def test_login_empty_next(rf): request = rf.get("/?next=") request.user = UserFactory() response = login_view(request) assert response.status_code == 302 assert response.url == "/"
def test_login_already_logged_with_no_next_url(rf): request = rf.get("/") request.user = UserFactory() response = login_view(request) assert response.status_code == 302 assert response.url == "/"
def test_login_unsafe_path(rf): request = rf.get("/?next=https://steal-your-bank-details.com/") request.user = AnonymousUser() response = login_view(request) assert response.status_code == 400
def test_login_safe_path(rf): request = rf.get("/?next=/") request.user = AnonymousUser() response = login_view(request) assert response.status_code == 200