Fix test errors with newer Flask releases.

Closes: #594
Closes: #605

CHANGES.rst

@@ -3,6 +3,15 @@ Flask-Security Changelog
 
 Here you can see the full list of changes between each Flask-Security release.
 
+Version 4.1.4
+-------------
+
+Released April 19, 2022
+
+Fixes
++++++
+- (:issue:`594`) Fix test failures with newer Flask versions.
+
 Version 4.1.3
 -------------
 

babel.ini

@@ -7,7 +7,7 @@ encoding = utf-8
 
 [jinja2: **/templates/**.html]
 encoding = utf-8
-extensions = jinja2.ext.autoescape, jinja2.ext.with_
+extensions =
 
 [jinja2: **/templates/**.txt]
-extensions = jinja2.ext.with_
+extensions =

docs/conf.py

@@ -49,15 +49,15 @@
 
 # General information about the project.
 project = "Flask-Security"
-copyright = "2012-2021"
+copyright = "2012-2022"
 author = "Matt Wright & Chris Wagner"
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = "4.1.3"
+version = "4.1.4"
 # The full version, including alpha/beta/rc tags.
 release = version
 

flask_security/__init__.py

@@ -105,4 +105,4 @@
     verify_and_update_password,
 )
 
-__version__ = "4.1.3"
+__version__ = "4.1.4"

tests/test_changeable.py

@@ -193,7 +193,7 @@ def authned(myapp, user, **extra_args):
     # try to access protected endpoint - shouldn't work
     response = client.get("/profile")
     assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/login?next=%2Fprofile"
+    assert "/login?next=%2Fprofile" in response.location
 
 
 def test_change_updates_remember(app, client):
@@ -243,7 +243,7 @@ def test_change_invalidates_auth_token(app, client):
     # authtoken should now be invalid
     response = client.get("/token", headers=headers)
     assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/login?next=%2Ftoken"
+    assert "/login?next=%2Ftoken" in response.location
 
 
 def test_auth_uniquifier(app):

tests/test_common.py

@@ -318,13 +318,13 @@ def test_unauthorized_access(client, get_message):
 def test_unauthorized_access_with_referrer(client, get_message):
     authenticate(client, "joe@lp.com")
     response = client.get("/admin", headers={"referer": "/admin"})
-    assert response.headers["Location"] != "/admin"
-    client.get(response.headers["Location"])
+    assert response.location != "/admin"
+    client.get(response.location)
 
     response = client.get(
         "/admin?a=b", headers={"referer": "http://localhost/admin?x=y"}
     )
-    assert response.headers["Location"] == "http://localhost/"
+    assert "/" in response.location
     client.get(response.headers["Location"])
 
     response = client.get(
@@ -336,7 +336,7 @@ def test_unauthorized_access_with_referrer(client, get_message):
     # we expect a temp redirect (302) to the referer
     response = client.get("/admin?w=s", headers={"referer": "/profile"})
     assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/profile"
+    assert "/profile" in response.location
 
 
 @pytest.mark.settings(unauthorized_view="/unauthz")

tests/test_configuration.py

@@ -24,11 +24,11 @@ def test_view_configuration(client):
 
     response = authenticate(client, endpoint="/custom_login")
     assert "location" in response.headers
-    assert response.headers["Location"] == "http://localhost/post_login"
+    assert "/post_login" in response.location
 
     response = logout(client, endpoint="/custom_logout")
     assert "location" in response.headers
-    assert response.headers["Location"] == "http://localhost/post_logout"
+    assert "/post_logout" in response.location
 
     response = client.get(
         "/http",

tests/test_confirmable.py

@@ -522,7 +522,7 @@ class MyRegisterForm(ConfirmRegisterForm):
     token = registrations[0]["confirm_token"]
     response = client.get("/confirm/" + token, headers={"Accept": "application/json"})
     assert response.status_code == 302
-    assert response.location == "http://localhost/"
+    assert "/" in response.location
 
     logout(client)
 

tests/test_misc.py

@@ -5,7 +5,7 @@
     Lots of tests
 
     :copyright: (c) 2012 by Matt Wright.
-    :copyright: (c) 2019-2021 by J. Christopher Wagner (jwag).
+    :copyright: (c) 2019-2022 by J. Christopher Wagner (jwag).
     :license: MIT, see LICENSE for more details.
 """
 
