paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-10-23 04:52:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

test_stripe: Fix weak URL testing.

Browse Source 
The host of this URL could have been forged to redirect user
to a different subdomain and tests would still pass.

This also fixes the CodeQL warnings related to it.
This commit is contained in:
Aman Agrawal
2025-05-14 19:23:42 +05:30
committed by Tim Abbott
parent e04a32dee6
commit 906b96cdfc
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
corporate/tests/test_stripe.py
View File

@@ -860,17 +860,17 @@ class StripeTest(StripeTestCase):
response = self.client_get(f"/customer_portal/?tier={CustomerPlan.TIER_CLOUD_STANDARD}")
self.assertEqual(response.status_code, 302)
self.assertTrue(response["Location"].startswith("https://billing.stripe.com"))
self.assertTrue(response["Location"].startswith("https://billing.stripe.com/"))
self.upgrade(invoice=True)
response = self.client_get("/customer_portal/?return_to_billing_page=true")
self.assertEqual(response.status_code, 302)
self.assertTrue(response["Location"].startswith("https://billing.stripe.com"))
self.assertTrue(response["Location"].startswith("https://billing.stripe.com/"))
response = self.client_get("/invoices/")
self.assertEqual(response.status_code, 302)
self.assertTrue(response["Location"].startswith("https://billing.stripe.com"))
self.assertTrue(response["Location"].startswith("https://billing.stripe.com/"))
@mock_stripe()
def test_upgrade_by_card_to_plus_plan(self, *mocks: Mock) -> None:
@@ -7210,14 +7210,14 @@ class TestRemoteRealmBillingFlow(StripeTestCase, RemoteRealmBillingTestCase):
f"{self.billing_session.billing_base_url}/invoices/", subdomain="selfhosting"
)
self.assertEqual(response.status_code, 302)
self.assertTrue(response["Location"].startswith("https://billing.stripe.com"))
self.assertTrue(response["Location"].startswith("https://billing.stripe.com/"))
response = self.client_get(
f"{self.billing_session.billing_base_url}/customer_portal/?return_to_billing_page=true",
subdomain="selfhosting",
)
self.assertEqual(response.status_code, 302)
self.assertTrue(response["Location"].startswith("https://billing.stripe.com"))
self.assertTrue(response["Location"].startswith("https://billing.stripe.com/"))
@responses.activate
@mock_stripe()
@@ -9690,14 +9690,14 @@ class TestRemoteServerBillingFlow(StripeTestCase, RemoteServerTestCase):
f"{self.billing_session.billing_base_url}/invoices/", subdomain="selfhosting"
)
self.assertEqual(response.status_code, 302)
self.assertTrue(response["Location"].startswith("https://billing.stripe.com"))
self.assertTrue(response["Location"].startswith("https://billing.stripe.com/"))
response = self.client_get(
f"{self.billing_session.billing_base_url}/customer_portal/?return_to_billing_page=true",
subdomain="selfhosting",
)
self.assertEqual(response.status_code, 302)
self.assertTrue(response["Location"].startswith("https://billing.stripe.com"))
self.assertTrue(response["Location"].startswith("https://billing.stripe.com/"))
@responses.activate
@mock_stripe()