Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: hydratation du parametre next dans l'url proconnect:authorize #850

Merged
merged 1 commit into from
Dec 5, 2024
Merged

fix: hydratation du parametre next dans l'url proconnect:authorize #850

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lacommunaute/templates/registration/login_with_magic_link.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ <h1 class="s-title-01__title h1">{% trans "Login | Sign in" %}</h1>
<p>
ProConnect vous permet d'accéder à de nombreux services en ligne en utilisant l'un de vos comptes professionnels existants.
</p>
<a href="{% url 'openid_connect:authorize' %}?next={{ next }}" rel="nofollow" class="proconnect-button"></a>
<a href="{% url 'openid_connect:authorize' %}?next={{ request.GET.next }}" rel="nofollow" class="proconnect-button"></a>
<p>
<a href="https://proconnect.gouv.fr/" target="_blank" rel="noopener noreferrer" title="Qu’est-ce que AgentConnect ? - nouvelle fenêtre">
Qu’est-ce que ProConnect ?
Expand Down
81 changes: 79 additions & 2 deletions lacommunaute/users/tests/__snapshots__/tests_views.ambr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@
<p>
ProConnect vous permet d'accéder à de nombreux services en ligne en utilisant l'un de vos comptes professionnels existants.
</p>
<a class="proconnect-button" href="/pro_connect/authorize?next=" rel="nofollow"></a>
<a class="proconnect-button" href="/pro_connect/authorize?next=/" rel="nofollow"></a>
<p>
<a href="https://proconnect.gouv.fr/" rel="noopener noreferrer" target="_blank" title="Qu’est-ce que AgentConnect ? - nouvelle fenêtre">
Qu’est-ce que ProConnect ?
Expand Down Expand Up @@ -307,7 +307,7 @@
<p>
ProConnect vous permet d'accéder à de nombreux services en ligne en utilisant l'un de vos comptes professionnels existants.
</p>
<a class="proconnect-button" href="/pro_connect/authorize?next=" rel="nofollow"></a>
<a class="proconnect-button" href="/pro_connect/authorize?next=/topics/" rel="nofollow"></a>
<p>
<a href="https://proconnect.gouv.fr/" rel="noopener noreferrer" target="_blank" title="Qu’est-ce que AgentConnect ? - nouvelle fenêtre">
Qu’est-ce que ProConnect ?
Expand Down Expand Up @@ -431,6 +431,83 @@
</section>


</main>
'''
# ---
# name: TestLoginView.test_content[http://www.unallowed_host.com][login_view_content]
'''
<main class="s-main" id="main" role="main">






<section class="s-title-01 mt-lg-5">
<div class="s-title-01__container container">
<div class="s-title-01__row row">
<div class="s-title-01__col col-lg-8 col-12">
<h1 class="s-title-01__title h1">Se connecter | S'inscrire</h1>
</div>
</div>
</div>
</section>
<section class="s-section">
<div class="s-section__container container">
<div class="s-section__row row">
<div class="s-section__col col-12 col-lg-7">
<div class="c-form">
<div class="text-center">
<p>
ProConnect vous permet d'accéder à de nombreux services en ligne en utilisant l'un de vos comptes professionnels existants.
</p>
<a class="proconnect-button" href="/pro_connect/authorize?next=http://www.unallowed_host.com" rel="nofollow"></a>
<p>
<a href="https://proconnect.gouv.fr/" rel="noopener noreferrer" target="_blank" title="Qu’est-ce que AgentConnect ? - nouvelle fenêtre">
Qu’est-ce que ProConnect ?
</a>
</p>
</div>
<hr class="my-5" data-it-text="ou"/>
<form action="." enctype="multipart/form-data" method="post" novalidate="">
<input name="csrfmiddlewaretoken" type="hidden" value="NORMALIZED_CSRF_TOKEN"/>

<fieldset>
<p class="h4">Se connecter avec votre email</p>
<p class="text-muted">✨ Nous allons vous envoyer un code magique pour vous connecter sans mot de passe.</p>


<div class="form-group" id="div_id_email">



<input class="form-control" id="id_email" maxlength="320" name="email" placeholder="Votre adresse email" required="" type="email"/>





</div>

</fieldset>
<div class="row">
<div class="col-12">
<div class="form-row align-items-center justify-content-end gx-3">
<div class="form-group col col-lg-auto order-2 order-lg-3">
<input name="next" type="hidden" value="http://www.unallowed_host.com"/>
<input class="btn btn-block btn-primary" type="submit" value="Recevoir le lien de connexion"/>
</div>
</div>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</section>


</main>
'''
# ---
Expand Down
2 changes: 1 addition & 1 deletion lacommunaute/users/tests/tests_views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,7 +115,7 @@ def test_send_magic_link(


class TestLoginView:
@pytest.mark.parametrize("next_url", [None, "/", "/topics/"])
@pytest.mark.parametrize("next_url", [None, "/", "/topics/", "http://www.unallowed_host.com"])
def test_content(self, client, db, next_url, snapshot):
url = reverse("users:login") + f"?next={next_url}" if next_url else reverse("users:login")
response = client.get(url)
Expand Down
Loading