From 0619e79f47d89add6ad41a7b1af4652976f0710d Mon Sep 17 00:00:00 2001 From: jwag956 Date: Mon, 18 Apr 2022 21:36:05 -0700 Subject: [PATCH] Fix test errors with newer Flask releases. Closes: #594 Closes: #605 --- CHANGES.rst | 9 +++++++++ babel.ini | 4 ++-- docs/conf.py | 4 ++-- flask_security/__init__.py | 2 +- tests/test_changeable.py | 4 ++-- tests/test_common.py | 8 ++++---- tests/test_configuration.py | 4 ++-- tests/test_confirmable.py | 2 +- tests/test_misc.py | 23 ++++++++--------------- tests/test_recoverable.py | 2 +- tests/test_response.py | 7 ++----- tests/test_two_factor.py | 15 ++++++--------- tests/test_unified_signin.py | 14 ++++++-------- tox.ini | 2 +- 14 files changed, 47 insertions(+), 53 deletions(-) diff --git a/CHANGES.rst b/CHANGES.rst index 188a1f37..ccef9c18 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -3,6 +3,15 @@ Flask-Security Changelog Here you can see the full list of changes between each Flask-Security release. +Version 4.1.4 +------------- + +Released April 19, 2022 + +Fixes ++++++ +- (:issue:`594`) Fix test failures with newer Flask versions. + Version 4.1.3 ------------- diff --git a/babel.ini b/babel.ini index 9c46e099..6816cd3b 100644 --- a/babel.ini +++ b/babel.ini @@ -7,7 +7,7 @@ encoding = utf-8 [jinja2: **/templates/**.html] encoding = utf-8 -extensions = jinja2.ext.autoescape, jinja2.ext.with_ +extensions = [jinja2: **/templates/**.txt] -extensions = jinja2.ext.with_ +extensions = diff --git a/docs/conf.py b/docs/conf.py index e9fa374e..13e41869 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -49,7 +49,7 @@ # General information about the project. project = "Flask-Security" -copyright = "2012-2021" +copyright = "2012-2022" author = "Matt Wright & Chris Wagner" # The version info for the project you're documenting, acts as replacement for @@ -57,7 +57,7 @@ # built documents. # # The short X.Y version. -version = "4.1.3" +version = "4.1.4" # The full version, including alpha/beta/rc tags. release = version diff --git a/flask_security/__init__.py b/flask_security/__init__.py index b0ef3f23..29fffbea 100644 --- a/flask_security/__init__.py +++ b/flask_security/__init__.py @@ -105,4 +105,4 @@ verify_and_update_password, ) -__version__ = "4.1.3" +__version__ = "4.1.4" diff --git a/tests/test_changeable.py b/tests/test_changeable.py index a78e270a..02a49001 100644 --- a/tests/test_changeable.py +++ b/tests/test_changeable.py @@ -193,7 +193,7 @@ def authned(myapp, user, **extra_args): # try to access protected endpoint - shouldn't work response = client.get("/profile") assert response.status_code == 302 - assert response.headers["Location"] == "http://localhost/login?next=%2Fprofile" + assert "/login?next=%2Fprofile" in response.location def test_change_updates_remember(app, client): @@ -243,7 +243,7 @@ def test_change_invalidates_auth_token(app, client): # authtoken should now be invalid response = client.get("/token", headers=headers) assert response.status_code == 302 - assert response.headers["Location"] == "http://localhost/login?next=%2Ftoken" + assert "/login?next=%2Ftoken" in response.location def test_auth_uniquifier(app): diff --git a/tests/test_common.py b/tests/test_common.py index 245039be..acb6414b 100644 --- a/tests/test_common.py +++ b/tests/test_common.py @@ -318,13 +318,13 @@ def test_unauthorized_access(client, get_message): def test_unauthorized_access_with_referrer(client, get_message): authenticate(client, "joe@lp.com") response = client.get("/admin", headers={"referer": "/admin"}) - assert response.headers["Location"] != "/admin" - client.get(response.headers["Location"]) + assert response.location != "/admin" + client.get(response.location) response = client.get( "/admin?a=b", headers={"referer": "http://localhost/admin?x=y"} ) - assert response.headers["Location"] == "http://localhost/" + assert "/" in response.location client.get(response.headers["Location"]) response = client.get( @@ -336,7 +336,7 @@ def test_unauthorized_access_with_referrer(client, get_message): # we expect a temp redirect (302) to the referer response = client.get("/admin?w=s", headers={"referer": "/profile"}) assert response.status_code == 302 - assert response.headers["Location"] == "http://localhost/profile" + assert "/profile" in response.location @pytest.mark.settings(unauthorized_view="/unauthz") diff --git a/tests/test_configuration.py b/tests/test_configuration.py index e70be4ca..05be737e 100644 --- a/tests/test_configuration.py +++ b/tests/test_configuration.py @@ -24,11 +24,11 @@ def test_view_configuration(client): response = authenticate(client, endpoint="/custom_login") assert "location" in response.headers - assert response.headers["Location"] == "http://localhost/post_login" + assert "/post_login" in response.location response = logout(client, endpoint="/custom_logout") assert "location" in response.headers - assert response.headers["Location"] == "http://localhost/post_logout" + assert "/post_logout" in response.location response = client.get( "/http", diff --git a/tests/test_confirmable.py b/tests/test_confirmable.py index fcc9968c..6f239818 100644 --- a/tests/test_confirmable.py +++ b/tests/test_confirmable.py @@ -522,7 +522,7 @@ class MyRegisterForm(ConfirmRegisterForm): token = registrations[0]["confirm_token"] response = client.get("/confirm/" + token, headers={"Accept": "application/json"}) assert response.status_code == 302 - assert response.location == "http://localhost/" + assert "/" in response.location logout(client) diff --git a/tests/test_misc.py b/tests/test_misc.py index 8d14ab2f..49bbed01 100644 --- a/tests/test_misc.py +++ b/tests/test_misc.py @@ -5,7 +5,7 @@ Lots of tests :copyright: (c) 2012 by Matt Wright. - :copyright: (c) 2019-2021 by J. Christopher Wagner (jwag). + :copyright: (c) 2019-2022 by J. Christopher Wagner (jwag). :license: MIT, see LICENSE for more details. """ @@ -814,8 +814,7 @@ def myspecialview(): response = client.get("/myspecialview", follow_redirects=False) assert response.status_code == 302 assert ( - response.location - == "http://localhost/verify?next=http%3A%2F%2Flocalhost%2Fmyspecialview" + "/verify?next=http%3A%2F%2Flocalhost%2Fmyspecialview" in response.location ) assert flashes[0]["category"] == "error" assert flashes[0]["message"].encode("utf-8") == get_message( @@ -896,10 +895,7 @@ def myview(): time.sleep(0.1) response = client.get("/myview", follow_redirects=False) assert response.status_code == 302 - assert ( - response.location - == "http://localhost/myprefix/verify?next=http%3A%2F%2Flocalhost%2Fmyview" - ) + assert "/myprefix/verify?next=http%3A%2F%2Flocalhost%2Fmyview" in response.location def test_authn_freshness_grace(app, client, get_message): @@ -941,10 +937,7 @@ def myview(): # This should fail - should be a redirect response = client_nc.get("/myview", headers=h, follow_redirects=False) assert response.status_code == 302 - assert ( - response.location - == "http://localhost/verify?next=http%3A%2F%2Flocalhost%2Fmyview" - ) + assert "/verify?next=http%3A%2F%2Flocalhost%2Fmyview" in response.location def test_verify_fresh(app, client, get_message): @@ -1106,11 +1099,11 @@ def test_post_security_with_application_root(app, sqlalchemy_datastore): "/login", data=dict(email="matt@lp.com", password="password") ) assert response.status_code == 302 - assert response.headers["Location"] == "http://localhost/root" + assert "/root" in response.location response = client.get("/logout") assert response.status_code == 302 - assert response.headers["Location"] == "http://localhost/root" + assert "/root" in response.location def test_post_security_with_application_root_and_views(app, sqlalchemy_datastore): @@ -1129,11 +1122,11 @@ def test_post_security_with_application_root_and_views(app, sqlalchemy_datastore "/login", data=dict(email="matt@lp.com", password="password") ) assert response.status_code == 302 - assert response.headers["Location"] == "http://localhost/post_login" + assert "/post_login" in response.location response = client.get("/logout") assert response.status_code == 302 - assert response.headers["Location"] == "http://localhost/post_logout" + assert "/post_logout" in response.location @pytest.mark.settings(redirect_validate_mode="regex") diff --git a/tests/test_recoverable.py b/tests/test_recoverable.py index 806033af..e6fe23b7 100644 --- a/tests/test_recoverable.py +++ b/tests/test_recoverable.py @@ -289,7 +289,7 @@ def test_recover_invalidates_session(app, client): # try to access protected endpoint with old session - shouldn't work response = other_client.get("/profile") assert response.status_code == 302 - assert response.headers["Location"] == "http://localhost/login?next=%2Fprofile" + assert "/login?next=%2Fprofile" in response.location def test_login_form_description(sqlalchemy_app): diff --git a/tests/test_response.py b/tests/test_response.py index d41131db..13055785 100644 --- a/tests/test_response.py +++ b/tests/test_response.py @@ -52,7 +52,7 @@ def test_default_unauthn(app, client): response = client.get("/profile") assert response.status_code == 302 - assert response.headers["Location"] == "http://localhost/login?next=%2Fprofile" + assert "/login?next=%2Fprofile" in response.location response = client.get("/profile", headers={"Accept": "application/json"}) assert response.status_code == 401 @@ -68,10 +68,7 @@ def test_default_unauthn_bp(app, client): response = client.get("/profile") assert response.status_code == 302 - assert ( - response.headers["Location"] - == "http://localhost/myprefix/mylogin?next=%2Fprofile" - ) + assert "/myprefix/mylogin?next=%2Fprofile" in response.location def test_default_unauthn_myjson(app, client): diff --git a/tests/test_two_factor.py b/tests/test_two_factor.py index f39b7873..dd55462c 100644 --- a/tests/test_two_factor.py +++ b/tests/test_two_factor.py @@ -4,7 +4,7 @@ two_factor tests - :copyright: (c) 2019-2021 by J. Christopher Wagner (jwag). + :copyright: (c) 2019-2022 by J. Christopher Wagner (jwag). :license: MIT, see LICENSE for more details. """ @@ -319,8 +319,8 @@ def test_two_factor_flag(app, client): "/tf-setup", data=dict(setup="not_a_method"), follow_redirects=True ) assert b"Marked method is not valid" in response.data - session = get_session(response) - assert session["tf_state"] == "setup_from_login" + with client.session_transaction() as session: + assert session["tf_state"] == "setup_from_login" # try non-existing setup on setup page (using json) data = dict(setup="not_a_method") @@ -851,7 +851,7 @@ def test_admin_setup_reset(app, client, get_message): # we shouldn't be logged in response = client.get("/profile", follow_redirects=False) assert response.status_code == 302 - assert response.location == "http://localhost/login?next=%2Fprofile" + assert "/login?next=%2Fprofile" in response.location # Use admin to setup gene's SMS/phone. with app.app_context(): @@ -1105,7 +1105,7 @@ def test_bad_sender(app, client, get_message): data = {"email": "gal@lp.com", "password": "password"} response = client.post("login", data=data, follow_redirects=False) assert response.status_code == 302 - assert response.location == "http://localhost/login" + assert "/login" in response.location assert get_message("FAILED_TO_SEND_CODE") in flashes[0]["message"].encode("utf-8") # test w/ JSON @@ -1186,10 +1186,7 @@ def test_verify(app, client, get_message): # Test setup when re-authenticate required authenticate(client) response = client.get("tf-setup", follow_redirects=False) - verify_url = response.location - assert ( - verify_url == "http://localhost/verify?next=http%3A%2F%2Flocalhost%2Ftf-setup" - ) + assert "/verify?next=http%3A%2F%2Flocalhost%2Ftf-setup" in response.location logout(client) # Now try again - follow redirects to get to verify form diff --git a/tests/test_unified_signin.py b/tests/test_unified_signin.py index 4ebe7da4..bb7ab555 100644 --- a/tests/test_unified_signin.py +++ b/tests/test_unified_signin.py @@ -4,7 +4,7 @@ Unified signin tests - :copyright: (c) 2019-2021 by J. Christopher Wagner (jwag). + :copyright: (c) 2019-2022 by J. Christopher Wagner (jwag). :license: MIT, see LICENSE for more details. """ @@ -513,7 +513,7 @@ def authned(myapp, user, **extra_args): # Try with no code response = client.get("us-verify-link?email=matt@lp.com", follow_redirects=False) - assert response.location == "http://localhost/us-signin" + assert "/us-signin" in response.location response = client.get("us-verify-link?email=matt@lp.com", follow_redirects=True) assert get_message("API_ERROR") in response.data @@ -837,10 +837,7 @@ def test_verify(app, client, get_message): us_authenticate(client) response = client.get("us-setup", follow_redirects=False) verify_url = response.location - assert ( - verify_url - == "http://localhost/us-verify?next=http%3A%2F%2Flocalhost%2Fus-setup" - ) + assert "/us-verify?next=http%3A%2F%2Flocalhost%2Fus-setup" in verify_url logout(client) us_authenticate(client) @@ -1099,7 +1096,7 @@ def test_next(app, client, get_message): data=dict(identity="matt@lp.com", passcode=requests[0]["token"]), follow_redirects=False, ) - assert response.location == "http://localhost/post_login" + assert "/post_login" in response.location logout(client) response = client.post( @@ -1109,7 +1106,8 @@ def test_next(app, client, get_message): ), follow_redirects=False, ) - assert response.location == "http://localhost/post_login" + + assert "/post_login" in response.location @pytest.mark.registerable() diff --git a/tox.ini b/tox.ini index f789dabb..5f7b4518 100644 --- a/tox.ini +++ b/tox.ini @@ -21,7 +21,7 @@ deps = pytest # Lowest supported versions - Flask==1.1.2 + Flask==1.1.4 Flask-SQLAlchemy==2.4.4 Flask-Babel==2.0.0 Flask-Mail==0.9.1