vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

test: better redirect handling

Browse source
This commit is contained in:
Ayush Chaudhari 2025-09-17 16:58:36 +05:30
parent 4a830b49e8
commit 9f3e327231
1 changed files with 7 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
frappe/tests/test_api.py
View file

@ -461,13 +461,15 @@ class TestResponse(FrappeAPITestCase):
def test_login_redirects(self):
expected_redirects = {
"/app/user": "/app/user",
"/app/user?enabled=1": "/app/user?enabled=1",
"http://example.com": "/app", # No external redirect
"https://google.com": "/app",
"http://localhost:8000": "/app",
"/app/user": "http://localhost/app/user",
"/app/user?enabled=1": "http://localhost/app/user?enabled=1",
"http://example.com": "http://localhost/app", # No external redirect
"https://google.com": "http://localhost/app",
"http://localhost:8000": "http://localhost/app",
"http://localhost/app": "http://localhost/app",
"////example.com": "http://localhost//example.com", # malicious redirect attempt
}
for redirect, expected_redirect in expected_redirects.items():
response = self.get(f"/login?{urlencode({'redirect-to':redirect})}", {"sid": self.sid})
self.assertEqual(response.location, expected_redirect)