From d7e64797a8809c8321faf4bc08fceb8b56bdb547 Mon Sep 17 00:00:00 2001
From: Brian Sutherland <brian@vanguardistas.net>
Date: Fri, 17 Dec 2010 09:02:37 +0100
Subject: [PATCH] Fix auth_tkt plugin to add "secure" to cookies when it is configured with secure=True. Before this was not added meaning that cookies could be sent by the browser over insecure channels.

---
 repoze/who/plugins/tests/test_authtkt.py |   19 +++++++++++++++++++
 1 files changed, 19 insertions(+), 0 deletions(-)

diff --git a/repoze/who/plugins/tests/test_authtkt.py b/repoze/who/plugins/tests/test_authtkt.py
index e6db966..2e20a12 100644
--- a/repoze/who/plugins/tests/test_authtkt.py
+++ b/repoze/who/plugins/tests/test_authtkt.py
@@ -179,6 +179,25 @@
                                            'userdata':'userdata'})
         self.assertEqual(result, None)
 
+    def test_remember_creds_secure(self):
+        plugin = self._makeOne('secret', secure=True)
+        val = self._makeTicket(userid='userid', secure=True)
+        environ = self._makeEnviron()
+        result = plugin.remember(environ, {'repoze.who.userid':'userid',
+                                           'userdata':'userdata'})
+        self.assertEqual(len(result), 3)
+        self.assertEqual(result[0],
+                         ('Set-Cookie',
+                          'auth_tkt="%s"; Path=/; secure' % val))
+        self.assertEqual(result[1],
+                         ('Set-Cookie',
+                           'auth_tkt="%s"; Path=/; Domain=localhost; secure'
+                            % val))
+        self.assertEqual(result[2],
+                         ('Set-Cookie',
+                           'auth_tkt="%s"; Path=/; Domain=.localhost; secure'
+                            % val))
+
     def test_remember_creds_different(self):
         plugin = self._makeOne('secret')
         old_val = self._makeTicket(userid='userid')

--
Gitblit v1.9.3