tests: Replace messy direct test of login_or_register_remote_user.

This code path is much more naturally tested with the existing end-to-end test for the function that we have for the RemoteUser auth backend.
2018-04-22 14:14:27 -07:00 · 2018-04-22 14:14:27 -07:00 · 6df821a40f
parent f806526551
commit 6df821a40f
1 changed files with 6 additions and 23 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@ -1698,6 +1698,8 @@ class TestZulipRemoteUserBackend(ZulipTestCase):
        self.assertIn('Zulip on Android', mail.outbox[0].body)

    def test_redirect_to(self) -> None:
+        """This test verifies the behavior of the redirect_to logic in
+        login_or_register_remote_user."""
        def test_with_redirect_to_param_set_as_next(next: Text='') -> HttpResponse:
            user_profile = self.example_user('hamlet')
            email = user_profile.email
@ -1710,6 +1712,10 @@ class TestZulipRemoteUserBackend(ZulipTestCase):
        res = test_with_redirect_to_param_set_as_next('/user_uploads/image_path')
        self.assertEqual('http://zulip.testserver/user_uploads/image_path', res.url)

+        # Third-party domains are rejected and just send you to root domain
+        res = test_with_redirect_to_param_set_as_next('https://rogue.zulip-like.server/login')
+        self.assertEqual('http://zulip.testserver', res.url)
+
        # In SSO based auth we never make browser send the hash to the backend.
        # Rather we depend upon the browser's behaviour of persisting hash anchors
        # in between redirect requests. See below stackoverflow conversation
@ -2268,29 +2274,6 @@ class LoginOrRegisterRemoteUserTestCase(ZulipTestCase):
            invalid_subdomain=invalid_subdomain)
        self.assertIn('/accounts/login/?subdomain=1', response.url)

-    def test_redirect_to(self) -> None:
-        def test_with_redirect_to_param_set_as_next(next: Text='') -> HttpResponse:
-            full_name = 'Hamlet'
-            user_profile = self.example_user('hamlet')
-            request = HostRequestMock(user_profile)
-            with mock.patch('zerver.views.auth.do_login'):
-                response = login_or_register_remote_user(
-                    request,
-                    self.example_email('hamlet'),
-                    user_profile,
-                    full_name=full_name,
-                    invalid_subdomain=False,
-                    redirect_to=next)
-            return response
-
-        res = test_with_redirect_to_param_set_as_next()
-        self.assertEqual('http://zulip.testserver', res.url)
-        res = test_with_redirect_to_param_set_as_next('/user_uploads/image_path')
-        self.assertEqual('http://zulip.testserver/user_uploads/image_path', res.url)
-        # We test with a rogue next URL and redirect URL must be towards root zulip uri.
-        res = test_with_redirect_to_param_set_as_next('https://rogue.zulip-like.server/login')
-        self.assertEqual('http://zulip.testserver', res.url)
-
 class LDAPBackendTest(ZulipTestCase):
    @override_settings(AUTHENTICATION_BACKENDS=('zproject.backends.ZulipLDAPAuthBackend',))
    def test_non_existing_realm(self) -> None: