BTHLABS-50: Safari Web extension

Co-authored-by: Tomek Wójcik <labs@tomekwojcik.pl> Co-committed-by: Tomek Wójcik <labs@tomekwojcik.pl>
2025-09-08 18:11:36 +00:00
parent ffecf780ee
commit b6d02dbe78
184 changed files with 7536 additions and 163 deletions
--- a/services/backend/tests/ui/views/accounts/auth/init.py
+++ b/services/backend/tests/ui/views/accounts/auth/init.py
--- a/services/backend/tests/ui/views/accounts/auth/test_post_login.py
+++ b/services/backend/tests/ui/views/accounts/auth/test_post_login.py
@@ -0,0 +1,137 @@
+# -*- coding: utf-8 -*-
+# type: ignore
+from __future__ import annotations
+
+from django.test import Client
+from django.urls import reverse
+import pytest
+from pytest_django import asserts
+
+
+@pytest.mark.django_db
+def test_ok(authenticated_client: Client):
+    # Given
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        reverse('ui.accounts.settings.settings')
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.accounts.settings.settings'),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_without_next_url(authenticated_client: Client):
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        reverse('ui.index.index'),
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_ok_absolute_url(authenticated_client: Client, settings):
+    # Given
+    settings.ALLOWED_HOSTS = ['testserver']
+
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        'http://testserver/'
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        'http://testserver/',
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_allowed_hosts_asterisk(authenticated_client: Client, settings):
+    # Given
+    settings.ALLOWED_HOSTS = ['*']
+
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        'http://thisisinsecure/'
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    # `*` doesn't have effect here. Django requires hard matches on the
+    # `next_url` netloc. IDC, really. Redirects to absolute URLs here shouldn't
+    # happen unless somebody tries something funny. In wich case, NOPE.
+    asserts.assertRedirects(
+        result,
+        '/',
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_allowed_hosts_mismatch(authenticated_client: Client, settings):
+    # Given
+    settings.ALLOWED_HOSTS = ['testserver']
+
+    session = authenticated_client.session
+    session['post_login_next_url'] = (
+        'http://thisisinsecure/'
+    )
+    session.save()
+
+    # When
+    result = authenticated_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    asserts.assertRedirects(
+        result,
+        '/',
+        fetch_redirect_response=False,
+    )
+
+
+@pytest.mark.django_db
+def test_inactive_account(inactive_account_client: Client):
+    # When
+    result = inactive_account_client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    # Then
+    assert result.status_code == 403
+
+
+@pytest.mark.django_db
+def test_anonymous(client: Client):
+    # When
+    result = client.post(
+        reverse('ui.accounts.post_login'),
+    )
+
+    # Then
+    assert result.status_code == 403