diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f07a6c62bf7be07f08aedaba6ce0cff0c0fa2743..1f1ea8702040b3bf3a3abb7a3d8ce340b4e931fd 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -55,6 +55,13 @@ login-provider-test:
       - login_provider/**/*
       - .gitlab-ci.yml
 
+unittest-login:
+  stage: application-test
+  image: ${CI_REGISTRY_IMAGE}/login_provider_ci_test:${CI_COMMIT_REF_NAME}
+  script:
+    - cd login_provider
+    - python3 -m unittest discover
+
 behave-login:
   stage: application-test
   variables:
diff --git a/login_provider/app.py b/login_provider/app.py
index ce92fa6990a4b17d0769f3378c0ac7f7ed39f2dd..0f2c2a8465703354d810b5065648acdcbe59f171 100644
--- a/login_provider/app.py
+++ b/login_provider/app.py
@@ -4,6 +4,7 @@ from hydra_client import HydraAdmin
 from flask_login import login_user, logout_user, LoginManager, login_required, current_user
 from db import User
 from forms import LoginForm, LogoutForm
+from helper import is_safe_url
 
 HYDRA_ADMIN_URL = environ['HYDRA_ADMIN_URL']
 hydra = HydraAdmin(HYDRA_ADMIN_URL)
@@ -47,14 +48,6 @@ def login():
     login_form.next_url.data = request.args.get('next')
     return render_template('login.html', login_form=login_form)
 
-def is_safe_url(url):
-    print(url)
-    safe = True if url == "" else False
-    safe = True if url == "/" or safe else False
-    safe = True if url[:18] == "/?login_challenge=" \
-                   and url[18:].isalnum() or safe else False
-    return safe
-
 @app.route('/logout', methods=['POST'])
 def logout():
     logout_form = LogoutForm()
diff --git a/login_provider/helper.py b/login_provider/helper.py
new file mode 100644
index 0000000000000000000000000000000000000000..491bc564a81312605fccb9891d984093d3d4c543
--- /dev/null
+++ b/login_provider/helper.py
@@ -0,0 +1,11 @@
+import re
+
+def is_safe_url(url):
+    safe_urls = [
+        "^[/]*$",                             # Home page
+        "^/\?login_challenge=[a-z|A-Z|0-9]+$" # Login challenge with alphanumeric code
+        ]
+    for safe_url in safe_urls:
+        if re.fullmatch(safe_url, url) is not None:
+            return True
+    return False
diff --git a/login_provider/test/__init__.py b/login_provider/test/__init__.py
new file mode 100644
index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
diff --git a/login_provider/test/test_helper_functions.py b/login_provider/test/test_helper_functions.py
new file mode 100644
index 0000000000000000000000000000000000000000..34acc3dbba573044e7319b191e2498bb096f0887
--- /dev/null
+++ b/login_provider/test/test_helper_functions.py
@@ -0,0 +1,17 @@
+import unittest
+from helper import is_safe_url
+
+class UnitTests(unittest.TestCase):
+
+    def setUp(self):
+        pass
+
+    def tearDown(self):
+        pass
+
+    def test_safe_urls(self):
+        self.assertTrue(is_safe_url("/"))
+        self.assertTrue(is_safe_url("/?login_challenge=9a8s9da8s9dhahsda"))
+        self.assertFalse(is_safe_url("/malicious"))
+        self.assertFalse(is_safe_url("/?login_challenge=Not_alpha_numeric"))
+