def test_offsite_redirects_disallowed(self):
# The framework ought to make sure the auth mechanism doesn't allow
# people to craft URLs that will send users to arbitrary places
# through our site, but there's a hole:
# https://github.com/omab/django-social-auth/issues/676
# so we'll do this check ourselves.
redirect_to = 'http://example.com/hackme'
self.request = RequestFactory().get('/login',
{REDIRECT_FIELD_NAME: redirect_to})
response = login(self.request)
self.assertNotContains(response, redirect_to)
def test_login_page_renders(self):
self.request = RequestFactory().request()
response = login(self.request)
self.assertTemplateUsed(response, "code_scouts_platform/login.html")
self.assertContains(response, "Persona", status_code=200)
def test_login_page_includes_redirect_target(self):
redirect_to = '/redirect_to_here'
self.request = RequestFactory().get('/login',
{REDIRECT_FIELD_NAME: redirect_to})
response = login(self.request)
self.assertContains(response, redirect_to)
