diff options
author | Vlastimil Zíma <vlastimil.zima@nic.cz> | 2019-10-08 10:14:50 +0200 |
---|---|---|
committer | Vlastimil Zíma <vlastimil.zima@nic.cz> | 2019-10-08 14:15:46 +0200 |
commit | ae769920b2dc641b9c7ddbc500071a66cb1d3667 (patch) | |
tree | 4cfc643778dfeef356df02dc7796c4f3ed6bb558 /openid/test/test_rpverify.py | |
parent | d16bfee10c7f70f7a42ac9d10ac4bce94a4a38ad (diff) | |
download | openid-ae769920b2dc641b9c7ddbc500071a66cb1d3667.tar.gz |
Fix false positive redirect when verifying consumer
Diffstat (limited to 'openid/test/test_rpverify.py')
-rw-r--r-- | openid/test/test_rpverify.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/openid/test/test_rpverify.py b/openid/test/test_rpverify.py index 82af2cf..5b6780a 100644 --- a/openid/test/test_rpverify.py +++ b/openid/test/test_rpverify.py @@ -3,9 +3,11 @@ from __future__ import unicode_literals import unittest +from mock import patch, sentinel from testfixtures import LogCapture, StringComparison from openid.server import trustroot +from openid.server.trustroot import getAllowedReturnURLs from openid.yadis import services from openid.yadis.discover import DiscoveryFailure, DiscoveryResult @@ -183,6 +185,24 @@ class TestReturnToMatches(unittest.TestCase): self.assertFalse(trustroot.returnToMatches([r], 'http://example.com/xss_exploit')) +class TestGetAllowedReturnURLs(unittest.TestCase): + + def test_equal(self): + with patch('openid.yadis.services.getServiceEndpoints', autospec=True, + return_value=('http://example.com/', sentinel.endpoints)): + endpoints = getAllowedReturnURLs('http://example.com/') + + self.assertEqual(endpoints, sentinel.endpoints) + + def test_normalized(self): + # Test redirect is not reported when the returned URL is normalized. + with patch('openid.yadis.services.getServiceEndpoints', autospec=True, + return_value=('http://example.com/', sentinel.endpoints)): + endpoints = getAllowedReturnURLs('http://example.com:80') + + self.assertEqual(endpoints, sentinel.endpoints) + + class TestVerifyReturnTo(unittest.TestCase): def test_bogusRealm(self): |