Skip to content

Commit

Permalink
Fix test errors with newer Flask releases.
Browse files Browse the repository at this point in the history
Closes: #594
Closes: #605
  • Loading branch information
jwag956 committed Apr 19, 2022
1 parent fe79e2f commit 0619e79
Show file tree
Hide file tree
Showing 14 changed files with 47 additions and 53 deletions.
9 changes: 9 additions & 0 deletions CHANGES.rst
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,15 @@ Flask-Security Changelog

Here you can see the full list of changes between each Flask-Security release.

Version 4.1.4
-------------

Released April 19, 2022

Fixes
+++++
- (:issue:`594`) Fix test failures with newer Flask versions.

Version 4.1.3
-------------

Expand Down
4 changes: 2 additions & 2 deletions babel.ini
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ encoding = utf-8

[jinja2: **/templates/**.html]
encoding = utf-8
extensions = jinja2.ext.autoescape, jinja2.ext.with_
extensions =

[jinja2: **/templates/**.txt]
extensions = jinja2.ext.with_
extensions =
4 changes: 2 additions & 2 deletions docs/conf.py
Original file line number Diff line number Diff line change
Expand Up @@ -49,15 +49,15 @@

# General information about the project.
project = "Flask-Security"
copyright = "2012-2021"
copyright = "2012-2022"
author = "Matt Wright & Chris Wagner"

# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = "4.1.3"
version = "4.1.4"
# The full version, including alpha/beta/rc tags.
release = version

Expand Down
2 changes: 1 addition & 1 deletion flask_security/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -105,4 +105,4 @@
verify_and_update_password,
)

__version__ = "4.1.3"
__version__ = "4.1.4"
4 changes: 2 additions & 2 deletions tests/test_changeable.py
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ def authned(myapp, user, **extra_args):
# try to access protected endpoint - shouldn't work
response = client.get("/profile")
assert response.status_code == 302
assert response.headers["Location"] == "http://localhost/login?next=%2Fprofile"
assert "/login?next=%2Fprofile" in response.location


def test_change_updates_remember(app, client):
Expand Down Expand Up @@ -243,7 +243,7 @@ def test_change_invalidates_auth_token(app, client):
# authtoken should now be invalid
response = client.get("/token", headers=headers)
assert response.status_code == 302
assert response.headers["Location"] == "http://localhost/login?next=%2Ftoken"
assert "/login?next=%2Ftoken" in response.location


def test_auth_uniquifier(app):
Expand Down
8 changes: 4 additions & 4 deletions tests/test_common.py
Original file line number Diff line number Diff line change
Expand Up @@ -318,13 +318,13 @@ def test_unauthorized_access(client, get_message):
def test_unauthorized_access_with_referrer(client, get_message):
authenticate(client, "joe@lp.com")
response = client.get("/admin", headers={"referer": "/admin"})
assert response.headers["Location"] != "/admin"
client.get(response.headers["Location"])
assert response.location != "/admin"
client.get(response.location)

response = client.get(
"/admin?a=b", headers={"referer": "http://localhost/admin?x=y"}
)
assert response.headers["Location"] == "http://localhost/"
assert "/" in response.location
client.get(response.headers["Location"])

response = client.get(
Expand All @@ -336,7 +336,7 @@ def test_unauthorized_access_with_referrer(client, get_message):
# we expect a temp redirect (302) to the referer
response = client.get("/admin?w=s", headers={"referer": "/profile"})
assert response.status_code == 302
assert response.headers["Location"] == "http://localhost/profile"
assert "/profile" in response.location


@pytest.mark.settings(unauthorized_view="/unauthz")
Expand Down
4 changes: 2 additions & 2 deletions tests/test_configuration.py
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,11 @@ def test_view_configuration(client):

response = authenticate(client, endpoint="/custom_login")
assert "location" in response.headers
assert response.headers["Location"] == "http://localhost/post_login"
assert "/post_login" in response.location

response = logout(client, endpoint="/custom_logout")
assert "location" in response.headers
assert response.headers["Location"] == "http://localhost/post_logout"
assert "/post_logout" in response.location

response = client.get(
"/http",
Expand Down
2 changes: 1 addition & 1 deletion tests/test_confirmable.py
Original file line number Diff line number Diff line change
Expand Up @@ -522,7 +522,7 @@ class MyRegisterForm(ConfirmRegisterForm):
token = registrations[0]["confirm_token"]
response = client.get("/confirm/" + token, headers={"Accept": "application/json"})
assert response.status_code == 302
assert response.location == "http://localhost/"
assert "/" in response.location

logout(client)

