tests: Flush session before a simulated cross-domain POST in saml tests.

This is important, because lack of this meant that the POST request in
our tests still had the old session, with various params stored in it.
This mechanism doesn't work in reality in SAML, so the backend uses
redis to store and recover the params from redis. Without flushing the
session, these tests would fail to catch some breakages in the
redis-based mechanism.
This commit is contained in:
Mateusz Mandera 2020-05-25 13:48:28 +02:00 committed by Tim Abbott
parent 2af4ef6c6d
commit f2d052bff8
1 changed files with 4 additions and 0 deletions

View File

@ -1437,6 +1437,10 @@ class SAMLAuthBackendTest(SocialAuthBase):
# a perfectly valid SAMLResponse for the purpose of these tests would be too complex,
# and we simply use one loaded from a fixture file.
with mock.patch.object(OneLogin_Saml2_Response, 'is_valid', return_value=True):
# We are simulating a cross-domain POST request here. Session is a Lax cookie, meaning
# it won't be sent by the browser in this request. To simulate that effect with the django
# test client, we flush the session before the request.
self.client.session.flush()
result = self.client_post(self.AUTH_FINISH_URL, post_params, **headers)
return result