@@ -814,8 +814,7 @@ def myspecialview():
         response = client.get("/myspecialview", follow_redirects=False)
         assert response.status_code == 302
         assert (
-            response.location
-            == "http://localhost/verify?next=http%3A%2F%2Flocalhost%2Fmyspecialview"
+            "/verify?next=http%3A%2F%2Flocalhost%2Fmyspecialview" in response.location
         )
     assert flashes[0]["category"] == "error"
     assert flashes[0]["message"].encode("utf-8") == get_message(
@@ -896,10 +895,7 @@ def myview():
     time.sleep(0.1)
     response = client.get("/myview", follow_redirects=False)
     assert response.status_code == 302
-    assert (
-        response.location
-        == "http://localhost/myprefix/verify?next=http%3A%2F%2Flocalhost%2Fmyview"
-    )
+    assert "/myprefix/verify?next=http%3A%2F%2Flocalhost%2Fmyview" in response.location
 
 
 def test_authn_freshness_grace(app, client, get_message):
@@ -941,10 +937,7 @@ def myview():
     # This should fail - should be a redirect
     response = client_nc.get("/myview", headers=h, follow_redirects=False)
     assert response.status_code == 302
-    assert (
-        response.location
-        == "http://localhost/verify?next=http%3A%2F%2Flocalhost%2Fmyview"
-    )
+    assert "/verify?next=http%3A%2F%2Flocalhost%2Fmyview" in response.location
 
 
 def test_verify_fresh(app, client, get_message):
@@ -1106,11 +1099,11 @@ def test_post_security_with_application_root(app, sqlalchemy_datastore):
         "/login", data=dict(email="matt@lp.com", password="password")
     )
     assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/root"
+    assert "/root" in response.location
 
     response = client.get("/logout")
     assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/root"
+    assert "/root" in response.location
 
 
 def test_post_security_with_application_root_and_views(app, sqlalchemy_datastore):
@@ -1129,11 +1122,11 @@ def test_post_security_with_application_root_and_views(app, sqlalchemy_datastore
         "/login", data=dict(email="matt@lp.com", password="password")
     )
     assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/post_login"
+    assert "/post_login" in response.location
 
     response = client.get("/logout")
     assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/post_logout"
+    assert "/post_logout" in response.location
 
 
 @pytest.mark.settings(redirect_validate_mode="regex")

tests/test_recoverable.py

@@ -289,7 +289,7 @@ def test_recover_invalidates_session(app, client):
     # try to access protected endpoint with old session - shouldn't work
     response = other_client.get("/profile")
     assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/login?next=%2Fprofile"
+    assert "/login?next=%2Fprofile" in response.location
 
 
 def test_login_form_description(sqlalchemy_app):

tests/test_response.py

@@ -52,7 +52,7 @@ def test_default_unauthn(app, client):
 
     response = client.get("/profile")
     assert response.status_code == 302
-    assert response.headers["Location"] == "http://localhost/login?next=%2Fprofile"
+    assert "/login?next=%2Fprofile" in response.location
 
     response = client.get("/profile", headers={"Accept": "application/json"})
     assert response.status_code == 401
@@ -68,10 +68,7 @@ def test_default_unauthn_bp(app, client):
 
     response = client.get("/profile")
     assert response.status_code == 302
-    assert (
-        response.headers["Location"]
-        == "http://localhost/myprefix/mylogin?next=%2Fprofile"
-    )
+    assert "/myprefix/mylogin?next=%2Fprofile" in response.location
 
 
 def test_default_unauthn_myjson(app, client):

tests/test_two_factor.py

@@ -4,7 +4,7 @@
 
     two_factor tests
 
-    :copyright: (c) 2019-2021 by J. Christopher Wagner (jwag).
+    :copyright: (c) 2019-2022 by J. Christopher Wagner (jwag).
     :license: MIT, see LICENSE for more details.
 """
 
