parent: 493726fe | patch | commit | ignore whitespace
Tres Seaver
2011-09-28 7f99073049a02224390c31bacca0dd7b5abbacf3 
'auth_tkt' plugin:  strip port number from the 'Domain' of generated cookies.

See http://bugs.repoze.org/issue66
3 files modified
114 ■■■■ changed files
CHANGES.txt 3 ●●●●● patch | view | raw | blame | history
repoze/who/plugins/auth_tkt.py 3 ●●●● patch | view | raw | blame | history
repoze/who/plugins/tests/test_authtkt.py 108 ●●●● patch | view | raw | blame | history 
 CHANGES.txt


@@ -4,6 +4,9 @@


2.0 (unreleased)


----------------




- ``auth_tkt`` plugin:  strip any port number from the 'Domain' of generated


  cookies.  http://bugs.repoze.org/issue66




- Further harden middleware, calling ``close()`` on the iterable even if


  raising an exception for a missing challenger.


  http://bugs.repoze.org/issue174




 repoze/who/plugins/auth_tkt.py


@@ -142,8 +142,6 @@


                secure=self.secure)


            new_cookie_value = ticket.cookie_value()


            


            cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))


            wild_domain = '.' + cur_domain


            if old_cookie_value != new_cookie_value:


                # return a set of Set-Cookie headers


                return self._get_cookies(environ, new_cookie_value, max_age)


@@ -175,6 +173,7 @@


            secure = '; secure; HttpOnly'




        cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))


        cur_domain = cur_domain.split(':')[0] # drop port


        wild_domain = '.' + cur_domain


        cookies = [


            ('Set-Cookie', '%s="%s"; Path=/%s%s' % (




 repoze/who/plugins/tests/test_authtkt.py


@@ -188,14 +188,23 @@


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; Path=/; secure; HttpOnly' % val))


                          'auth_tkt="%s"; '


                          'Path=/; '


                          'secure; '


                          'HttpOnly' % val))


        self.assertEqual(result[1],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=localhost; secure; HttpOnly'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=localhost; '


                           'secure; HttpOnly'


                            % val))


        self.assertEqual(result[2],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=.localhost; secure; HttpOnly'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=.localhost; '


                           'secure; HttpOnly'


                            % val))




    def test_remember_creds_different(self):


@@ -208,14 +217,46 @@


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; Path=/' % new_val))


                          'auth_tkt="%s"; '


                          'Path=/' % new_val))


        self.assertEqual(result[1],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=localhost'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=localhost'


                            % new_val))


        self.assertEqual(result[2],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=.localhost'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=.localhost'


                            % new_val))




    def test_remember_creds_different_strips_port(self):


        plugin = self._makeOne('secret')


        old_val = self._makeTicket(userid='userid')


        environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val,


                                     'HTTP_HOST': 'localhost:8080',


                                    })


        new_val = self._makeTicket(userid='other', userdata='userdata')


        result = plugin.remember(environ, {'repoze.who.userid':'other',


                                           'userdata':'userdata'})


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; '


                          'Path=/' % new_val))


        self.assertEqual(result[1],


                         ('Set-Cookie',


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=localhost'


                            % new_val))


        self.assertEqual(result[2],


                         ('Set-Cookie',


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=.localhost'


                            % new_val))




    def test_remember_creds_different_include_ip(self):


@@ -230,14 +271,19 @@


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; Path=/' % new_val))


                          'auth_tkt="%s"; '


                          'Path=/' % new_val))


        self.assertEqual(result[1],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=localhost'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=localhost'


                            % new_val))


        self.assertEqual(result[2],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=.localhost'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=.localhost'


                            % new_val))




    def test_remember_creds_different_bad_old_cookie(self):


@@ -250,14 +296,19 @@


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; Path=/' % new_val))


                          'auth_tkt="%s"; '


                          'Path=/' % new_val))


        self.assertEqual(result[1],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=localhost'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=localhost'


                            % new_val))


        self.assertEqual(result[2],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=.localhost'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=.localhost'


                            % new_val))




    def test_remember_creds_different_with_tokens(self):


@@ -275,14 +326,18 @@


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; Path=/' % new_val))


                          'auth_tkt="%s"; '


                          'Path=/' % new_val))


        self.assertEqual(result[1],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=localhost'


                           'auth_tkt="%s"; '


                           'Path=/; Domain=localhost'


                            % new_val))


        self.assertEqual(result[2],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=.localhost'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=.localhost'


                            % new_val))




    def test_remember_creds_different_with_tuple_tokens(self):


@@ -300,14 +355,19 @@


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; Path=/' % new_val))


                          'auth_tkt="%s"; '


                          'Path=/' % new_val))


        self.assertEqual(result[1],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=localhost'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=localhost'


                            % new_val))


        self.assertEqual(result[2],


                         ('Set-Cookie',


                           'auth_tkt="%s"; Path=/; Domain=.localhost'


                           'auth_tkt="%s"; '


                           'Path=/; '


                           'Domain=.localhost'


                            % new_val))




    def test_remember_creds_different_int_userid(self):


@@ -321,7 +381,8 @@


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; Path=/' % new_val))


                          'auth_tkt="%s"; '


                          'Path=/' % new_val))




    def test_remember_creds_different_long_userid(self):


        plugin = self._makeOne('secret')


@@ -333,7 +394,8 @@


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; Path=/' % new_val))


                          'auth_tkt="%s"; '


                          'Path=/' % new_val))




    def test_remember_creds_different_unicode_userid(self):


        plugin = self._makeOne('secret')


@@ -348,7 +410,8 @@


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; Path=/' % new_val))


                          'auth_tkt="%s"; '


                          'Path=/' % new_val))




    def test_remember_creds_reissue(self):


        import time


@@ -363,7 +426,8 @@


        self.assertEqual(len(result), 3)


        self.assertEqual(result[0],


                         ('Set-Cookie',


                          'auth_tkt="%s"; Path=/' % new_val))


                          'auth_tkt="%s"; '


                          'Path=/' % new_val))




    def test_remember_max_age(self):


        plugin = self._makeOne('secret')