mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
fix: address remaining invitation auth review feedback
- Exercise invitation and SAML POST tests with JSON:API format - Avoid nested anchors in disabled social auth buttons
This commit is contained in:
@@ -8342,16 +8342,14 @@ class TestInvitationViewSet:
|
||||
expires_at=self.TOMORROW,
|
||||
)
|
||||
|
||||
data = {
|
||||
"invitation_token": invitation.token,
|
||||
}
|
||||
data = {"invitation_token": invitation.token}
|
||||
|
||||
assert not Membership.objects.filter(
|
||||
user__email__iexact=user.email, tenant=tenant
|
||||
).exists()
|
||||
|
||||
response = authenticated_client.post(
|
||||
reverse("invitation-accept"), data=data, format="json"
|
||||
reverse("invitation-accept"), data=data, format="vnd.api+json"
|
||||
)
|
||||
assert response.status_code == status.HTTP_201_CREATED
|
||||
invitation.refresh_from_db()
|
||||
@@ -8377,17 +8375,12 @@ class TestInvitationViewSet:
|
||||
)
|
||||
Membership.objects.create(user=user, tenant=tenant)
|
||||
|
||||
data = {
|
||||
"data": {
|
||||
"type": "invitations",
|
||||
"attributes": {"invitation_token": invitation.token},
|
||||
},
|
||||
}
|
||||
data = {"invitation_token": invitation.token}
|
||||
|
||||
response = authenticated_client.post(
|
||||
reverse("invitation-accept"),
|
||||
data=data,
|
||||
content_type=API_JSON_CONTENT_TYPE,
|
||||
format="vnd.api+json",
|
||||
)
|
||||
|
||||
assert response.status_code == status.HTTP_201_CREATED
|
||||
@@ -8401,12 +8394,10 @@ class TestInvitationViewSet:
|
||||
)
|
||||
|
||||
def test_invitations_accept_invitation_invalid_token(self, authenticated_client):
|
||||
data = {
|
||||
"invitation_token": "invalid_token",
|
||||
}
|
||||
data = {"invitation_token": "invalid_token"}
|
||||
|
||||
response = authenticated_client.post(
|
||||
reverse("invitation-accept"), data=data, format="json"
|
||||
reverse("invitation-accept"), data=data, format="vnd.api+json"
|
||||
)
|
||||
|
||||
assert response.status_code == status.HTTP_404_NOT_FOUND
|
||||
@@ -8420,12 +8411,10 @@ class TestInvitationViewSet:
|
||||
invitation.email = TEST_USER
|
||||
invitation.save()
|
||||
|
||||
data = {
|
||||
"invitation_token": invitation.token,
|
||||
}
|
||||
data = {"invitation_token": invitation.token}
|
||||
|
||||
response = authenticated_client.post(
|
||||
reverse("invitation-accept"), data=data, format="json"
|
||||
reverse("invitation-accept"), data=data, format="vnd.api+json"
|
||||
)
|
||||
|
||||
assert response.status_code == status.HTTP_410_GONE
|
||||
@@ -8461,12 +8450,10 @@ class TestInvitationViewSet:
|
||||
invitation.email = TEST_USER
|
||||
invitation.save()
|
||||
|
||||
data = {
|
||||
"invitation_token": invitation.token,
|
||||
}
|
||||
data = {"invitation_token": invitation.token}
|
||||
|
||||
response = authenticated_client.post(
|
||||
reverse("invitation-accept"), data=data, format="json"
|
||||
reverse("invitation-accept"), data=data, format="vnd.api+json"
|
||||
)
|
||||
|
||||
assert response.status_code == status.HTTP_400_BAD_REQUEST
|
||||
@@ -8484,12 +8471,10 @@ class TestInvitationViewSet:
|
||||
invitation.email = TEST_USER
|
||||
invitation.save()
|
||||
|
||||
data = {
|
||||
"invitation_token": invitation.token,
|
||||
}
|
||||
data = {"invitation_token": invitation.token}
|
||||
|
||||
response = authenticated_client.post(
|
||||
reverse("invitation-accept"), data=data, format="json"
|
||||
reverse("invitation-accept"), data=data, format="vnd.api+json"
|
||||
)
|
||||
|
||||
assert response.status_code == status.HTTP_400_BAD_REQUEST
|
||||
