RedHatTraining/repoze.who.git

			@@ -1,5 +1,6 @@
			import unittest


			class TestAuthTktCookiePlugin(unittest.TestCase):
			tempdir = None
			_now_testing = None
			@@ -19,11 +20,13 @@
			return AuthTktCookiePlugin

			def _makeEnviron(self, kw=None):
			environ = {'wsgi.version': (1,0)}
			from wsgiref.util import setup_testing_defaults
			environ = {}
			setup_testing_defaults(environ)
			if kw is not None:
			environ.update(kw)
			environ['REMOTE_ADDR'] = '1.1.1.1'
			environ['SERVER_NAME'] = 'localhost'
			environ['HTTP_HOST'] = 'localhost'
			return environ

			def _makeOne(self, secret='s33kr3t', arg, *kw):
			@@ -33,8 +36,8 @@
			def _makeTicket(self, userid='userid', remote_addr='0.0.0.0',
			tokens = [], userdata='userdata',
			cookie_name='auth_tkt', secure=False,
			time=None):
			from paste.auth import auth_tkt
			time=None, digest_algo="md5"):
			import repoze.who._auth_tkt as auth_tkt
			ticket = auth_tkt.AuthTicket(
			'secret',
			userid,
			@@ -43,12 +46,13 @@
			user_data=userdata,
			time=time,
			cookie_name=cookie_name,
			secure=secure)
			secure=secure,
			digest_algo=digest_algo)
			return ticket.cookie_value()

			def _setNowTesting(self, value):
			from repoze.who.plugins import auth_tkt
			auth_tkt._NOW_TESTING, self._now_testing = value, auth_tkt._NOW_TESTING
			auth_tkt._UTCNOW, self._now_testing = value, auth_tkt._UTCNOW

			def test_class_conforms_to_IIdentifier(self):
			from zope.interface.verify import verifyClass
			@@ -89,58 +93,58 @@

			def test_identify_good_cookie_include_ip(self):
			plugin = self._makeOne('secret', include_ip=True)
			val = self._makeTicket(remote_addr='1.1.1.1')
			val = self._makeTicket(remote_addr='1.1.1.1', userdata='foo=123')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
			result = plugin.identify(environ)
			self.assertEqual(len(result), 4)
			self.assertEqual(result['tokens'], [''])
			self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid')
			self.assertEqual(result['userdata'], 'userdata')
			self.failUnless('timestamp' in result)
			self.assertEqual(result['userdata'], {'foo': '123'})
			self.assertTrue('timestamp' in result)
			self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
			self.assertEqual(environ['REMOTE_USER_DATA'],'userdata')
			self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123')
			self.assertEqual(environ['AUTH_TYPE'],'cookie')

			def test_identify_good_cookie_dont_include_ip(self):
			plugin = self._makeOne('secret', include_ip=False)
			val = self._makeTicket()
			val = self._makeTicket(userdata='foo=123')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
			result = plugin.identify(environ)
			self.assertEqual(len(result), 4)
			self.assertEqual(result['tokens'], [''])
			self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid')
			self.assertEqual(result['userdata'], 'userdata')
			self.failUnless('timestamp' in result)
			self.assertEqual(result['userdata'], {'foo': '123'})
			self.assertTrue('timestamp' in result)
			self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
			self.assertEqual(environ['REMOTE_USER_DATA'],'userdata')
			self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123')
			self.assertEqual(environ['AUTH_TYPE'],'cookie')

			def test_identify_good_cookie_int_useridtype(self):
			plugin = self._makeOne('secret', include_ip=False)
			val = self._makeTicket(userid='1', userdata='userid_type:int')
			val = self._makeTicket(userid='1', userdata='userid_type=int')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
			result = plugin.identify(environ)
			self.assertEqual(len(result), 4)
			self.assertEqual(result['tokens'], [''])
			self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 1)
			self.assertEqual(result['userdata'], 'userid_type:int')
			self.failUnless('timestamp' in result)
			self.assertEqual(result['userdata'], {'userid_type': 'int'})
			self.assertTrue('timestamp' in result)
			self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
			self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:int')
			self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type=int')
			self.assertEqual(environ['AUTH_TYPE'],'cookie')

