Added more tests

jazzband · Oct 4, 2023 · 573948c · 573948c
1 parent c567b41
commit 573948c
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/tests/test_models.py b/tests/test_models.py
@@ -584,3 +584,13 @@ def test_application_clean(oauth2_settings, application):
     with pytest.raises(ValidationError) as exc:
         application.clean()
     assert "You cannot use HS256" in str(exc.value)
+
+    application.authorization_grant_type = Application.GRANT_AUTHORIZATION_CODE
+
+    # allowed_origins can be only https://
+    application.allowed_origins = "http://example.com"
+    with pytest.raises(ValidationError) as exc:
+        application.clean()
+    assert "Enter a valid URL" in str(exc.value)
+    application.allowed_origins = "https://example.com"
+    application.clean()
diff --git a/tests/test_token_endpoint_cors.py b/tests/test_token_endpoint_cors.py
@@ -122,7 +122,7 @@ def test_origin_not_from_allowed_origins(self):
         }
 
         auth_headers = get_basic_auth_header(self.application.client_id, CLEARTEXT_SECRET)
-        auth_headers["HTTP_ORIGIN"] = "another_example.org"
+        auth_headers["HTTP_ORIGIN"] = "https://another_example.org"
         response = self.client.post(reverse("oauth2_provider:token"), data=token_request_data, **auth_headers)
         self.assertEqual(response.status_code, 200)
         self.assertFalse(response.has_header("Access-Control-Allow-Origin"))