Mercurial > kallithea
comparison rhodecode/tests/functional/test_login.py @ 2679:dffb92224edf beta
removed ftp from allowed schemas
- added tests for the schemas fix
- moved parsing url if we only have came_from present
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Tue, 31 Jul 2012 12:15:54 +0200 |
parents | 6c83dc0226d2 |
children | 7d3d0a96e083 |
comparison
equal
deleted
inserted
replaced
2678:04d2bcfbe7a6 | 2679:dffb92224edf |
---|---|
52 self.assertEqual(response.status, '302 Found') | 52 self.assertEqual(response.status, '302 Found') |
53 response = response.follow() | 53 response = response.follow() |
54 | 54 |
55 self.assertEqual(response.status, '200 OK') | 55 self.assertEqual(response.status, '200 OK') |
56 self.assertTrue('Users administration' in response.body) | 56 self.assertTrue('Users administration' in response.body) |
57 | |
58 @parameterized.expand([ | |
59 ('data:text/html,<script>window.alert("xss")</script>',), | |
60 ('mailto:test@rhodecode.org',), | |
61 ('file:///etc/passwd',), | |
62 ('ftp://some.ftp.server',), | |
63 ('http://other.domain',), | |
64 ]) | |
65 def test_login_bad_came_froms(self, url_came_from): | |
66 response = self.app.post(url(controller='login', action='index', | |
67 came_from=url_came_from), | |
68 {'username': 'test_admin', | |
69 'password': 'test12'}) | |
70 self.assertEqual(response.status, '302 Found') | |
71 self.assertEqual(response._environ['paste.testing_variables'] | |
72 ['tmpl_context'].came_from, '/') | |
73 response = response.follow() | |
74 | |
75 self.assertEqual(response.status, '200 OK') | |
57 | 76 |
58 def test_login_short_password(self): | 77 def test_login_short_password(self): |
59 response = self.app.post(url(controller='login', action='index'), | 78 response = self.app.post(url(controller='login', action='index'), |
60 {'username': 'test_admin', | 79 {'username': 'test_admin', |
61 'password': 'as'}) | 80 'password': 'as'}) |