			def test_identify_good_cookie_unknown_useridtype(self):
			plugin = self._makeOne('secret', include_ip=False)
			val = self._makeTicket(userid='userid', userdata='userid_type:unknown')
			val = self._makeTicket(userid='userid', userdata='userid_type=unknown')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
			result = plugin.identify(environ)
			self.assertEqual(len(result), 4)
			self.assertEqual(result['tokens'], [''])
			self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid')
			self.assertEqual(result['userdata'], 'userid_type:unknown')
			self.failUnless('timestamp' in result)
			self.assertEqual(result['userdata'], {'userid_type':'unknown'})
			self.assertTrue('timestamp' in result)
			self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
			self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type:unknown')
			self.assertEqual(environ['REMOTE_USER_DATA'],'userid_type=unknown')
			self.assertEqual(environ['AUTH_TYPE'],'cookie')

			def test_identify_bad_cookie(self):
			@@ -159,63 +163,189 @@

			def test_identify_with_checker_and_existing_account(self):
			plugin = self._makeOne('secret', userid_checker=dummy_userid_checker)
			val = self._makeTicket(userid='existing')
			val = self._makeTicket(userid='existing', userdata='foo=123')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
			result = plugin.identify(environ)
			self.assertEqual(len(result), 4)
			self.assertEqual(result['tokens'], [''])
			self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'existing')
			self.assertEqual(result['userdata'], 'userdata')
			self.failUnless('timestamp' in result)
			self.assertEqual(result['userdata'], {'foo': '123'})
			self.assertTrue('timestamp' in result)
			self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
			self.assertEqual(environ['REMOTE_USER_DATA'],'userdata')
			self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123')
			self.assertEqual(environ['AUTH_TYPE'],'cookie')

			def test_identify_with_alternate_hash(self):
			plugin = self._makeOne('secret', include_ip=False, digest_algo="sha256")
			val = self._makeTicket(userdata='foo=123', digest_algo="sha256")
			md5_val = self._makeTicket(userdata='foo=123')
			self.assertNotEqual(val, md5_val)
			# md5 is 162 characters long, sha256 is 322
			self.assertEqual(len(val), len(md5_val)+32)
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
			result = plugin.identify(environ)
			self.assertEqual(len(result), 4)
			self.assertEqual(result['tokens'], [''])
			self.assertEqual(result['repoze.who.plugins.auth_tkt.userid'], 'userid')
			self.assertEqual(result['userdata'], {'foo': '123'})
			self.assertTrue('timestamp' in result)
			self.assertEqual(environ['REMOTE_USER_TOKENS'], [''])
			self.assertEqual(environ['REMOTE_USER_DATA'],'foo=123')
			self.assertEqual(environ['AUTH_TYPE'],'cookie')

			def test_identify_bad_cookie_with_alternate_hash(self):
			plugin = self._makeOne('secret', include_ip=True, digest_algo="sha256")
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=bogus'})
			result = plugin.identify(environ)
			self.assertEqual(result, None)

			def test_remember_creds_same(self):
			plugin = self._makeOne('secret')
			val = self._makeTicket(userid='userid')
			val = self._makeTicket(userid='userid', userdata='foo=123')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
			result = plugin.remember(environ, {'repoze.who.userid':'userid',
			'userdata':'userdata'})
			'userdata':{'foo': '123'}})
			self.assertEqual(result, None)

			def test_remember_creds_secure(self):
			plugin = self._makeOne('secret', secure=True)
			val = self._makeTicket(userid='userid', secure=True)
			environ = self._makeEnviron()
			def test_remember_creds_same_alternate_hash(self):
			plugin = self._makeOne('secret', digest_algo="sha1")
			val = self._makeTicket(userid='userid', userdata='foo=123', digest_algo="sha1")
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % val})
			result = plugin.remember(environ, {'repoze.who.userid':'userid',
			'userdata':'userdata'})
			'userdata':{'foo': '123'}})
			self.assertEqual(result, None)

			def test_remember_creds_hash_mismatch(self):
			plugin = self._makeOne('secret', digest_algo="sha1")
			old_val = self._makeTicket(userid='userid', userdata='foo=123', digest_algo="md5")
			new_val = self._makeTicket(userid='userid', userdata='foo=123', digest_algo="sha1")
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
			result = plugin.remember(environ, {'repoze.who.userid':'userid',
			'userdata':{'foo': '123'}})
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; secure' % val))
			'auth_tkt="%s"; '
			'Path=/' % new_val))
			self.assertEqual(result[1],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=localhost; secure'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=localhost'
			% new_val))
			self.assertEqual(result[2],
			('Set-Cookie',
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=.localhost'
			% new_val))

