def test_login_next_parameter(self): '''Test with a valid ?next=url parameter.''' next = '/kb/new' # Verify that next parameter is set in form hidden field. response = self.client.get(urlparams(reverse('users.login'), next=next)) eq_(200, response.status_code) doc = pq(response.content) eq_(next, doc('input[name="next"]')[0].attrib['value']) # Verify that it gets used on form POST. response = self.client.post(reverse('users.login'), {'username': '******', 'password': '******', 'next': next}) eq_(302, response.status_code) eq_('http://testserver' + next, response['location'])
def test_login_next_parameter(self): '''Test with a valid ?next=url parameter.''' next = '/kb/new' # Verify that next parameter is set in form hidden field. response = self.client.get(urlparams(reverse('users.login'), next=next)) eq_(200, response.status_code) doc = pq(response.content) eq_(next, doc('input[name="next"]')[0].attrib['value']) # Verify that it gets used on form POST. response = self.client.post(reverse('users.login'), { 'username': '******', 'password': '******', 'next': next }) eq_(302, response.status_code) eq_('http://testserver' + next, response['location'])
def test_login_invalid_next_parameter(self, get_current): '''Test with an invalid ?next=http://example.com parameter.''' get_current.return_value.domain = 'testserver.com' invalid_next = 'http://foobar.com/evil/' valid_next = reverse('desktop.home', locale=settings.LANGUAGE_CODE) # Verify that _valid_ next parameter is set in form hidden field. response = self.client.get(urlparams(reverse('users.login'), next=invalid_next)) eq_(200, response.status_code) doc = pq(response.content) eq_(valid_next, doc('input[name="next"]')[0].attrib['value']) # Verify that it gets used on form POST. response = self.client.post(reverse('users.login'), {'username': '******', 'password': '******', 'next': invalid_next}) eq_(302, response.status_code) eq_('http://testserver' + valid_next, response['location'])
def test_login_invalid_next_parameter(self, get_current): '''Test with an invalid ?next=http://example.com parameter.''' get_current.return_value.domain = 'testserver.com' invalid_next = 'http://foobar.com/evil/' valid_next = reverse('desktop.home', locale=settings.LANGUAGE_CODE) # Verify that _valid_ next parameter is set in form hidden field. response = self.client.get( urlparams(reverse('users.login'), next=invalid_next)) eq_(200, response.status_code) doc = pq(response.content) eq_(valid_next, doc('input[name="next"]')[0].attrib['value']) # Verify that it gets used on form POST. response = self.client.post(reverse('users.login'), { 'username': '******', 'password': '******', 'next': invalid_next }) eq_(302, response.status_code) eq_('http://testserver' + valid_next, response['location'])
def _social_sharing_url(self, service): # django_reverse used instead of reverse because we don't want a locale preprended to sharing links. url = urlparams(django_reverse('desktop.user', args=[self.user.username]), f=service) return absolute_url(url)
def generic_sharing_url(self): url = urlparams(django_reverse('desktop.user', args=[self.user.username])) return absolute_url(url)
def qr_code_download(self): """Returns the URL of a QR code which, when scanned, points to: https://[domain]/download?f=qr&user=[username] """ url = absolute_url(urlparams(django_reverse('sharing.download'), user=self.user.username)) return sharing_utils.url2qr(url)