Turn on redirects for new_password

This is part of the work to make sure user is redirected
to the page they initially were meant to visit after
they sign in.
This commit is contained in:
Pea Tyczynska
2020-10-09 11:40:28 +01:00
parent b0db60e417
commit 1fc2bee42d
3 changed files with 13 additions and 6 deletions

View File

@@ -5,6 +5,7 @@ from flask import (
flash,
redirect,
render_template,
request,
session,
url_for,
)
@@ -46,6 +47,6 @@ def new_password(token):
else:
# send user a 2fa sms code
user.send_verify_code()
return redirect(url_for('main.two_factor'))
return redirect(url_for('main.two_factor', next=request.args.get('next')))
else:
return render_template('views/new-password.html', token=token, form=form, user=user)

View File

@@ -1,6 +1,7 @@
import json
from datetime import datetime
import pytest
from flask import url_for
from itsdangerous import SignatureExpired
from notifications_utils.url_safe_token import generate_token
@@ -36,21 +37,26 @@ def test_should_return_404_when_email_address_does_not_exist(
assert response.status_code == 404
@pytest.mark.parametrize('redirect_url', [
None,
'blob',
])
def test_should_redirect_to_two_factor_when_password_reset_is_successful(
app_,
client,
mock_get_user_by_email_request_password_reset,
mock_login,
mock_send_verify_code,
mock_reset_failed_login_count
mock_reset_failed_login_count,
redirect_url
):
user = mock_get_user_by_email_request_password_reset.return_value
data = json.dumps({'email': user['email_address'], 'created_at': str(datetime.utcnow())})
token = generate_token(data, app_.config['SECRET_KEY'], app_.config['DANGEROUS_SALT'])
response = client.post(url_for_endpoint_with_token('.new_password', token=token),
response = client.post(url_for_endpoint_with_token('.new_password', token=token, next=redirect_url),
data={'new_password': 'a-new_password'})
assert response.status_code == 302
assert response.location == url_for('.two_factor', _external=True)
assert response.location == url_for('.two_factor', _external=True, next=redirect_url)
mock_get_user_by_email_request_password_reset.assert_called_once_with(user['email_address'])

View File

@@ -3646,9 +3646,9 @@ def mock_create_event(mocker):
return mocker.patch('app.events_api_client.create_event', side_effect=_add_event)
def url_for_endpoint_with_token(endpoint, token):
def url_for_endpoint_with_token(endpoint, token, next=None):
token = token.replace('%2E', '.')
return url_for(endpoint, token=token)
return url_for(endpoint, token=token, next=next)
@pytest.fixture