100% condition coverage of authentication module

2 files changed, 44 insertions, 6 deletions

diff --git a/pyramid/authentication.py b/pyramid/authentication.py
index 3d3139b7c..f1123c442 100644
--- a/pyramid/authentication.py
+++ b/pyramid/authentication.py
@@ -435,9 +435,9 @@ class AuthTktCookieHelper(object):
                     userid = decoder(userid)
 
         reissue = self.reissue_time is not None
-            
-        if not hasattr(request, '_authtkt_reissued'):
-            if reissue and ( (now - timestamp) > self.reissue_time):
+
+        if reissue and not hasattr(request, '_authtkt_reissued'):
+            if ( (now - timestamp) > self.reissue_time ):
                 # work around https://github.com/Pylons/pyramid/issues#issue/108
                 tokens = filter(None, tokens)
                 headers = self.remember(request, userid, max_age=self.max_age,
@@ -469,8 +469,10 @@ class AuthTktCookieHelper(object):
         ``max_age``
           The max age of the auth_tkt cookie, in seconds.  When this value is
           set, the cookie's ``Max-Age`` and ``Expires`` settings will be set,
-          allowing the auth_tkt cookie to last between browser sessions.
-          Default: ``None``.
+          allowing the auth_tkt cookie to last between browser sessions.  If
+          this value is ``None``, the ``max_age`` value provided to the
+          helper itself will be used as the ``max_age`` value.  Default:
+          ``None``.
 
         ``tokens``
           A sequence of strings that will be placed into the auth_tkt tokens
@@ -479,7 +481,9 @@ class AuthTktCookieHelper(object):
           Tokens are available in the returned identity when an auth_tkt is
           found in the request and unpacked.  Default: ``()``.
         """
-        max_age = max_age or self.max_age
+        if max_age is None:
+            max_age = self.max_age
+
         environ = request.environ
 
         if self.include_ip:
@@ -490,6 +494,7 @@ class AuthTktCookieHelper(object):
         user_data = ''
 
         encoding_data = self.userid_type_encoders.get(type(userid))
+
         if encoding_data:
             encoding, encoder = encoding_data
             userid = encoder(userid)
diff --git a/pyramid/tests/test_authentication.py b/pyramid/tests/test_authentication.py
index e16f53fdb..1d2b939b7 100644
--- a/pyramid/tests/test_authentication.py
+++ b/pyramid/tests/test_authentication.py
@@ -477,6 +477,29 @@ class TestAuthTktCookieHelper(unittest.TestCase):
         self.assertEqual(len(response.headerlist), 3)
         self.assertEqual(response.headerlist[0][0], 'Set-Cookie')
 
+    def test_identify_cookie_reissue_already_reissued_this_request(self):
+        import time
+        plugin = self._makeOne('secret', timeout=10, reissue_time=0)
+        now = time.time()
+        plugin.auth_tkt.timestamp = now
+        plugin.now = now + 1
+        request = self._makeRequest({'HTTP_COOKIE':'auth_tkt=bogus'})
+        request._authtkt_reissued = True
+        result = plugin.identify(request)
+        self.failUnless(result)
+        self.assertEqual(len(request.callbacks), 0)
+
+    def test_identify_cookie_reissue_notyet(self):
+        import time
+        plugin = self._makeOne('secret', timeout=10, reissue_time=10)
+        now = time.time()
+        plugin.auth_tkt.timestamp = now
+        plugin.now = now + 1
+        request = self._makeRequest({'HTTP_COOKIE':'auth_tkt=bogus'})
+        result = plugin.identify(request)
+        self.failUnless(result)
+        self.assertEqual(len(request.callbacks), 0)
+
     def test_identify_cookie_reissue_with_tokens_default(self):
         # see https://github.com/Pylons/pyramid/issues#issue/108
         import time
@@ -659,6 +682,16 @@ class TestAuthTktCookieHelper(unittest.TestCase):
                          userid.encode('utf-8').encode('base64').strip())
         self.assertEqual(val['user_data'], 'userid_type:b64unicode')
 
+    def test_remember_insane_userid(self):
+        plugin = self._makeOne('secret')
+        request = self._makeRequest()
+        userid = object()
+        result = plugin.remember(request, userid)
+        values = self._parseHeaders(result)
+        self.assertEqual(len(result), 3)
+        value = values[0]
+        self.failUnless('userid' in value.value)
+
     def test_remember_max_age(self):
         plugin = self._makeOne('secret')
         request = self._makeRequest()