Merge branch 'fix.authtkt-reissue-after-forget'

2 files changed, 44 insertions, 2 deletions

diff --git a/pyramid/authentication.py b/pyramid/authentication.py
index b61a044f2..446a9bd5a 100644
--- a/pyramid/authentication.py
+++ b/pyramid/authentication.py
@@ -662,7 +662,11 @@ class AuthTktCookieHelper(object):
                 tokens = filter(None, tokens)
                 headers = self.remember(request, userid, max_age=self.max_age,
                                         tokens=tokens)
-                add_global_response_headers(request, headers)
+                def reissue_authtkt(request, response):
+                    if not hasattr(request, '_authtkt_reissue_revoked'):
+                        for k, v in headers:
+                            response.headerlist.append((k, v))
+                request.add_response_callback(reissue_authtkt)
                 request._authtkt_reissued = True
 
         environ['REMOTE_USER_TOKENS'] = tokens
@@ -680,6 +684,7 @@ class AuthTktCookieHelper(object):
         """ Return a set of expires Set-Cookie headers, which will destroy
         any existing auth_tkt cookie when attached to a response"""
         environ = request.environ
+        request._authtkt_reissue_revoked = True
         return self._get_cookies(environ, '', max_age=EXPIRE)
     
     def remember(self, request, userid, max_age=None, tokens=()):
@@ -724,6 +729,9 @@ class AuthTktCookieHelper(object):
             if not (isinstance(token, str) and VALID_TOKEN.match(token)):
                 raise ValueError("Invalid token %r" % (token,))
 
+        if hasattr(request, '_authtkt_reissued'):
+            request._authtkt_reissue_revoked = True
+
         ticket = self.AuthTicket(
             self.secret,
             userid,
diff --git a/pyramid/tests/test_authentication.py b/pyramid/tests/test_authentication.py
index 40f6731bf..ff96ae471 100644
--- a/pyramid/tests/test_authentication.py
+++ b/pyramid/tests/test_authentication.py
@@ -617,7 +617,7 @@ class TestAuthTktCookieHelper(unittest.TestCase):
         self.assertTrue(result)
         self.assertEqual(len(request.callbacks), 1)
         response = DummyResponse()
-        request.callbacks[0](None, response)
+        request.callbacks[0](request, response)
         self.assertEqual(len(response.headerlist), 3)
         self.assertEqual(response.headerlist[0][0], 'Set-Cookie')
 
@@ -644,6 +644,40 @@ class TestAuthTktCookieHelper(unittest.TestCase):
         self.assertTrue(result)
         self.assertEqual(len(request.callbacks), 0)
 
+    def test_identify_cookie_reissue_revoked_by_forget(self):
+        import time
+        helper = self._makeOne('secret', timeout=10, reissue_time=0)
+        now = time.time()
+        helper.auth_tkt.timestamp = now
+        helper.now = now + 1
+        request = self._makeRequest('bogus')
+        result = helper.identify(request)
+        self.assertTrue(result)
+        self.assertEqual(len(request.callbacks), 1)
+        result = helper.forget(request)
+        self.assertTrue(result)
+        self.assertEqual(len(request.callbacks), 1)
+        response = DummyResponse()
+        request.callbacks[0](request, response)
+        self.assertEqual(len(response.headerlist), 0)
+
+    def test_identify_cookie_reissue_revoked_by_remember(self):
+        import time
+        helper = self._makeOne('secret', timeout=10, reissue_time=0)
+        now = time.time()
+        helper.auth_tkt.timestamp = now
+        helper.now = now + 1
+        request = self._makeRequest('bogus')
+        result = helper.identify(request)
+        self.assertTrue(result)
+        self.assertEqual(len(request.callbacks), 1)
+        result = helper.remember(request, 'bob')
+        self.assertTrue(result)
+        self.assertEqual(len(request.callbacks), 1)
+        response = DummyResponse()
+        request.callbacks[0](request, response)
+        self.assertEqual(len(response.headerlist), 0)
+
     def test_identify_cookie_reissue_with_tokens_default(self):
         # see https://github.com/Pylons/pyramid/issues#issue/108
         import time