Exemple #1
0
 def test__safe_postlogin_redirect(self):
     self.assertEqual(
         _safe_postlogin_redirect("http://www.test.com", "www.test.com")["Location"], "http://www.test.com"
     )
     self.assertEqual(
         _safe_postlogin_redirect("http://www.other.com", "www.test.com")["Location"], "http://www.other.com"
     )
     self.assertEqual(_safe_postlogin_redirect("http://www.unsafe.com", "www.test.com")["Location"], "/")
Exemple #2
0
    def test__safe_postlogin_redirect(self):
        """
        Tests the _safe_postlogin_redirect function with different values of next
        """
        HOST = 'testserver'  # pylint: disable=C0103
        ONSITE1 = '/dashboard'  # pylint: disable=C0103
        ONSITE2 = '/courses/org/num/name/courseware'  # pylint: disable=C0103
        ONSITE3 = 'http://{}/my/custom/url'.format(HOST)  # pylint: disable=C0103
        OFFSITE1 = 'http://www.attacker.com'  # pylint: disable=C0103

        for redirect_to in [ONSITE1, ONSITE2, ONSITE3]:
            redir = _safe_postlogin_redirect(redirect_to, HOST)
            self.assertEqual(redir.status_code, 302)
            self.assertEqual(redir['location'], redirect_to)

        redir2 = _safe_postlogin_redirect(OFFSITE1, HOST)
        self.assertEqual(redir2.status_code, 302)
        self.assertEqual("/", redir2['location'])
Exemple #3
0
    def test__safe_postlogin_redirect(self):
        """
        Tests the _safe_postlogin_redirect function with different values of next
        """
        HOST = 'testserver'                               # pylint: disable=C0103
        ONSITE1 = '/dashboard'                            # pylint: disable=C0103
        ONSITE2 = '/courses/org/num/name/courseware'      # pylint: disable=C0103
        ONSITE3 = 'http://{}/my/custom/url'.format(HOST)  # pylint: disable=C0103
        OFFSITE1 = 'http://www.attacker.com'              # pylint: disable=C0103

        for redirect_to in [ONSITE1, ONSITE2, ONSITE3]:
            redir = _safe_postlogin_redirect(redirect_to, HOST)
            self.assertEqual(redir.status_code, 302)
            self.assertEqual(redir['location'], redirect_to)

        redir2 = _safe_postlogin_redirect(OFFSITE1, HOST)
        self.assertEqual(redir2.status_code, 302)
        self.assertEqual("/", redir2['location'])
Exemple #4
0
 def test__safe_postlogin_redirect(self):
     self.assertEqual(_safe_postlogin_redirect('http://www.test.com', 'www.test.com')['Location'], 'http://www.test.com')
     self.assertEqual(_safe_postlogin_redirect('http://www.other.com', 'www.test.com')['Location'], 'http://www.other.com')
     self.assertEqual(_safe_postlogin_redirect('http://www.unsafe.com', 'www.test.com')['Location'], '/')