diff --git a/api/tests/test_third_party_auth.py b/api/tests/test_third_party_auth.py index 1fca8ccb..3cd4f6eb 100644 --- a/api/tests/test_third_party_auth.py +++ b/api/tests/test_third_party_auth.py @@ -47,14 +47,15 @@ class TestThirdPartyAuth(TestCase): self.callback_data["signature"] = hmac_hexdigest( self.api_client.hmac_key, self.callback_data["user"] ) + self.url = reverse("api-link:third-party-auth", query=self.query) def test_auth_ok(self): self.client.force_login(self.user) - res = self.client.get(reverse("api-link:third-party-auth", query=self.query)) + res = self.client.get(self.url) assert res.status_code == 200 with mock.patch("requests.post", new_callable=mocked_post(ok=True)) as mocked: res = self.client.post( - reverse("api-link:third-party-auth"), + self.url, data={"cgu_accepted": True, "is_username_valid": True, **self.query}, ) mocked.assert_called_once_with( @@ -70,7 +71,7 @@ class TestThirdPartyAuth(TestCase): self.client.force_login(self.user) with mock.patch("requests.post", new_callable=mocked_post(ok=False)) as mocked: res = self.client.post( - reverse("api-link:third-party-auth"), + self.url, data={"cgu_accepted": True, "is_username_valid": True, **self.query}, ) mocked.assert_called_once_with( @@ -98,14 +99,17 @@ class TestThirdPartyAuth(TestCase): ) ] + res = self.client.post(self.url, data=self.query) + assert res.status_code == 200 + def test_cgu_not_accepted(self): self.client.force_login(self.user) - res = self.client.get(reverse("api-link:third-party-auth", query=self.query)) + res = self.client.get(self.url) assert res.status_code == 200 - res = self.client.post(reverse("api-link:third-party-auth"), data=self.query) + res = self.client.post(self.url, data=self.query) assert res.status_code == 200 # no redirect means invalid form res = self.client.post( - reverse("api-link:third-party-auth"), + self.url, data={"cgu_accepted": False, "is_username_valid": False, **self.query}, ) assert res.status_code == 200 @@ -132,3 +136,5 @@ class TestThirdPartyAuth(TestCase): message="Les données fournies pour l'authentification sont incorrectes.", ) ] + res = self.client.post(self.url, data=self.query) + assert res.status_code == 200 diff --git a/api/views.py b/api/views.py index 9f519eaa..a587ad8e 100644 --- a/api/views.py +++ b/api/views.py @@ -39,8 +39,8 @@ class ThirdPartyAuthView(AccessMixin, FormView): # the given parameters and their signature are checked during both # POST (for obvious reasons) and GET (in order not to make # the user fill a form just to get an error he won't understand) - params = self.request.GET or self.request.POST - params = {key: unquote(val) for key, val in params.items()} + params = self.request.GET if self.request.method == "GET" else self.request.POST + params = {key: unquote(val) for key, val in params.dict().items()} try: params = ThirdPartyAuthParamsSchema(**params) except pydantic.ValidationError: @@ -48,7 +48,7 @@ class ThirdPartyAuthView(AccessMixin, FormView): self.request, _("The data provided for authentication is incorrect") ) return None - client: ApiClient = get_object_or_none(ApiClient, id=params.client_id) + client: ApiClient | None = get_object_or_none(ApiClient, id=params.client_id) if not client: messages.error( self.request, _("The data provided for authentication is incorrect") @@ -71,11 +71,11 @@ class ThirdPartyAuthView(AccessMixin, FormView): def dispatch(self, request, *args, **kwargs): if not request.user.is_authenticated: return self.handle_no_permission() - self.params = self.parse_params() - if not self.params: + if (params := self.parse_params()) is None: # if parameters parsing failed, shortcut the operation and display # an empty page with just the error messages. return render(request, "core/base.jinja") + self.params = params return super().dispatch(request, *args, **kwargs) def get(self, *args, **kwargs):