Browse Source

check token redirect to login on bad token

pull/20/head
Di Wu 9 years ago
parent
commit
2ebad09d14
3 changed files with 21 additions and 7 deletions
  1. +12
    -4
      hc/accounts/tests/test_check_token.py
  2. +5
    -0
      hc/accounts/tests/test_login.py
  3. +4
    -3
      hc/accounts/views.py

+ 12
- 4
hc/accounts/tests/test_check_token.py View File

@ -1,15 +1,16 @@
from django.contrib.auth.models import User
from django.core.urlresolvers import reverse
from django.test import TestCase
class CheckTokenTestCase(TestCase):
def setUp(self):
super(CheckTokenTestCase, self).setUp()
super(CheckTokenTestCase, self).setUp()
self.alice = User(username="alice")
self.alice.set_password("secret-token")
self.alice.save()
self.alice = User(username="alice")
self.alice.set_password("secret-token")
self.alice.save()
def test_it_redirects(self):
r = self.client.get("/accounts/check_token/alice/secret-token/")
@ -26,3 +27,10 @@ class CheckTokenTestCase(TestCase):
# Login again, when already authenticated
r = self.client.get("/accounts/check_token/alice/secret-token/")
assert r.status_code == 302
def test_it_redirects_bad_login(self):
# Login with a bad token
r = self.client.get("/accounts/check_token/alice/invalid-token/")
assert r.status_code == 302
assert r.url.endswith(reverse("hc-login"))
assert self.client.session["bad_link"]

+ 5
- 0
hc/accounts/tests/test_login.py View File

@ -29,3 +29,8 @@ class LoginTestCase(TestCase):
# And check should be associated with the new user
check_again = Check.objects.get(code=check.code)
assert check_again.user
def test_it_pops_bad_link_from_session(self):
self.client.session["bad_link"] = True
self.client.get("/accounts/login/")
assert "bad_link" not in self.client.session

+ 4
- 3
hc/accounts/views.py View File

@ -80,7 +80,8 @@ def login(request):
else:
form = EmailForm()
ctx = {"form": form}
bad_link = request.session.pop("bad_link", None)
ctx = {"form": form, "bad_link": bad_link}
return render(request, "accounts/login.html", ctx)
@ -110,8 +111,8 @@ def check_token(request, username, token):
return redirect("hc-checks")
ctx = {"bad_link": True}
return render(request, "accounts/login.html", ctx)
request.session["bad_link"] = True
return redirect("hc-login")
@login_required


Loading…
Cancel
Save