From 455778d138ea623d224c9206e5001fd2a1fd7e1c Mon Sep 17 00:00:00 2001 From: Tres Seaver <tseaver@palladion.com> Date: Tue, 31 May 2016 19:35:57 +0200 Subject: [PATCH] middleware: Avoid passing extracted 'identity' to 'remember' during egress. --- repoze/who/tests/test_middleware.py | 34 ++++++++++++++++++++++++++++++++++ 1 files changed, 34 insertions(+), 0 deletions(-) diff --git a/repoze/who/tests/test_middleware.py b/repoze/who/tests/test_middleware.py index b79998d..f53e81a 100644 --- a/repoze/who/tests/test_middleware.py +++ b/repoze/who/tests/test_middleware.py @@ -224,6 +224,29 @@ self.assertEqual(start_response.status, '200 OK') self.assertEqual(start_response.headers, headers) + def test_call_200_no_challengers_app_calls_forget(self): + # See https://github.com/repoze/repoze.who/issues/21 + environ = self._makeEnviron() + remember_headers = [('remember', '1')] + forget_headers = [('forget', '1')] + app = DummyLogoutApp('200 OK') + credentials = {'login':'chris', 'password':'password'} + identifier = DummyIdentifier( + credentials, + remember_headers=remember_headers, + forget_headers=forget_headers) + identifiers = [ ('identifier', identifier) ] + authenticator = DummyAuthenticator() + authenticators = [ ('authenticator', authenticator) ] + mw = self._makeOne( + app=app, identifiers=identifiers, authenticators=authenticators) + start_response = DummyStartResponse() + result = mw(environ, start_response) + self.assertEqual(mw.app.environ, environ) + self.assertEqual(result, ['body']) + self.assertEqual(start_response.status, '200 OK') + self.assertEqual(start_response.headers, forget_headers) + def test_call_401_no_identifiers(self): from webob.exc import HTTPUnauthorized environ = self._makeEnviron() @@ -607,6 +630,17 @@ start_response(self.status, self.headers) return ['body'] +class DummyLogoutApp(object): + def __init__(self, status): + self.status = status + + def __call__(self, environ, start_response): + self.environ = environ + api = environ['repoze.who.api'] + headers = api.logout() + start_response(self.status, headers) + return ['body'] + class DummyGeneratorApp(object): def __init__(self, status, headers): self.status = status -- Gitblit v1.9.3