@@ -13513,7 +13498,7 @@ class TestSAMLInitiateAPIView:
|
||||
url = reverse("api_saml_initiate")
|
||||
payload = {"email_domain": saml_setup["email"]}
|
||||
|
||||
response = authenticated_client.post(url, data=payload, format="json")
|
||||
response = authenticated_client.post(url, data=payload, format="vnd.api+json")
|
||||
|
||||
assert response.status_code == status.HTTP_302_FOUND
|
||||
assert (
|
||||
@@ -13532,7 +13517,7 @@ class TestSAMLInitiateAPIView:
|
||||
"callback_url": callback_url,
|
||||
}
|
||||
|
||||
response = authenticated_client.post(url, data=payload, format="json")
|
||||
response = authenticated_client.post(url, data=payload, format="vnd.api+json")
|
||||
|
||||
assert response.status_code == status.HTTP_302_FOUND
|
||||
query_params = parse_qs(urlparse(response.url).query)
|
||||
@@ -13547,7 +13532,7 @@ class TestSAMLInitiateAPIView:
|
||||
"callback_url": "https://attacker.example/invitation",
|
||||
}
|
||||
|
||||
response = authenticated_client.post(url, data=payload, format="json")
|
||||
response = authenticated_client.post(url, data=payload, format="vnd.api+json")
|
||||
|
||||
assert response.status_code == status.HTTP_302_FOUND
|
||||
query_params = parse_qs(urlparse(response.url).query)
|
||||
@@ -13557,7 +13542,7 @@ class TestSAMLInitiateAPIView:
|
||||
url = reverse("api_saml_initiate")
|
||||
payload = {"email_domain": "user@unauthorized.com"}
|
||||
|
||||
response = authenticated_client.post(url, data=payload, format="json")
|
||||
response = authenticated_client.post(url, data=payload, format="vnd.api+json")
|
||||
|
||||
assert response.status_code == status.HTTP_403_FORBIDDEN
|
||||
assert response.json()["errors"]["detail"] == "Unauthorized domain."
|
||||
|
||||
@@ -61,21 +61,24 @@ export const SocialButtons = ({
|
||||
asChild={!isGoogleDisabled}
|
||||
disabled={isGoogleDisabled}
|
||||
>
|
||||
<a
|
||||
href={isGoogleDisabled ? undefined : googleUrl}
|
||||
aria-disabled={isGoogleDisabled}
|
||||
className="flex items-center gap-2"
|
||||
>
|
||||
<Icon
|
||||
icon={
|
||||
isGoogleOAuthEnabled
|
||||
? "flat-color-icons:google"
|
||||
: "simple-icons:google"
|
||||
}
|
||||
width={24}
|
||||
/>
|
||||
Continue with Google
|
||||
</a>
|
||||
{isGoogleDisabled ? (
|
||||
<span className="flex items-center gap-2">
|
||||
<Icon
|
||||
icon={
|
||||
isGoogleOAuthEnabled
|
||||
? "flat-color-icons:google"
|
||||
: "simple-icons:google"
|
||||
}
|
||||
width={24}
|
||||
/>
|
||||
Continue with Google
|
||||
</span>
|
||||
) : (
|
||||
<a href={googleUrl} className="flex items-center gap-2">
|
||||
<Icon icon="flat-color-icons:google" width={24} />
|
||||
Continue with Google
|
||||
</a>
|
||||
)}
|
||||
</Button>
|
||||
</span>
|
||||
</Tooltip>
|
||||
@@ -104,14 +107,17 @@ export const SocialButtons = ({
|
||||
asChild={!isGithubDisabled}
|
||||
disabled={isGithubDisabled}
|
||||
>
|
||||
<a
|
||||
href={isGithubDisabled ? undefined : githubUrl}
|
||||
aria-disabled={isGithubDisabled}
|
||||
className="flex items-center gap-2"
|
||||
>
|
||||
<Icon icon="simple-icons:github" width={24} />
|
||||
Continue with Github
|
||||
</a>
|
||||
{isGithubDisabled ? (
|
||||
<span className="flex items-center gap-2">
|
||||
<Icon icon="simple-icons:github" width={24} />
|
||||
Continue with Github
|
||||
</span>
|
||||
) : (
|
||||
<a href={githubUrl} className="flex items-center gap-2">
|
||||
<Icon icon="simple-icons:github" width={24} />
|
||||
Continue with Github
|
||||
</a>
|
||||
)}
|
||||
</Button>
|
||||
</span>
|
||||
</Tooltip>
|
||||
|
||||
Reference in New Issue
Block a user