The verify view was not passing along the next param to the two factor

view. Now if it is passed and it is a url on the same domain that request originates from then it is used.
2026-05-05 00:20:43 -04:00 · 2016-03-14 16:30:48 +00:00
parent 05947d047a
commit 8561391cd2
3 changed files with 66 additions and 3 deletions
--- a/tests/app/main/views/test_two_factor.py
+++ b/tests/app/main/views/test_two_factor.py
@@ -40,6 +40,50 @@ def test_should_login_user_and_redirect_to_service_dashboard(app_,
            )


+def test_should_login_user_and_should_redirect_to_next_url(app_,
+                                                           api_user_active,
+                                                           mock_get_user,
+                                                           mock_get_user_by_email,
+                                                           mock_check_verify_code,
+                                                           mock_get_services):
+    with app_.test_request_context():
+        with app_.test_client() as client:
+            with client.session_transaction() as session:
+                session['user_details'] = {
+                    'id': api_user_active.id,
+                    'email': api_user_active.email_address}
+            response = client.post(url_for('main.two_factor', next='/services/{}/dashboard'.format(SERVICE_ONE_ID)),
+                                   data={'sms_code': '12345'})
+            assert response.status_code == 302
+            assert response.location == url_for(
+                'main.service_dashboard',
+                service_id=SERVICE_ONE_ID,
+                _external=True
+            )
+
+
+def test_should_login_user_and_not_redirect_to_external_url(app_,
+                                                            api_user_active,
+                                                            mock_get_user,
+                                                            mock_get_user_by_email,
+                                                            mock_check_verify_code,
+                                                            mock_get_services_with_one_service):
+    with app_.test_request_context():
+        with app_.test_client() as client:
+            with client.session_transaction() as session:
+                session['user_details'] = {
+                    'id': api_user_active.id,
+                    'email': api_user_active.email_address}
+            response = client.post(url_for('main.two_factor', next='http://www.google.com'),
+                                   data={'sms_code': '12345'})
+            assert response.status_code == 302
+            assert response.location == url_for(
+                'main.service_dashboard',
+                service_id=SERVICE_ONE_ID,
+                _external=True
+            )
+
+
 def test_should_login_user_and_redirect_to_choose_services(app_,
                                                           api_user_active,
                                                           mock_get_user,