Release v1.0.0

services/backend/tests/ui/views/accounts/test_post_login.py

@@ -0,0 +1,137 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client):
+    # Given
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        reverse('ui.accounts.settings.settings')
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.accounts.settings.settings'),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_without_next_url(authenticated_client: Client):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.index.index'),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_absolute_url(authenticated_client: Client, settings):
+    # Given
+    settings.ALLOWED_HOSTS = ['testserver']
+
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        'http://testserver/'
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        'http://testserver/',
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_allowed_hosts_asterisk(authenticated_client: Client, settings):
+    # Given
+    settings.ALLOWED_HOSTS = ['*']
+
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        'http://thisisinsecure/'
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    # `*` doesn't have effect here. Django requires hard matches on the
+    # `next_url` netloc. IDC, really. Redirects to absolute URLs here shouldn't
+    # happen unless somebody tries something funny. In wich case, NOPE.
+    asserts.assertRedirects(
+        result,
+        '/',
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_allowed_hosts_mismatch(authenticated_client: Client, settings):
+    # Given
+    settings.ALLOWED_HOSTS = ['testserver']
+
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        'http://thisisinsecure/'
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        '/',
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    # Then
+    assert result.status_code == 403
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    # Then
+    assert result.status_code == 403