auth: Add a test for the legacy /accounts/login/google/ mobile flow.

This is needed to return 100% URL coverage, and should also help ensure we don't accidentally break the fix from a43b231f90.
2019-08-26 20:51:04 -07:00 · 2019-08-26 20:51:04 -07:00 · e0f8228d6e
parent a43b231f90
commit e0f8228d6e
1 changed files with 40 additions and 0 deletions
--- a/zerver/tests/test_auth_backends.py
+++ b/zerver/tests/test_auth_backends.py
@ -498,8 +498,12 @@ class SocialAuthBase(ZulipTestCase):
                         next: str='',
                         multiuse_object_key: str='',
                         expect_choose_email_screen: bool=False,
+                         alternative_start_url: Optional[str]=None,
                         **extra_data: Any) -> HttpResponse:
        url = self.LOGIN_URL
+        if alternative_start_url is not None:
+            url = alternative_start_url
+
        params = {}
        headers = {}
        if subdomain is not None:
@ -1178,6 +1182,42 @@ class GoogleAuthBackendTest(SocialAuthBase):
            mock_warning.assert_called_once_with("Social auth (Google) failed "
                                                 "because user has no verified emails")

+    def test_social_auth_mobile_success_legacy_url(self) -> None:
+        mobile_flow_otp = '1234abcd' * 8
+        account_data_dict = self.get_account_data_dict(email=self.email, name='Full Name')
+        self.assertEqual(len(mail.outbox), 0)
+        self.user_profile.date_joined = timezone_now() - datetime.timedelta(seconds=JUST_CREATED_THRESHOLD + 1)
+        self.user_profile.save()
+
+        with self.settings(SEND_LOGIN_EMAILS=True):
+            # Verify that the right thing happens with an invalid-format OTP
+            result = self.social_auth_test(account_data_dict, subdomain='zulip',
+                                           alternative_start_url="/accounts/login/google/",
+                                           mobile_flow_otp="1234")
+            self.assert_json_error(result, "Invalid OTP")
+            result = self.social_auth_test(account_data_dict, subdomain='zulip',
+                                           alternative_start_url="/accounts/login/google/",
+                                           mobile_flow_otp="invalido" * 8)
+            self.assert_json_error(result, "Invalid OTP")
+
+            # Now do it correctly
+            result = self.social_auth_test(account_data_dict, subdomain='zulip',
+                                           expect_choose_email_screen=True,
+                                           alternative_start_url="/accounts/login/google/",
+                                           mobile_flow_otp=mobile_flow_otp)
+        self.assertEqual(result.status_code, 302)
+        redirect_url = result['Location']
+        parsed_url = urllib.parse.urlparse(redirect_url)
+        query_params = urllib.parse.parse_qs(parsed_url.query)
+        self.assertEqual(parsed_url.scheme, 'zulip')
+        self.assertEqual(query_params["realm"], ['http://zulip.testserver'])
+        self.assertEqual(query_params["email"], [self.example_email("hamlet")])
+        encrypted_api_key = query_params["otp_encrypted_api_key"][0]
+        hamlet_api_keys = get_all_api_keys(self.example_user('hamlet'))
+        self.assertIn(otp_decrypt_api_key(encrypted_api_key, mobile_flow_otp), hamlet_api_keys)
+        self.assertEqual(len(mail.outbox), 1)
+        self.assertIn('Zulip on Android', mail.outbox[0].body)
+
    def test_google_auth_enabled(self) -> None:
        with self.settings(AUTHENTICATION_BACKENDS=('zproject.backends.GoogleAuthBackend',)):
            self.assertTrue(google_auth_enabled())