From b5d18128c09d23076a7a22bf0b355e345ef9bc6d Mon Sep 17 00:00:00 2001
From: Oleg Bulkin <o.bulkin@gmail.com>
Date: Wed, 16 Aug 2017 15:14:42 -0700
Subject: [PATCH] [FIX] auth_totp: Firefox support * Fix #908, a Firefox MFA
 login error, by adding logic that checks for the Firefox edge case where
 redirect_with_hash returns a Response object rather than a string * Add test
 case for this scenario

---
 auth_totp/controllers/main.py |  5 ++++-
 auth_totp/tests/test_main.py  | 18 ++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/auth_totp/controllers/main.py b/auth_totp/controllers/main.py
index 2262469be..e8bae3a2d 100644
--- a/auth_totp/controllers/main.py
+++ b/auth_totp/controllers/main.py
@@ -5,6 +5,7 @@
 from datetime import datetime, timedelta
 import json
 from werkzeug.contrib.securecookie import SecureCookie
+from werkzeug.wrappers import Response as WerkzeugResponse
 from openerp import _, http, registry, SUPERUSER_ID
 from openerp.api import Environment
 from openerp.http import Response, request
@@ -139,7 +140,9 @@ class AuthTotp(Home):
         redirect = request.params.get('redirect')
         if not redirect:
             redirect = '/web'
-        response = Response(http.redirect_with_hash(redirect))
+        response = http.redirect_with_hash(redirect)
+        if not isinstance(response, WerkzeugResponse):
+            response = Response(response)
 
         if request.params.get('remember_device'):
             device = device_model_sudo.create({'user_id': user.id})
diff --git a/auth_totp/tests/test_main.py b/auth_totp/tests/test_main.py
index bc8e953b6..b7dd9bb2f 100644
--- a/auth_totp/tests/test_main.py
+++ b/auth_totp/tests/test_main.py
@@ -15,6 +15,7 @@ JSON_PATH = CONTROLLER_PATH + '.JsonSecureCookie'
 ENVIRONMENT_PATH = CONTROLLER_PATH + '.Environment'
 RESPONSE_PATH = CONTROLLER_PATH + '.Response'
 DATETIME_PATH = CONTROLLER_PATH + '.datetime'
+REDIRECT_PATH = CONTROLLER_PATH + '.http.redirect_with_hash'
 TRANSLATE_PATH_CONT = CONTROLLER_PATH + '._'
 MODEL_PATH = 'openerp.addons.auth_totp.models.res_users'
 GENERATE_PATH = MODEL_PATH + '.ResUsers.generate_mfa_login_token'
@@ -391,3 +392,20 @@ class TestAuthTotp(TransactionCase):
 
         new_test_security = resp_mock().set_cookie.mock_calls[0][2]['secure']
         self.assertIs(new_test_security, True)
+
+    @mock.patch(REDIRECT_PATH)
+    @mock.patch(GENERATE_PATH)
+    @mock.patch(VALIDATE_PATH)
+    def test_mfa_login_post_firefox_response_returned(
+        self, val_mock, gen_mock, redirect_mock, request_mock
+    ):
+        '''Should behave well if redirect returns Response (Firefox case)'''
+        request_mock.env = self.env
+        request_mock.db = self.registry.db_name
+        redirect_mock.return_value = Response('Test Response')
+        test_token = self.test_user.mfa_login_token
+        request_mock.params = {'mfa_login_token': test_token}
+        val_mock.return_value = True
+
+        test_result = self.test_controller.mfa_login_post()
+        self.assertIn('Test Response', test_result.response)