From d7e64797a8809c8321faf4bc08fceb8b56bdb547 Mon Sep 17 00:00:00 2001 From: Brian Sutherland <brian@vanguardistas.net> Date: Fri, 17 Dec 2010 09:02:37 +0100 Subject: [PATCH] Fix auth_tkt plugin to add "secure" to cookies when it is configured with secure=True. Before this was not added meaning that cookies could be sent by the browser over insecure channels. --- repoze/who/plugins/tests/test_authtkt.py | 19 +++++++++++++++++++ 1 files changed, 19 insertions(+), 0 deletions(-) diff --git a/repoze/who/plugins/tests/test_authtkt.py b/repoze/who/plugins/tests/test_authtkt.py index e6db966..2e20a12 100644 --- a/repoze/who/plugins/tests/test_authtkt.py +++ b/repoze/who/plugins/tests/test_authtkt.py @@ -179,6 +179,25 @@ 'userdata':'userdata'}) self.assertEqual(result, None) + def test_remember_creds_secure(self): + plugin = self._makeOne('secret', secure=True) + val = self._makeTicket(userid='userid', secure=True) + environ = self._makeEnviron() + result = plugin.remember(environ, {'repoze.who.userid':'userid', + 'userdata':'userdata'}) + self.assertEqual(len(result), 3) + self.assertEqual(result[0], + ('Set-Cookie', + 'auth_tkt="%s"; Path=/; secure' % val)) + self.assertEqual(result[1], + ('Set-Cookie', + 'auth_tkt="%s"; Path=/; Domain=localhost; secure' + % val)) + self.assertEqual(result[2], + ('Set-Cookie', + 'auth_tkt="%s"; Path=/; Domain=.localhost; secure' + % val)) + def test_remember_creds_different(self): plugin = self._makeOne('secret') old_val = self._makeTicket(userid='userid') -- Gitblit v1.9.3