Added test to reject bad state tokens
This commit is contained in:
parent
8d3f54ae3f
commit
491a86f478
@ -44,3 +44,9 @@ class TestLogin(TestCase):
|
|||||||
self.assertEqual(client.session['user_id'], '935a41b5-b38d-42c3-96ef-653402fc44ca')
|
self.assertEqual(client.session['user_id'], '935a41b5-b38d-42c3-96ef-653402fc44ca')
|
||||||
self.assertEqual(client.session['token'],'1accesstoken1')
|
self.assertEqual(client.session['token'],'1accesstoken1')
|
||||||
self.assertEqual(client.session['disp_name'], 'Mr. Smith')
|
self.assertEqual(client.session['disp_name'], 'Mr. Smith')
|
||||||
|
|
||||||
|
def test_reject_bad_state(self):
|
||||||
|
with responses.RequestsMock() as rm:
|
||||||
|
client = Client()
|
||||||
|
resp = client.get('/login/redirect?state=%s&code=%s'%('bad_state', 'code'))
|
||||||
|
self.assertEqual(resp.status_code, 400)
|
||||||
|
Reference in New Issue
Block a user