Mercurial > kallithea
comparison rhodecode/tests/functional/test_login.py @ 2679:dffb92224edf beta
removed ftp from allowed schemas
- added tests for the schemas fix
- moved parsing url if we only have came_from present
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Tue, 31 Jul 2012 12:15:54 +0200 |
| parents | 6c83dc0226d2 |
| children | 7d3d0a96e083 |
comparison
equal
deleted
inserted
replaced
| 2678:04d2bcfbe7a6 | 2679:dffb92224edf |
|---|---|
| 52 self.assertEqual(response.status, '302 Found') | 52 self.assertEqual(response.status, '302 Found') |
| 53 response = response.follow() | 53 response = response.follow() |
| 54 | 54 |
| 55 self.assertEqual(response.status, '200 OK') | 55 self.assertEqual(response.status, '200 OK') |
| 56 self.assertTrue('Users administration' in response.body) | 56 self.assertTrue('Users administration' in response.body) |
| 57 | |
| 58 @parameterized.expand([ | |
| 59 ('data:text/html,<script>window.alert("xss")</script>',), | |
| 60 ('mailto:test@rhodecode.org',), | |
| 61 ('file:///etc/passwd',), | |
| 62 ('ftp://some.ftp.server',), | |
| 63 ('http://other.domain',), | |
| 64 ]) | |
| 65 def test_login_bad_came_froms(self, url_came_from): | |
| 66 response = self.app.post(url(controller='login', action='index', | |
| 67 came_from=url_came_from), | |
| 68 {'username': 'test_admin', | |
| 69 'password': 'test12'}) | |
| 70 self.assertEqual(response.status, '302 Found') | |
| 71 self.assertEqual(response._environ['paste.testing_variables'] | |
| 72 ['tmpl_context'].came_from, '/') | |
| 73 response = response.follow() | |
| 74 | |
| 75 self.assertEqual(response.status, '200 OK') | |
| 57 | 76 |
| 58 def test_login_short_password(self): | 77 def test_login_short_password(self): |
| 59 response = self.app.post(url(controller='login', action='index'), | 78 response = self.app.post(url(controller='login', action='index'), |
| 60 {'username': 'test_admin', | 79 {'username': 'test_admin', |
| 61 'password': 'as'}) | 80 'password': 'as'}) |