@@ -319,8 +319,8 @@ def test_two_factor_flag(app, client):
         "/tf-setup", data=dict(setup="not_a_method"), follow_redirects=True
     )
     assert b"Marked method is not valid" in response.data
-    session = get_session(response)
-    assert session["tf_state"] == "setup_from_login"
+    with client.session_transaction() as session:
+        assert session["tf_state"] == "setup_from_login"
 
     # try non-existing setup on setup page (using json)
     data = dict(setup="not_a_method")
@@ -851,7 +851,7 @@ def test_admin_setup_reset(app, client, get_message):
     # we shouldn't be logged in
     response = client.get("/profile", follow_redirects=False)
     assert response.status_code == 302
-    assert response.location == "http://localhost/login?next=%2Fprofile"
+    assert "/login?next=%2Fprofile" in response.location
 
     # Use admin to setup gene's SMS/phone.
     with app.app_context():
@@ -1105,7 +1105,7 @@ def test_bad_sender(app, client, get_message):
         data = {"email": "gal@lp.com", "password": "password"}
         response = client.post("login", data=data, follow_redirects=False)
         assert response.status_code == 302
-        assert response.location == "http://localhost/login"
+        assert "/login" in response.location
     assert get_message("FAILED_TO_SEND_CODE") in flashes[0]["message"].encode("utf-8")
 
     # test w/ JSON
@@ -1186,10 +1186,7 @@ def test_verify(app, client, get_message):
     # Test setup when re-authenticate required
     authenticate(client)
     response = client.get("tf-setup", follow_redirects=False)
-    verify_url = response.location
-    assert (
-        verify_url == "http://localhost/verify?next=http%3A%2F%2Flocalhost%2Ftf-setup"
-    )
+    assert "/verify?next=http%3A%2F%2Flocalhost%2Ftf-setup" in response.location
     logout(client)
 
     # Now try again - follow redirects to get to verify form

tests/test_unified_signin.py

@@ -4,7 +4,7 @@
 
     Unified signin tests
 
-    :copyright: (c) 2019-2021 by J. Christopher Wagner (jwag).
+    :copyright: (c) 2019-2022 by J. Christopher Wagner (jwag).
     :license: MIT, see LICENSE for more details.
 
 """
@@ -513,7 +513,7 @@ def authned(myapp, user, **extra_args):
 
     # Try with no code
     response = client.get("us-verify-link?email=matt@lp.com", follow_redirects=False)
-    assert response.location == "http://localhost/us-signin"
+    assert "/us-signin" in response.location
     response = client.get("us-verify-link?email=matt@lp.com", follow_redirects=True)
     assert get_message("API_ERROR") in response.data
 
@@ -837,10 +837,7 @@ def test_verify(app, client, get_message):
     us_authenticate(client)
     response = client.get("us-setup", follow_redirects=False)
     verify_url = response.location
-    assert (
-        verify_url
-        == "http://localhost/us-verify?next=http%3A%2F%2Flocalhost%2Fus-setup"
-    )
+    assert "/us-verify?next=http%3A%2F%2Flocalhost%2Fus-setup" in verify_url
     logout(client)
     us_authenticate(client)
 
@@ -1099,7 +1096,7 @@ def test_next(app, client, get_message):
         data=dict(identity="matt@lp.com", passcode=requests[0]["token"]),
         follow_redirects=False,
     )
-    assert response.location == "http://localhost/post_login"
+    assert "/post_login" in response.location
 
     logout(client)
     response = client.post(
@@ -1109,7 +1106,8 @@ def test_next(app, client, get_message):
         ),
         follow_redirects=False,
     )
-    assert response.location == "http://localhost/post_login"
+
+    assert "/post_login" in response.location
 
 
 @pytest.mark.registerable()

tox.ini

@@ -21,7 +21,7 @@ deps =
     pytest
 
     # Lowest supported versions
-    Flask==1.1.2
+    Flask==1.1.4
     Flask-SQLAlchemy==2.4.4
     Flask-Babel==2.0.0
     Flask-Mail==0.9.1