[SECURITY] Fix unvalidated redirect

2020-12-18 18:29:36 +01:00
parent 736ecbd7b6
commit a3dd015c23
2 changed files with 7 additions and 1 deletions
--- a/src/tests/control/test_auth.py
+++ b/src/tests/control/test_auth.py
@@ -90,6 +90,10 @@ class LoginFormTest(TestCase):
        self.assertEqual(response.status_code, 302)
        self.assertIn('/control/events/', response['Location'])

+        response = self.client.get('/control/login?next=//evilsite.com')
+        self.assertEqual(response.status_code, 302)
+        self.assertIn('/control/', response['Location'])
+
    def test_logout(self):
        response = self.client.post('/control/login', {
            'email': 'dummy@dummy.dummy',