From 8be2283aefa3e1657b6f832844b8c6fb966642db Mon Sep 17 00:00:00 2001 From: adeelehsan Date: Thu, 22 Oct 2020 00:35:12 +0500 Subject: [PATCH] Added next and cours_id params in register endpoint VAN-6 --- .../djangoapps/user_authn/views/register.py | 9 +- .../user_authn/views/tests/test_register.py | 99 +++++++++++++++++++ 2 files changed, 105 insertions(+), 3 deletions(-) diff --git a/openedx/core/djangoapps/user_authn/views/register.py b/openedx/core/djangoapps/user_authn/views/register.py index b4cc541c03..bd86573087 100644 --- a/openedx/core/djangoapps/user_authn/views/register.py +++ b/openedx/core/djangoapps/user_authn/views/register.py @@ -34,6 +34,7 @@ from social_django import utils as social_utils import third_party_auth # Note that this lives in LMS, so this dependency should be refactored. # TODO Have the discussions code subscribe to the REGISTER_USER signal instead. +from common.djangoapps.student.helpers import get_next_url_for_login_page from lms.djangoapps.discussion.notification_prefs.views import enable_notifications from openedx.core.djangoapps.lang_pref import LANGUAGE_KEY from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers @@ -491,7 +492,8 @@ class RegistrationView(APIView): if response: return response - response = self._create_response(request, {}, status_code=200) + redirect_url = get_next_url_for_login_page(request, include_host=True) + response = self._create_response(request, {}, status_code=200, redirect_url=redirect_url) set_logged_in_cookies(request, response, user) return response @@ -545,13 +547,14 @@ class RegistrationView(APIView): return response, user - def _create_response(self, request, response_dict, status_code): + def _create_response(self, request, response_dict, status_code, redirect_url=None): if status_code == 200: # keeping this `success` field in for now, as we have outstanding clients expecting this response_dict['success'] = True else: self._log_validation_errors(request, response_dict, status_code) - + if redirect_url: + response_dict['redirect_url'] = redirect_url return JsonResponse(response_dict, status=status_code) def _log_validation_errors(self, request, errors, status_code): diff --git a/openedx/core/djangoapps/user_authn/views/tests/test_register.py b/openedx/core/djangoapps/user_authn/views/tests/test_register.py index aaf8da2133..593a83a15f 100644 --- a/openedx/core/djangoapps/user_authn/views/tests/test_register.py +++ b/openedx/core/djangoapps/user_authn/views/tests/test_register.py @@ -1720,7 +1720,13 @@ class RegistrationViewTestV1(ThirdPartyAuthTestMixin, UserAPITestCase): }) +@ddt.ddt class RegistrationViewTestV2(RegistrationViewTestV1): + """ + Test for registration api V2 + + """ + # pylint: disable=test-inherits-tests def setUp(self): # pylint: disable=arguments-differ super(RegistrationViewTestV1, self).setUp() @@ -1901,6 +1907,99 @@ class RegistrationViewTestV2(RegistrationViewTestV1): } ) + def _assert_redirect_url(self, response, expected_redirect_url): + """ + Assert that the redirect URL is in the response and has the expected value. + + Assumes that response content is well-formed JSON + (you can call `_assert_response` first to assert this). + """ + response_dict = json.loads(response.content.decode('utf-8')) + assert 'redirect_url' in response_dict, ( + "Response JSON unexpectedly does not have redirect_url: {!r}".format( + response_dict + ) + ) + assert response_dict['redirect_url'] == expected_redirect_url + + @ddt.data( + # Default redirect is dashboard. + { + 'next_url': None, + 'course_id': None, + 'expected_redirect': settings.LMS_ROOT_URL + '/dashboard', + }, + # Added root url in next . + { + 'next_url': '/harmless-relative-page', + 'course_id': None, + 'expected_redirect': settings.LMS_ROOT_URL + '/harmless-relative-page', + }, + # An absolute URL to a non-whitelisted domain is not an acceptable redirect. + { + 'next_url': 'https://evil.sketchysite', + 'course_id': None, + 'expected_redirect': settings.LMS_ROOT_URL + '/dashboard', + }, + # An absolute URL to a whitelisted domain is acceptable. + { + 'next_url': 'https://openedx.service/coolpage', + 'course_id': None, + 'expected_redirect': 'https://openedx.service/coolpage', + }, + # If course_id is provided, redirect to finish_auth with dashboard as next. + { + 'next_url': None, + 'course_id': 'coursekey', + 'expected_redirect': ( + '{root_url}/account/finish_auth?course_id=coursekey&next=%2Fdashboard'. + format(root_url=settings.LMS_ROOT_URL) + ), + }, + # If valid course_id AND next_url are provided, redirect to finish_auth with + # provided next URL. + { + 'next_url': 'freshpage', + 'course_id': 'coursekey', + 'expected_redirect': ( + settings.LMS_ROOT_URL + '/account/finish_auth?course_id=coursekey&next=freshpage' + ) + }, + # If course_id is provided with invalid next_url, redirect to finish_auth with + # course_id and dashboard as next URL. + { + 'next_url': 'http://scam.scam', + 'course_id': 'coursekey', + 'expected_redirect': ( + '{root_url}/account/finish_auth?course_id=coursekey&next=%2Fdashboard'. + format(root_url=settings.LMS_ROOT_URL) + ), + }, + ) + @ddt.unpack + @override_settings(LOGIN_REDIRECT_WHITELIST=['openedx.service']) + @skip_unless_lms + def test_register_success_with_redirect(self, next_url, course_id, expected_redirect): + post_params = { + "email": self.EMAIL, + "name": self.NAME, + "username": self.USERNAME, + "password": self.PASSWORD, + "honor_code": "true", + } + + if next_url: + post_params['next'] = next_url + if course_id: + post_params['course_id'] = course_id + + response = self.client.post( + self.url, + post_params, + HTTP_ACCEPT='*/*', + ) + self._assert_redirect_url(response, expected_redirect) + @httpretty.activate @ddt.ddt