From 5620e85d6d2d7fe2588a8fa0fad98d60dc44f3d9 Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Mon, 5 Sep 2011 17:34:50 -0500 Subject: Added test cases to reproduce #262. --- pyramid/tests/test_authentication.py | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/pyramid/tests/test_authentication.py b/pyramid/tests/test_authentication.py index 40f6731bf..bb4040b35 100644 --- a/pyramid/tests/test_authentication.py +++ b/pyramid/tests/test_authentication.py @@ -644,6 +644,40 @@ class TestAuthTktCookieHelper(unittest.TestCase): self.assertTrue(result) self.assertEqual(len(request.callbacks), 0) + def test_identify_cookie_reissue_revoked_by_forget(self): + import time + helper = self._makeOne('secret', timeout=10, reissue_time=0) + now = time.time() + helper.auth_tkt.timestamp = now + helper.now = now + 1 + request = self._makeRequest('bogus') + result = helper.identify(request) + self.assertTrue(result) + self.assertEqual(len(request.callbacks), 1) + result = helper.forget(request) + self.assertTrue(result) + self.assertEqual(len(request.callbacks), 1) + response = DummyResponse() + request.callbacks[0](None, response) + self.assertEqual(len(response.headerlist), 0) + + def test_identify_cookie_reissue_revoked_by_remember(self): + import time + helper = self._makeOne('secret', timeout=10, reissue_time=0) + now = time.time() + helper.auth_tkt.timestamp = now + helper.now = now + 1 + request = self._makeRequest('bogus') + result = helper.identify(request) + self.assertTrue(result) + self.assertEqual(len(request.callbacks), 1) + result = helper.remember(request, 'bob') + self.assertTrue(result) + self.assertEqual(len(request.callbacks), 1) + response = DummyResponse() + request.callbacks[0](None, response) + self.assertEqual(len(response.headerlist), 0) + def test_identify_cookie_reissue_with_tokens_default(self): # see https://github.com/Pylons/pyramid/issues#issue/108 import time -- cgit v1.2.3 From 863196d54e3d8329f9bd1c60a1f32f8e1a3f1dad Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Mon, 5 Sep 2011 17:43:18 -0500 Subject: Updated tests cases to send the request to the callback. --- pyramid/tests/test_authentication.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pyramid/tests/test_authentication.py b/pyramid/tests/test_authentication.py index bb4040b35..ff96ae471 100644 --- a/pyramid/tests/test_authentication.py +++ b/pyramid/tests/test_authentication.py @@ -617,7 +617,7 @@ class TestAuthTktCookieHelper(unittest.TestCase): self.assertTrue(result) self.assertEqual(len(request.callbacks), 1) response = DummyResponse() - request.callbacks[0](None, response) + request.callbacks[0](request, response) self.assertEqual(len(response.headerlist), 3) self.assertEqual(response.headerlist[0][0], 'Set-Cookie') @@ -658,7 +658,7 @@ class TestAuthTktCookieHelper(unittest.TestCase): self.assertTrue(result) self.assertEqual(len(request.callbacks), 1) response = DummyResponse() - request.callbacks[0](None, response) + request.callbacks[0](request, response) self.assertEqual(len(response.headerlist), 0) def test_identify_cookie_reissue_revoked_by_remember(self): @@ -675,7 +675,7 @@ class TestAuthTktCookieHelper(unittest.TestCase): self.assertTrue(result) self.assertEqual(len(request.callbacks), 1) response = DummyResponse() - request.callbacks[0](None, response) + request.callbacks[0](request, response) self.assertEqual(len(response.headerlist), 0) def test_identify_cookie_reissue_with_tokens_default(self): -- cgit v1.2.3 From 916b566d5beb27c8c0950b84306c9ed186b84e1a Mon Sep 17 00:00:00 2001 From: Michael Merickel Date: Mon, 5 Sep 2011 17:43:28 -0500 Subject: Track whether forget or remember were called before reissue headers are automatically applied to a response. Fixes #262. --- pyramid/authentication.py | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/pyramid/authentication.py b/pyramid/authentication.py index b61a044f2..446a9bd5a 100644 --- a/pyramid/authentication.py +++ b/pyramid/authentication.py @@ -662,7 +662,11 @@ class AuthTktCookieHelper(object): tokens = filter(None, tokens) headers = self.remember(request, userid, max_age=self.max_age, tokens=tokens) - add_global_response_headers(request, headers) + def reissue_authtkt(request, response): + if not hasattr(request, '_authtkt_reissue_revoked'): + for k, v in headers: + response.headerlist.append((k, v)) + request.add_response_callback(reissue_authtkt) request._authtkt_reissued = True environ['REMOTE_USER_TOKENS'] = tokens @@ -680,6 +684,7 @@ class AuthTktCookieHelper(object): """ Return a set of expires Set-Cookie headers, which will destroy any existing auth_tkt cookie when attached to a response""" environ = request.environ + request._authtkt_reissue_revoked = True return self._get_cookies(environ, '', max_age=EXPIRE) def remember(self, request, userid, max_age=None, tokens=()): @@ -724,6 +729,9 @@ class AuthTktCookieHelper(object): if not (isinstance(token, str) and VALID_TOKEN.match(token)): raise ValueError("Invalid token %r" % (token,)) + if hasattr(request, '_authtkt_reissued'): + request._authtkt_reissue_revoked = True + ticket = self.AuthTicket( self.secret, userid, -- cgit v1.2.3