Expand Down
23 changes: 8 additions & 15 deletions tests/test_misc.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
Lots of tests
:copyright: (c) 2012 by Matt Wright.
:copyright: (c) 2019-2021 by J. Christopher Wagner (jwag).
:copyright: (c) 2019-2022 by J. Christopher Wagner (jwag).
:license: MIT, see LICENSE for more details.
"""

Expand Down Expand Up @@ -814,8 +814,7 @@ def myspecialview():
response = client.get("/myspecialview", follow_redirects=False)
assert response.status_code == 302
assert (
response.location
== "http://localhost/verify?next=http%3A%2F%2Flocalhost%2Fmyspecialview"
"/verify?next=http%3A%2F%2Flocalhost%2Fmyspecialview" in response.location
)
assert flashes[0]["category"] == "error"
assert flashes[0]["message"].encode("utf-8") == get_message(
Expand Down Expand Up @@ -896,10 +895,7 @@ def myview():
time.sleep(0.1)
response = client.get("/myview", follow_redirects=False)
assert response.status_code == 302
assert (
response.location
== "http://localhost/myprefix/verify?next=http%3A%2F%2Flocalhost%2Fmyview"
)
assert "/myprefix/verify?next=http%3A%2F%2Flocalhost%2Fmyview" in response.location


def test_authn_freshness_grace(app, client, get_message):
Expand Down Expand Up @@ -941,10 +937,7 @@ def myview():
# This should fail - should be a redirect
response = client_nc.get("/myview", headers=h, follow_redirects=False)
assert response.status_code == 302
assert (
response.location
== "http://localhost/verify?next=http%3A%2F%2Flocalhost%2Fmyview"
)
assert "/verify?next=http%3A%2F%2Flocalhost%2Fmyview" in response.location


def test_verify_fresh(app, client, get_message):
Expand Down Expand Up @@ -1106,11 +1099,11 @@ def test_post_security_with_application_root(app, sqlalchemy_datastore):
"/login", data=dict(email="matt@lp.com", password="password")
)
assert response.status_code == 302
assert response.headers["Location"] == "http://localhost/root"
assert "/root" in response.location

response = client.get("/logout")
assert response.status_code == 302
assert response.headers["Location"] == "http://localhost/root"
assert "/root" in response.location


def test_post_security_with_application_root_and_views(app, sqlalchemy_datastore):
Expand All @@ -1129,11 +1122,11 @@ def test_post_security_with_application_root_and_views(app, sqlalchemy_datastore
"/login", data=dict(email="matt@lp.com", password="password")
)
assert response.status_code == 302
assert response.headers["Location"] == "http://localhost/post_login"
assert "/post_login" in response.location

response = client.get("/logout")
assert response.status_code == 302
assert response.headers["Location"] == "http://localhost/post_logout"
assert "/post_logout" in response.location


@pytest.mark.settings(redirect_validate_mode="regex")
Expand Down
2 changes: 1 addition & 1 deletion tests/test_recoverable.py
Original file line number Diff line number Diff line change
Expand Up @@ -289,7 +289,7 @@ def test_recover_invalidates_session(app, client):
# try to access protected endpoint with old session - shouldn't work
response = other_client.get("/profile")
assert response.status_code == 302
assert response.headers["Location"] == "http://localhost/login?next=%2Fprofile"
assert "/login?next=%2Fprofile" in response.location


def test_login_form_description(sqlalchemy_app):
Expand Down
7 changes: 2 additions & 5 deletions tests/test_response.py
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ def test_default_unauthn(app, client):

response = client.get("/profile")
assert response.status_code == 302
assert response.headers["Location"] == "http://localhost/login?next=%2Fprofile"
assert "/login?next=%2Fprofile" in response.location

response = client.get("/profile", headers={"Accept": "application/json"})
assert response.status_code == 401
Expand All @@ -68,10 +68,7 @@ def test_default_unauthn_bp(app, client):

response = client.get("/profile")
assert response.status_code == 302
assert (
response.headers["Location"]
== "http://localhost/myprefix/mylogin?next=%2Fprofile"
)
assert "/myprefix/mylogin?next=%2Fprofile" in response.location


def test_default_unauthn_myjson(app, client):
Expand Down
15 changes: 6 additions & 9 deletions tests/test_two_factor.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
two_factor tests
:copyright: (c) 2019-2021 by J. Christopher Wagner (jwag).
:copyright: (c) 2019-2022 by J. Christopher Wagner (jwag).
:license: MIT, see LICENSE for more details.
"""