			def test_remember_creds_secure_alternate_hash(self):
			plugin = self._makeOne('secret', secure=True, digest_algo="sha512")
			val = self._makeTicket(userid='userid', secure=True, userdata='foo=123', digest_algo="sha512")
			environ = self._makeEnviron()
			result = plugin.remember(environ, {'repoze.who.userid':'userid',
			'userdata':{'foo':'123'}})
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; '
			'Path=/; '
			'secure; '
			'HttpOnly' % val))
			self.assertEqual(result[1],
			('Set-Cookie',
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=localhost; '
			'secure; HttpOnly'
			% val))
			self.assertEqual(result[2],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=.localhost; secure'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=.localhost; '
			'secure; HttpOnly'
			% val))

			def test_remember_creds_secure(self):
			plugin = self._makeOne('secret', secure=True)
			val = self._makeTicket(userid='userid', secure=True, userdata='foo=123')
			environ = self._makeEnviron()
			result = plugin.remember(environ, {'repoze.who.userid':'userid',
			'userdata':{'foo':'123'}})
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; '
			'Path=/; '
			'secure; '
			'HttpOnly' % val))
			self.assertEqual(result[1],
			('Set-Cookie',
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=localhost; '
			'secure; HttpOnly'
			% val))
			self.assertEqual(result[2],
			('Set-Cookie',
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=.localhost; '
			'secure; HttpOnly'
			% val))

			def test_remember_creds_different(self):
			plugin = self._makeOne('secret')
			old_val = self._makeTicket(userid='userid')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
			new_val = self._makeTicket(userid='other', userdata='userdata')
			new_val = self._makeTicket(userid='other', userdata='foo=123')
			result = plugin.remember(environ, {'repoze.who.userid':'other',
			'userdata':'userdata'})
			'userdata':{'foo':'123'}})
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/' % new_val))
			'auth_tkt="%s"; '
			'Path=/' % new_val))
			self.assertEqual(result[1],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=localhost'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=localhost'
			% new_val))
			self.assertEqual(result[2],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=.localhost'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=.localhost'
			% new_val))

			def test_remember_creds_different_strips_port(self):
			plugin = self._makeOne('secret')
			old_val = self._makeTicket(userid='userid')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val,
			'HTTP_HOST': 'localhost:8080',
			})
			new_val = self._makeTicket(userid='other', userdata='foo=123')
			result = plugin.remember(environ, {'repoze.who.userid':'other',
			'userdata':{'foo': '123'}})
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; '
			'Path=/' % new_val))
			self.assertEqual(result[1],
			('Set-Cookie',
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=localhost'
			% new_val))
			self.assertEqual(result[2],
			('Set-Cookie',
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=.localhost'
			% new_val))

			def test_remember_creds_different_include_ip(self):
			@@ -223,41 +353,51 @@
			old_val = self._makeTicket(userid='userid', remote_addr='1.1.1.1')
			environ = self._makeEnviron({'HTTP_COOKIE': 'auth_tkt=%s' % old_val})
			new_val = self._makeTicket(userid='other',
			userdata='userdata',
			userdata='foo=123',
			remote_addr='1.1.1.1')
			result = plugin.remember(environ, {'repoze.who.userid':'other',
			'userdata':'userdata'})
			'userdata':{'foo': '123'}})
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/' % new_val))
			'auth_tkt="%s"; '
			'Path=/' % new_val))
			self.assertEqual(result[1],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=localhost'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=localhost'
			% new_val))
			self.assertEqual(result[2],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=.localhost'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=.localhost'
			% new_val))

			def test_remember_creds_different_bad_old_cookie(self):
			plugin = self._makeOne('secret')
			old_val = 'BOGUS'
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
			new_val = self._makeTicket(userid='other', userdata='userdata')
			new_val = self._makeTicket(userid='other', userdata='foo=123')
			result = plugin.remember(environ, {'repoze.who.userid':'other',
			'userdata':'userdata'})
			'userdata':{'foo': '123'}})
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/' % new_val))
			'auth_tkt="%s"; '
			'Path=/' % new_val))
			self.assertEqual(result[1],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=localhost'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=localhost'
			% new_val))
			self.assertEqual(result[2],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=.localhost'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=.localhost'
			% new_val))

			def test_remember_creds_different_with_tokens(self):
			@@ -265,24 +405,28 @@
			old_val = self._makeTicket(userid='userid')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
			new_val = self._makeTicket(userid='userid',
			userdata='userdata',
			userdata='foo=123',
			tokens=['foo', 'bar'],
			)
			result = plugin.remember(environ, {'repoze.who.userid': 'userid',
			'userdata': 'userdata',
			'userdata': {'foo': '123'},
			'tokens': ['foo', 'bar'],
			})
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/' % new_val))
			'auth_tkt="%s"; '
			'Path=/' % new_val))
			self.assertEqual(result[1],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=localhost'
			'auth_tkt="%s"; '
			'Path=/; Domain=localhost'
			% new_val))
			self.assertEqual(result[2],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=.localhost'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=.localhost'
			% new_val))

