- A bug existed in the ``pyramid.authentication.AuthTktCookieHelper`` which...

Chris McDonough

2011-01-25 cf3177ed6d6a20f6951a4008ee120c9763aa988e

- A bug existed in the ``pyramid.authentication.AuthTktCookieHelper`` which
  would break any usage of an AuthTktAuthenticationPolicy when an auth tkt
  authentication policy was configured to reissue its tokens
  (``reissue_time`` < ``timeout`` / ``max_age``). Symptom: ``ValueError:
  ('Invalid token %r', '')``.  See
  https://github.com/Pylons/pyramid/issues#issue/108.

 CHANGES.txt

@@ -25,6 +25,13 @@
  consistent with other usages.  See
  https://github.com/Pylons/pyramid/issues#issue/106

- A bug existed in the ``pyramid.authentication.AuthTktCookieHelper`` which
  would break any usage of an AuthTktAuthenticationPolicy when an auth tkt
  authentication policy was configured to reissue its tokens
  (``reissue_time`` < ``timeout`` / ``max_age``). Symptom: ``ValueError:
  ('Invalid token %r', '')``.  See
  https://github.com/Pylons/pyramid/issues#issue/108.

1.0b1 (2011-01-21)
==================


 pyramid/authentication.py

@@ -424,7 +424,10 @@
            
        if not hasattr(request, '_authtkt_reissued'):
            if reissue and ( (now - timestamp) > self.reissue_time):
                headers = self.remember(request, userid, max_age=self.max_age, tokens=tokens)
                # work around https://github.com/Pylons/pyramid/issues#issue/108
                tokens = filter(None, tokens)
                headers = self.remember(request, userid, max_age=self.max_age,
                                        tokens=tokens)
                add_global_response_headers(request, headers)
                request._authtkt_reissued = True


 pyramid/tests/test_authentication.py

@@ -455,10 +455,11 @@
        self.assertEqual(len(response.headerlist), 3)
        self.assertEqual(response.headerlist[0][0], 'Set-Cookie')

    def test_identify_cookie_reissue_with_token(self):
    def test_identify_cookie_reissue_with_tokens_default(self):
        # see https://github.com/Pylons/pyramid/issues#issue/108
        import time
        plugin = self._makeOne('secret', timeout=10, reissue_time=0)
        plugin.auth_tkt = DummyAuthTktModule(tokens=('my-token',))
        plugin.auth_tkt = DummyAuthTktModule(tokens=[''])
        now = time.time()
        plugin.auth_tkt.timestamp = now
        plugin.now = now + 1
@@ -470,7 +471,7 @@
        request.callbacks[0](None, response)
        self.assertEqual(len(response.headerlist), 3)
        self.assertEqual(response.headerlist[0][0], 'Set-Cookie')
        self.assertTrue('my-token' in response.headerlist[0][1])
        self.failUnless("'tokens': []" in response.headerlist[0][1])

    def test_remember(self):
        plugin = self._makeOne('secret')
@@ -649,13 +650,16 @@
    def test_remember_non_string_token(self):
        plugin = self._makeOne('secret')
        request = self._makeRequest()
        self.assertRaises(ValueError, plugin.remember, request, 'other', tokens=(u'foo',))
        self.assertRaises(ValueError, plugin.remember, request, 'other',
                          tokens=(u'foo',))

    def test_remember_invalid_token_format(self):
        plugin = self._makeOne('secret')
        request = self._makeRequest()
        self.assertRaises(ValueError, plugin.remember, request, 'other', tokens=('foo bar',))
        self.assertRaises(ValueError, plugin.remember, request, 'other', tokens=('1bar',))
        self.assertRaises(ValueError, plugin.remember, request, 'other',
                          tokens=('foo bar',))
        self.assertRaises(ValueError, plugin.remember, request, 'other',
                          tokens=('1bar',))

    def test_forget(self):
        plugin = self._makeOne('secret')