forked from pallets-eco/flask-security-3.0
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
core: fix default for UNAUTHORIZED_VIEW
* Changes default to `None` to be consistent with documentation. (closes pallets-eco#724)
- Loading branch information
1 parent
3f9b75b
commit a2f35df
Showing
2 changed files
with
8 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,6 +8,8 @@ | |
|
|
||
| import base64 | ||
|
|
||
| import pytest | ||
|
|
||
| from utils import authenticate, json_authenticate, logout | ||
|
|
||
| try: | ||
|
|
@@ -130,9 +132,10 @@ def test_authorized_access(client): | |
| def test_unauthorized_access(client, get_message): | ||
| authenticate(client, "[email protected]") | ||
| response = client.get("/admin", follow_redirects=True) | ||
| assert get_message('UNAUTHORIZED') in response.data | ||
| assert response.status_code == 403 | ||
|
|
||
|
|
||
| @pytest.mark.settings(unauthorized_view=lambda: None) | ||
| def test_unauthorized_access_with_referrer(client, get_message): | ||
| authenticate(client, '[email protected]') | ||
| response = client.get('/admin', headers={'referer': '/admin'}) | ||
|
|
@@ -152,6 +155,7 @@ def test_unauthorized_access_with_referrer(client, get_message): | |
| assert response.data.count(get_message('UNAUTHORIZED')) == 1 | ||
|
|
||
|
|
||
| @pytest.mark.settings(unauthorized_view='/') | ||
| def test_roles_accepted(client): | ||
| for user in ("[email protected]", "[email protected]"): | ||
| authenticate(client, user) | ||
|
|
@@ -164,11 +168,13 @@ def test_roles_accepted(client): | |
| assert b'Home Page' in response.data | ||
|
|
||
|
|
||
| @pytest.mark.settings(unauthorized_view='/') | ||
| def test_unauthenticated_role_required(client, get_message): | ||
| response = client.get('/admin', follow_redirects=True) | ||
| assert get_message('UNAUTHORIZED') in response.data | ||
|
|
||
|
|
||
| @pytest.mark.settings(unauthorized_view='/') | ||
| def test_multiple_role_required(client): | ||
| for user in ("[email protected]", "[email protected]"): | ||
| authenticate(client, user) | ||
|
|
||