			def test_remember_creds_different_with_tuple_tokens(self):
			@@ -290,46 +434,55 @@
			old_val = self._makeTicket(userid='userid')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
			new_val = self._makeTicket(userid='userid',
			userdata='userdata',
			userdata='foo=123',
			tokens=['foo', 'bar'],
			)
			result = plugin.remember(environ, {'repoze.who.userid': 'userid',
			'userdata': 'userdata',
			'userdata': {'foo': '123'},
			'tokens': ('foo', 'bar'),
			})
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/' % new_val))
			'auth_tkt="%s"; '
			'Path=/' % new_val))
			self.assertEqual(result[1],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=localhost'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=localhost'
			% new_val))
			self.assertEqual(result[2],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/; Domain=.localhost'
			'auth_tkt="%s"; '
			'Path=/; '
			'Domain=.localhost'
			% new_val))

			def test_remember_creds_different_int_userid(self):
			plugin = self._makeOne('secret')
			old_val = self._makeTicket(userid='userid')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
			new_val = self._makeTicket(userid='1', userdata='userid_type:int')
			new_val = self._makeTicket(userid='1', userdata='userid_type=int')
			result = plugin.remember(environ, {'repoze.who.userid':1,
			'userdata':''})

			'userdata':{}})

			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/' % new_val))

			def test_remember_creds_different_long_userid(self):
			try:
			long
			except NameError: #pragma NO COVER Python >= 3.0
			return
			plugin = self._makeOne('secret')
			old_val = self._makeTicket(userid='userid')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
			new_val = self._makeTicket(userid='1', userdata='userid_type:int')
			new_val = self._makeTicket(userid='1', userdata='userid_type=int')
			result = plugin.remember(environ, {'repoze.who.userid':long(1),
			'userdata':''})
			'userdata':{}})
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			@@ -339,11 +492,15 @@
			plugin = self._makeOne('secret')
			old_val = self._makeTicket(userid='userid')
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
			userid = unicode('\xc2\xa9', 'utf-8')
			userid = b'\xc2\xa9'.decode('utf-8')
			if type(b'') == type(''):
			userdata = 'userid_type=unicode'
			else: # pragma: no cover Py3k
			userdata = ''
			new_val = self._makeTicket(userid=userid.encode('utf-8'),
			userdata='userid_type:unicode')
			userdata=userdata)
			result = plugin.remember(environ, {'repoze.who.userid':userid,
			'userdata':''})
			'userdata':{}})
			self.assertEqual(type(result[0][1]), str)
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			@@ -365,36 +522,80 @@
			('Set-Cookie',
			'auth_tkt="%s"; Path=/' % new_val))

			def test_remember_max_age(self):
			def test_remember_creds_reissue_alternate_hash(self):
			import time
			plugin = self._makeOne('secret', reissue_time=1, digest_algo="sha256")
			old_val = self._makeTicket(userid='userid', userdata='',
			time=time.time()-2, digest_algo="sha256")
			environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val})
			new_val = self._makeTicket(userid='userid', userdata='',
			digest_algo="sha256")
			result = plugin.remember(environ, {'repoze.who.userid':'userid',
			'userdata':''})
			self.assertEqual(type(result[0][1]), str)
			self.assertEqual(len(result), 3)
			self.assertEqual(result[0],
			('Set-Cookie',
			'auth_tkt="%s"; Path=/' % new_val))

			def test_l10n_sane_cookie_date(self):
			from datetime import datetime

			now = datetime(2009, 11, 8, 16, 15, 22)
			self._setNowTesting(now)

			plugin = self._makeOne('secret')
			environ = {'HTTP_HOST':'example.com'}

			environ = {'HTTP_HOST': 'example.com'}

			tkt = self._makeTicket(userid='chris', userdata='')
			result = plugin.remember(environ, {'repoze.who.userid':'chris',
			'max_age':'500'})

			name,value = result.pop(0)


			result = plugin.remember(environ, {'repoze.who.userid': 'chris',
			'max_age': '500'})
			name, value = result.pop(0)

			self.assertEqual('Set-Cookie', name)
			self.failUnless(
			self.assertTrue(
			value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT'))

			def test_remember_max_age(self):
			from datetime import datetime

			now = datetime(2009, 11, 8, 16, 15, 22)
			self._setNowTesting(now)

			plugin = self._makeOne('secret')
			environ = {'HTTP_HOST': 'example.com'}

			tkt = self._makeTicket(userid='chris', userdata='')
			result = plugin.remember(environ, {'repoze.who.userid': 'chris',
			'max_age': '500'})

