def cantGetWrongClaimURL(self): with self.settings(BADGEKIT_API_URL="http://example.com/", BADGEKIT_VERIFY_ASSERTION_URL=True): resp = self.client.get( views.create_claim_url(b"http://evil.com/angle")) self.assertEqual(resp.status_code, 400)
def testBracketsDoNotAppear(self): register_dummy() url = views.create_claim_url(b"http://example.com/angle<angle>angle") resp = self.client.get(url) self.assertFalse(b"angle<" in resp.content) self.assertFalse(b"angle>" in resp.content)
def testMoreChars(self): register_dummy() url = views.create_claim_url(b"http://example.com/semi;dquote\"") resp = self.client.get(url) self.assertFalse(b'dquote"' in resp.content)
def testCanGetClaimPage(self): register_dummy() url = views.create_claim_url(b'http://example.com/assertion.json') resp = self.client.get(url) self.assertEqual(resp.status_code, 200)
def testQuotesDoNotAppear(self): register_dummy() url = views.create_claim_url(b'http://example.com/quote"quote') resp = self.client.get(url) self.assertFalse(b'quote"quote' in resp.content)
def cantGetWrongClaimURL(self): with self.settings(BADGEKIT_API_URL="http://example.com/", BADGEKIT_VERIFY_ASSERTION_URL=True): resp = self.client.get(views.create_claim_url(b"http://evil.com/angle")) self.assertEqual(resp.status_code, 400)
def testMoreChars(self): url = views.create_claim_url(b"http://evil.com/semi;dquote\"") resp = self.client.get(url) self.assertFalse(b'dquote"' in resp.content)
def testQuotesDoNotAppear(self): url = views.create_claim_url(b'http://evil.com/quote"quote') resp = self.client.get(url) self.assertFalse(b'quote"quote' in resp.content)