def test_login_view_validates_next_url(dangerous_redirect): """Tests that login view checks redirect URLs for safety.""" login_url = reverse('admin:login') request = get_request_with_session( f'{login_url}?next={dangerous_redirect}', ) response = login(request) assert response.status_code == status.HTTP_302_FOUND assert extract_next_url_from_redirect_url(response.url) is None
def test_login_view_redirects_with_next_url(): """Tests that login view redirects to Staff SSO with next URL.""" login_url = reverse('admin:login') request = get_request_with_session(f'{login_url}?next=/protected-area') response = login(request) assert response.status_code == status.HTTP_302_FOUND next_url = extract_next_url_from_redirect_url(response.url) assert next_url == '/protected-area'
def test_login_view_redirects_to_sso_auth_url(_uuid4): """Tests that login view redirects to Staff SSO Auth URL.""" _uuid4.return_value = UUID('d20141b7-2dcf-445f-9875-e3e6a2d610a4') request = get_request_with_session(reverse('admin:login')) response = login(request) oauth_url_params = { 'response_type': 'code', 'client_id': settings.ADMIN_OAUTH2_CLIENT_ID, 'redirect_uri': request.build_absolute_uri(reverse('admin_oauth_callback')), 'state': str(_uuid4.return_value), 'idp': 'cirrus', } redirect_url = urljoin(settings.ADMIN_OAUTH2_BASE_URL, settings.ADMIN_OAUTH2_AUTH_PATH) expected_url = f'{redirect_url}?{urlencode(oauth_url_params)}' assert response.status_code == status.HTTP_302_FOUND assert response.url == expected_url assert request.session['oauth.state'] == str(_uuid4.return_value)
def test_login_view_redirects_to_sso_auth_url(_token_urlsafe): """Tests that login view redirects to Staff SSO Auth URL.""" _token_urlsafe.return_value = 'aZFsiJfbDLF9bwve8f2HTBeC1rCnhFUn4K6c_iq-wLo' request = get_request_with_session(reverse('admin:login')) response = login(request) oauth_url_params = { 'response_type': 'code', 'client_id': settings.ADMIN_OAUTH2_CLIENT_ID, 'redirect_uri': request.build_absolute_uri(reverse('admin_oauth_callback')), 'state': _token_urlsafe.return_value, 'idp': 'cirrus', } redirect_url = urljoin(settings.ADMIN_OAUTH2_BASE_URL, settings.ADMIN_OAUTH2_AUTH_PATH) expected_url = f'{redirect_url}?{urlencode(oauth_url_params)}' assert response.status_code == status.HTTP_302_FOUND assert response.url == expected_url assert request.session['oauth.state'] == _token_urlsafe.return_value
def login(self, request, extra_context=None): """Replace login view.""" return login(request)