tomekwojcik/hotpocket
1
0
Fork 0
Code Actions Releases 11 Activity
Files
b4338e2769ac2255e7426afbbe95ba26b2a1b814
hotpocket/services/backend/tests/ui/views/accounts/test_post_login.py
Tomek Wójcik b4338e2769
Some checks failed
CI / Checks (push) Failing after 13m2s
Details
Release v1.0.0
2025-08-20 21:00:50 +02:00

138 lines
3.1 KiB
Python
Raw Blame History

# -*- coding: utf-8 -*-
# type: ignore
from __future__ import annotations
from django.test import Client
from django.urls import reverse
import pytest
from pytest_django import asserts
@pytest.mark.django_db
def test_ok(authenticated_client: Client):
# Given
session = authenticated_client.session
session['post_login_next_url'] = (
reverse('ui.accounts.settings.settings')
)
session.save()
# When
result = authenticated_client.post(
reverse('ui.accounts.post_login'),
)
asserts.assertRedirects(
result,
reverse('ui.accounts.settings.settings'),
fetch_redirect_response=False,
)
@pytest.mark.django_db
def test_ok_without_next_url(authenticated_client: Client):
# When
result = authenticated_client.post(
reverse('ui.accounts.post_login'),
)
asserts.assertRedirects(
result,
reverse('ui.index.index'),
fetch_redirect_response=False,
)
@pytest.mark.django_db
def test_ok_absolute_url(authenticated_client: Client, settings):
# Given
settings.ALLOWED_HOSTS = ['testserver']
session = authenticated_client.session
session['post_login_next_url'] = (
'http://testserver/'
)
session.save()
# When
result = authenticated_client.post(
reverse('ui.accounts.post_login'),
)
asserts.assertRedirects(
result,
'http://testserver/',
fetch_redirect_response=False,
)
@pytest.mark.django_db
def test_allowed_hosts_asterisk(authenticated_client: Client, settings):
# Given
settings.ALLOWED_HOSTS = ['*']
session = authenticated_client.session
session['post_login_next_url'] = (
'http://thisisinsecure/'
)
session.save()
# When
result = authenticated_client.post(
reverse('ui.accounts.post_login'),
)
# `*` doesn't have effect here. Django requires hard matches on the
# `next_url` netloc. IDC, really. Redirects to absolute URLs here shouldn't
# happen unless somebody tries something funny. In wich case, NOPE.
asserts.assertRedirects(
result,
'/',
fetch_redirect_response=False,
)
@pytest.mark.django_db
def test_allowed_hosts_mismatch(authenticated_client: Client, settings):
# Given
settings.ALLOWED_HOSTS = ['testserver']
session = authenticated_client.session
session['post_login_next_url'] = (
'http://thisisinsecure/'
)
session.save()
# When
result = authenticated_client.post(
reverse('ui.accounts.post_login'),
)
asserts.assertRedirects(
result,
'/',
fetch_redirect_response=False,
)
@pytest.mark.django_db
def test_inactive_account(inactive_account_client: Client):
# When
result = inactive_account_client.post(
reverse('ui.accounts.post_login'),
)
# Then
assert result.status_code == 403
@pytest.mark.django_db
def test_anonymous(client: Client):
# When
result = client.post(
reverse('ui.accounts.post_login'),
)
# Then
assert result.status_code == 403
View Git Blame Copy Permalink