Fix auth_tkt plugin to not hand over tokens as strings to paste. See
http://lists.repoze.org/pipermail/repoze-dev/2010-November/003680.html
| | |
| | | After 2.0a3 (unreleased) |
| | | ------------------------ |
| | | |
| | | - Fix auth_tkt plugin to not hand over tokens as strings to paste. See |
| | | http://lists.repoze.org/pipermail/repoze-dev/2010-November/003680.html |
| | | |
| | | - Avoid propagating unicode 'max_age' value into cookie headers. See |
| | | https://bugs.launchpad.net/bugs/674123 . |
| | | |
| | |
| | | old_cookie_value = getattr(existing, 'value', None) |
| | | max_age = identity.get('max_age', None) |
| | | |
| | | timestamp, userid, tokens, userdata = None, '', '', '' |
| | | timestamp, userid, tokens, userdata = None, '', (), '' |
| | | |
| | | if old_cookie_value: |
| | | try: |
| | |
| | | self.secret, old_cookie_value, remote_addr) |
| | | except auth_tkt.BadTicket: |
| | | pass |
| | | tokens = tuple(tokens) |
| | | |
| | | who_userid = identity['repoze.who.userid'] |
| | | who_tokens = identity.get('tokens', '') |
| | | who_tokens = tuple(identity.get('tokens', ())) |
| | | who_userdata = identity.get('userdata', '') |
| | | |
| | | encoding_data = self.userid_type_encoders.get(type(who_userid)) |
| | |
| | | who_userid = encoder(who_userid) |
| | | who_userdata = 'userid_type:%s' % encoding |
| | | |
| | | if not isinstance(tokens, basestring): |
| | | tokens = ','.join(tokens) |
| | | if not isinstance(who_tokens, basestring): |
| | | who_tokens = ','.join(who_tokens) |
| | | old_data = (userid, tokens, userdata) |
| | | new_data = (who_userid, who_tokens, who_userdata) |
| | | |
| | |
| | | 'auth_tkt="%s"; Path=/; Domain=.localhost' |
| | | % new_val)) |
| | | |
| | | def test_remember_creds_different_with_nonstring_tokens(self): |
| | | def test_remember_creds_different_with_tokens(self): |
| | | plugin = self._makeOne('secret') |
| | | old_val = self._makeTicket(userid='userid') |
| | | environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
| | | new_val = self._makeTicket(userid='other', |
| | | new_val = self._makeTicket(userid='userid', |
| | | userdata='userdata', |
| | | tokens='foo,bar', |
| | | tokens=['foo', 'bar'], |
| | | ) |
| | | result = plugin.remember(environ, {'repoze.who.userid': 'other', |
| | | result = plugin.remember(environ, {'repoze.who.userid': 'userid', |
| | | 'userdata': 'userdata', |
| | | 'tokens': ['foo', 'bar'], |
| | | }) |
| | |
| | | 'auth_tkt="%s"; Path=/; Domain=.localhost' |
| | | % new_val)) |
| | | |
| | | def test_remember_creds_different_with_tuple_tokens(self): |
| | | plugin = self._makeOne('secret') |
| | | old_val = self._makeTicket(userid='userid') |
| | | environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val}) |
| | | new_val = self._makeTicket(userid='userid', |
| | | userdata='userdata', |
| | | tokens=['foo', 'bar'], |
| | | ) |
| | | result = plugin.remember(environ, {'repoze.who.userid': 'userid', |
| | | 'userdata': 'userdata', |
| | | 'tokens': ('foo', 'bar'), |
| | | }) |
| | | self.assertEqual(len(result), 3) |
| | | self.assertEqual(result[0], |
| | | ('Set-Cookie', |
| | | 'auth_tkt="%s"; Path=/' % new_val)) |
| | | self.assertEqual(result[1], |
| | | ('Set-Cookie', |
| | | 'auth_tkt="%s"; Path=/; Domain=localhost' |
| | | % new_val)) |
| | | self.assertEqual(result[2], |
| | | ('Set-Cookie', |
| | | 'auth_tkt="%s"; Path=/; Domain=.localhost' |
| | | % new_val)) |
| | | |
| | | def test_remember_creds_different_int_userid(self): |
| | | plugin = self._makeOne('secret') |
| | | old_val = self._makeTicket(userid='userid') |