Expand Down Expand Up @@ -319,8 +319,8 @@ def test_two_factor_flag(app, client):
"/tf-setup", data=dict(setup="not_a_method"), follow_redirects=True
)
assert b"Marked method is not valid" in response.data
session = get_session(response)
assert session["tf_state"] == "setup_from_login"
with client.session_transaction() as session:
assert session["tf_state"] == "setup_from_login"

# try non-existing setup on setup page (using json)
data = dict(setup="not_a_method")
Expand Down Expand Up @@ -851,7 +851,7 @@ def test_admin_setup_reset(app, client, get_message):
# we shouldn't be logged in
response = client.get("/profile", follow_redirects=False)
assert response.status_code == 302
assert response.location == "http://localhost/login?next=%2Fprofile"
assert "/login?next=%2Fprofile" in response.location

# Use admin to setup gene's SMS/phone.
with app.app_context():
Expand Down Expand Up @@ -1105,7 +1105,7 @@ def test_bad_sender(app, client, get_message):
data = {"email": "gal@lp.com", "password": "password"}
response = client.post("login", data=data, follow_redirects=False)
assert response.status_code == 302
assert response.location == "http://localhost/login"
assert "/login" in response.location
assert get_message("FAILED_TO_SEND_CODE") in flashes[0]["message"].encode("utf-8")

# test w/ JSON
Expand Down Expand Up @@ -1186,10 +1186,7 @@ def test_verify(app, client, get_message):
# Test setup when re-authenticate required
authenticate(client)
response = client.get("tf-setup", follow_redirects=False)
verify_url = response.location
assert (
verify_url == "http://localhost/verify?next=http%3A%2F%2Flocalhost%2Ftf-setup"
)
assert "/verify?next=http%3A%2F%2Flocalhost%2Ftf-setup" in response.location
logout(client)

# Now try again - follow redirects to get to verify form
Expand Down
14 changes: 6 additions & 8 deletions tests/test_unified_signin.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
Unified signin tests
:copyright: (c) 2019-2021 by J. Christopher Wagner (jwag).
:copyright: (c) 2019-2022 by J. Christopher Wagner (jwag).
:license: MIT, see LICENSE for more details.
"""
Expand Down Expand Up @@ -513,7 +513,7 @@ def authned(myapp, user, **extra_args):

# Try with no code
response = client.get("us-verify-link?email=matt@lp.com", follow_redirects=False)
assert response.location == "http://localhost/us-signin"
assert "/us-signin" in response.location
response = client.get("us-verify-link?email=matt@lp.com", follow_redirects=True)
assert get_message("API_ERROR") in response.data

Expand Down Expand Up @@ -837,10 +837,7 @@ def test_verify(app, client, get_message):
us_authenticate(client)
response = client.get("us-setup", follow_redirects=False)
verify_url = response.location
assert (
verify_url
== "http://localhost/us-verify?next=http%3A%2F%2Flocalhost%2Fus-setup"
)
assert "/us-verify?next=http%3A%2F%2Flocalhost%2Fus-setup" in verify_url
logout(client)
us_authenticate(client)

Expand Down Expand Up @@ -1099,7 +1096,7 @@ def test_next(app, client, get_message):
data=dict(identity="matt@lp.com", passcode=requests[0]["token"]),
follow_redirects=False,
)
assert response.location == "http://localhost/post_login"
assert "/post_login" in response.location

logout(client)
response = client.post(
Expand All @@ -1109,7 +1106,8 @@ def test_next(app, client, get_message):
),
follow_redirects=False,
)
assert response.location == "http://localhost/post_login"

assert "/post_login" in response.location


@pytest.mark.registerable()
Expand Down
2 changes: 1 addition & 1 deletion tox.ini
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ deps =
pytest

# Lowest supported versions
Flask==1.1.2
Flask==1.1.4
Flask-SQLAlchemy==2.4.4
Flask-Babel==2.0.0
Flask-Mail==0.9.1
Expand Down

0 comments on commit 0619e79

Please sign in to comment.