-
Notifications
You must be signed in to change notification settings - Fork 154
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix form.next for newer authentication mechanisms - including two-fac…
…tor. (#854) Propagating 'next' when part of the request query string was working - but FS also supported 'next' as a hidden field in some endpoints such as /login and /register. form.next wasn't being propagated with 2FA. Also - newer authentication endpoints - /us-signin /wan-signin didn't have the 'next' hidden field. Also - there were NO tests for form.next. Fixed all that, added tests, combined all 'next' calculations in a single utility. closes #853
- Loading branch information
Showing
10 changed files
with
125 additions
and
63 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1246,6 +1246,18 @@ def test_propagate_next(app, client): | |
verify_url, data=dict(code=codes[0]["login_token"]), follow_redirects=False | ||
) | ||
assert "/im-in" in response.location | ||
logout(client) | ||
|
||
# do it with next in the form | ||
data = dict(email="[email protected]", password="password", next="/im-in") | ||
response = client.post("/login", data=data, follow_redirects=True) | ||
assert "?next=/im-in" in response.request.url | ||
# grab URL from form to show that our template propagates ?next | ||
verify_url = get_form_action(response) | ||
response = client.post( | ||
verify_url, data=dict(code=codes[1]["login_token"]), follow_redirects=False | ||
) | ||
assert "/im-in" in response.location | ||
|
||
|
||
@pytest.mark.settings(freshness=timedelta(minutes=0)) | ||
|
Oops, something went wrong.