			name, value = result.pop(0)
			self.assertEqual('Set-Cookie', name)
			self.assertTrue(
			value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt),
			value)
			self.failUnless('; Expires=' in value)

			name,value = result.pop(0)
			self.assertEqual('Set-Cookie', name)
			self.failUnless(
			value.startswith(
			'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500'
			% tkt), value)
			self.failUnless('; Expires=' in value)
			self.assertTrue(
			value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT'))

			name,value = result.pop(0)
			name, value = result.pop(0)
			self.assertEqual('Set-Cookie', name)
			self.failUnless(
			self.assertTrue(
			value.startswith(
			'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt),
			'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500'
			% tkt), value)
			self.assertTrue(
			value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT'))

			name, value = result.pop(0)
			self.assertEqual('Set-Cookie', name)
			self.assertTrue(
			value.startswith(
			'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt),
			value)
			self.failUnless('; Expires=' in value)
			self.assertTrue(
			value.endswith('; Expires=Sun, 08 Nov 2009 16:23:42 GMT'))

			def test_forget(self):
			from datetime import datetime
			@@ -409,21 +610,21 @@
			self.assertEqual(name, 'Set-Cookie')
			self.assertEqual(value,
			'auth_tkt="INVALID"; Path=/; '
			'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22'
			'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22 GMT'
			)
			header = headers[1]
			name, value = header
			self.assertEqual(name, 'Set-Cookie')
			self.assertEqual(value,
			'auth_tkt="INVALID"; Path=/; Domain=localhost; '
			'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22'
			'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22 GMT'
			)
			header = headers[2]
			name, value = header
			self.assertEqual(name, 'Set-Cookie')
			self.assertEqual(value,
			'auth_tkt="INVALID"; Path=/; Domain=.localhost; '
			'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22'
			'Max-Age=0; Expires=Thu, 05 Nov 2009 16:15:22 GMT'
			)

			def test_authenticate_non_auth_tkt_credentials(self):
			@@ -491,37 +692,53 @@
			userid_checker='repoze.who.plugins.auth_tkt:make_plugin')
			self.assertEqual(plugin.userid_checker, make_plugin)

			def test_factory_with_alternate_hash(self):
			from repoze.who.plugins.auth_tkt import make_plugin
			import hashlib
			plugin = make_plugin('secret', digest_algo="sha1")
			self.assertEqual(plugin.digest_algo, hashlib.sha1)

			def test_factory_with_alternate_hash_func(self):
			from repoze.who.plugins.auth_tkt import make_plugin
			import hashlib
			plugin = make_plugin('secret', digest_algo=hashlib.sha1)
			self.assertEqual(plugin.digest_algo, hashlib.sha1)

			def test_factory_with_bogus_hash(self):
			from repoze.who.plugins.auth_tkt import make_plugin
			self.assertRaises(ValueError, make_plugin,
			secret="fiddly", digest_algo='foo23')

			def test_remember_max_age_unicode(self):
			from repoze.who._compat import u
			plugin = self._makeOne('secret')
			environ = {'HTTP_HOST':'example.com'}

			tkt = self._makeTicket(userid='chris', userdata='')
			result = plugin.remember(environ, {'repoze.who.userid': 'chris',
			'max_age': u'500'})

			name,value = result.pop(0)
			'max_age': u('500')})
			name, value = result.pop(0)
			self.assertEqual('Set-Cookie', name)
			self.failUnless(isinstance(value, str))
			self.failUnless(
			self.assertTrue(isinstance(value, str))
			self.assertTrue(
			value.startswith('auth_tkt="%s"; Path=/; Max-Age=500' % tkt),
			(value, tkt))
			self.failUnless('; Expires=' in value)
			self.assertTrue('; Expires=' in value)

			name,value = result.pop(0)
			self.assertEqual('Set-Cookie', name)
			self.failUnless(
			self.assertTrue(
			value.startswith(
			'auth_tkt="%s"; Path=/; Domain=example.com; Max-Age=500'
			% tkt), value)
			self.failUnless('; Expires=' in value)
			self.assertTrue('; Expires=' in value)

			name,value = result.pop(0)
			self.assertEqual('Set-Cookie', name)
			self.failUnless(
			self.assertTrue(
			value.startswith(
			'auth_tkt="%s"; Path=/; Domain=.example.com; Max-Age=500' % tkt),
			value)
			self.failUnless('; Expires=' in value)
			self.assertTrue('; Expires=' in value)


			def dummy_userid_checker(userid):