 302)
state = serializer.loads(
parse_qs(urlparse(resp.location).query)['state'][0]
)
self.assertEqual(url, state['next'])
def test_redirect_uri(self):
from invenio_oauthclient.views.client import serializer
# Test redirect
resp = self.client.get(
url_for("oauthclient.login",
remote_app='test',
next='http://invenio-software.org'))
self.assertStatus(resp, 302)
# Verify parameters
params = parse_qs(urlparse(resp.location).query)
self.assertEqual(params['response_type'], ['code'])
self.assertEqual(params['client_id'], ['testid'])
assert params['redirect_uri']
assert params['state']
# Verify next parameter in state token does not allow blanco redirects
state = serializer.loads(params['state'][0])
self.assertIsNone(state['next'])
# Assert redirect uri does not have any parameters.
params = parse_qs(urlparse(params['redirect_uri'][0]).query)
self.assertEqual(params, {})
# Assert that local redirects are allowed
test_urls = [
'/search',
url_for('oauthclient.disconnect',
remote_app='test',
_external=True)
]
for url in test_urls:
resp = self.client.get(
url_for("oauthclient.login", remote_app='test', next=url))
self.assertStatus(resp, 302)
state = serializer.loads(
parse_qs(urlparse(resp.location).query)['state'][0])
self.assertEqual(url, state['next'])
def check_response_redirect_url(response, expected_url):
"""Check response redirect url."""
assert response.status_code == 302
state = serializer.loads(
parse_qs(urlparse(response.location).query)['state'][0])
assert expected_url == state['next']
