From b05b5e72f56eeca67ae9b164c1a8b58867052fe0 Mon Sep 17 00:00:00 2001
From: Anders Kaseorg <anders@zulip.com>
Date: Wed, 8 Oct 2025 11:32:07 -0700
Subject: [PATCH] test_helpers: Use care in load_subdomain_token URL parsing.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
---
 zerver/lib/test_helpers.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/zerver/lib/test_helpers.py b/zerver/lib/test_helpers.py
index 82979c8e5e..6bf3ada5da 100644
--- a/zerver/lib/test_helpers.py
+++ b/zerver/lib/test_helpers.py
@@ -10,6 +10,7 @@ from dataclasses import dataclass
 from typing import IO, TYPE_CHECKING, Any, TypeVar, Union, cast
 from unittest import mock
 from unittest.mock import patch
+from urllib.parse import urlsplit
 
 import boto3.session
 import fakeldap
@@ -19,11 +20,11 @@ from django.conf import settings
 from django.contrib.auth.models import AnonymousUser
 from django.contrib.sessions.backends.base import SessionBase
 from django.db.migrations.state import StateApps
-from django.http import HttpRequest, HttpResponse, HttpResponseRedirect
+from django.http import HttpRequest, HttpResponse
 from django.http.request import QueryDict
 from django.http.response import HttpResponseBase
 from django.test import override_settings
-from django.urls import URLResolver
+from django.urls import URLResolver, resolve
 from moto.core.decorator import mock_aws
 from mypy_boto3_s3.service_resource import Bucket
 from typing_extensions import ParamSpec, override
@@ -45,6 +46,7 @@ from zerver.models.clients import clear_client_cache, get_client
 from zerver.models.realms import get_realm
 from zerver.models.streams import get_stream
 from zerver.tornado.handlers import AsyncDjangoHandler, allocate_handler_id
+from zerver.views.auth import log_into_subdomain
 from zilencer.models import RemoteZulipServer
 from zproject.backends import ExternalAuthDataDict, ExternalAuthResult
 
@@ -584,8 +586,10 @@ def write_instrumentation_reports(full_suite: bool, include_webhooks: bool) -> N
 
 
 def load_subdomain_token(response: Union["TestHttpResponse", HttpResponse]) -> ExternalAuthDataDict:
-    assert isinstance(response, HttpResponseRedirect)
-    token = response.url.rsplit("/", 1)[1]
+    assert response.status_code == 302
+    match = resolve(urlsplit(response["Location"]).path)
+    assert match.func == log_into_subdomain
+    token = match.kwargs["token"]
     data = ExternalAuthResult(
         request=mock.MagicMock(), login_token=token, delete_stored_data=False
     ).data_dict