Permalink
Browse files

'auth_tkt' plugin: strip port number from the 'Domain' of generated c…

  • Loading branch information...
1 parent 493726f commit 7f99073049a02224390c31bacca0dd7b5abbacf3 @tseaver tseaver committed Sep 28, 2011
Showing with 90 additions and 24 deletions.
  1. +3 −0 CHANGES.txt
  2. +1 −2 repoze/who/plugins/auth_tkt.py
  3. +86 −22 repoze/who/plugins/tests/test_authtkt.py
View
@@ -4,6 +4,9 @@ repoze.who Changelog
2.0 (unreleased)
----------------
+- ``auth_tkt`` plugin: strip any port number from the 'Domain' of generated
+ cookies. http://bugs.repoze.org/issue66
+
- Further harden middleware, calling ``close()`` on the iterable even if
raising an exception for a missing challenger.
http://bugs.repoze.org/issue174
@@ -142,8 +142,6 @@ def remember(self, environ, identity):
secure=self.secure)
new_cookie_value = ticket.cookie_value()
- cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
- wild_domain = '.' + cur_domain
if old_cookie_value != new_cookie_value:
# return a set of Set-Cookie headers
return self._get_cookies(environ, new_cookie_value, max_age)
@@ -175,6 +173,7 @@ def _get_cookies(self, environ, value, max_age=None):
secure = '; secure; HttpOnly'
cur_domain = environ.get('HTTP_HOST', environ.get('SERVER_NAME'))
+ cur_domain = cur_domain.split(':')[0] # drop port
wild_domain = '.' + cur_domain
cookies = [
('Set-Cookie', '%s="%s"; Path=/%s%s' % (
@@ -188,14 +188,23 @@ def test_remember_creds_secure(self):
self.assertEqual(len(result), 3)
self.assertEqual(result[0],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; secure; HttpOnly' % val))
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'secure; '
+ 'HttpOnly' % val))
self.assertEqual(result[1],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=localhost; secure; HttpOnly'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=localhost; '
+ 'secure; HttpOnly'
% val))
self.assertEqual(result[2],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=.localhost; secure; HttpOnly'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=.localhost; '
+ 'secure; HttpOnly'
% val))
def test_remember_creds_different(self):
@@ -208,14 +217,46 @@ def test_remember_creds_different(self):
self.assertEqual(len(result), 3)
self.assertEqual(result[0],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/' % new_val))
+ 'auth_tkt="%s"; '
+ 'Path=/' % new_val))
self.assertEqual(result[1],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=localhost'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=localhost'
% new_val))
self.assertEqual(result[2],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=.localhost'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=.localhost'
+ % new_val))
+
+ def test_remember_creds_different_strips_port(self):
+ plugin = self._makeOne('secret')
+ old_val = self._makeTicket(userid='userid')
+ environ = self._makeEnviron({'HTTP_COOKIE':'auth_tkt=%s' % old_val,
+ 'HTTP_HOST': 'localhost:8080',
+ })
+ new_val = self._makeTicket(userid='other', userdata='userdata')
+ result = plugin.remember(environ, {'repoze.who.userid':'other',
+ 'userdata':'userdata'})
+ self.assertEqual(len(result), 3)
+ self.assertEqual(result[0],
+ ('Set-Cookie',
+ 'auth_tkt="%s"; '
+ 'Path=/' % new_val))
+ self.assertEqual(result[1],
+ ('Set-Cookie',
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=localhost'
+ % new_val))
+ self.assertEqual(result[2],
+ ('Set-Cookie',
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=.localhost'
% new_val))
def test_remember_creds_different_include_ip(self):
@@ -230,14 +271,19 @@ def test_remember_creds_different_include_ip(self):
self.assertEqual(len(result), 3)
self.assertEqual(result[0],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/' % new_val))
+ 'auth_tkt="%s"; '
+ 'Path=/' % new_val))
self.assertEqual(result[1],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=localhost'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=localhost'
% new_val))
self.assertEqual(result[2],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=.localhost'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=.localhost'
% new_val))
def test_remember_creds_different_bad_old_cookie(self):
@@ -250,14 +296,19 @@ def test_remember_creds_different_bad_old_cookie(self):
self.assertEqual(len(result), 3)
self.assertEqual(result[0],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/' % new_val))
+ 'auth_tkt="%s"; '
+ 'Path=/' % new_val))
self.assertEqual(result[1],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=localhost'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=localhost'
% new_val))
self.assertEqual(result[2],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=.localhost'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=.localhost'
% new_val))
def test_remember_creds_different_with_tokens(self):
@@ -275,14 +326,18 @@ def test_remember_creds_different_with_tokens(self):
self.assertEqual(len(result), 3)
self.assertEqual(result[0],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/' % new_val))
+ 'auth_tkt="%s"; '
+ 'Path=/' % new_val))
self.assertEqual(result[1],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=localhost'
+ 'auth_tkt="%s"; '
+ 'Path=/; Domain=localhost'
% new_val))
self.assertEqual(result[2],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=.localhost'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=.localhost'
% new_val))
def test_remember_creds_different_with_tuple_tokens(self):
@@ -300,14 +355,19 @@ def test_remember_creds_different_with_tuple_tokens(self):
self.assertEqual(len(result), 3)
self.assertEqual(result[0],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/' % new_val))
+ 'auth_tkt="%s"; '
+ 'Path=/' % new_val))
self.assertEqual(result[1],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=localhost'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=localhost'
% new_val))
self.assertEqual(result[2],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/; Domain=.localhost'
+ 'auth_tkt="%s"; '
+ 'Path=/; '
+ 'Domain=.localhost'
% new_val))
def test_remember_creds_different_int_userid(self):
@@ -321,7 +381,8 @@ def test_remember_creds_different_int_userid(self):
self.assertEqual(len(result), 3)
self.assertEqual(result[0],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/' % new_val))
+ 'auth_tkt="%s"; '
+ 'Path=/' % new_val))
def test_remember_creds_different_long_userid(self):
plugin = self._makeOne('secret')
@@ -333,7 +394,8 @@ def test_remember_creds_different_long_userid(self):
self.assertEqual(len(result), 3)
self.assertEqual(result[0],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/' % new_val))
+ 'auth_tkt="%s"; '
+ 'Path=/' % new_val))
def test_remember_creds_different_unicode_userid(self):
plugin = self._makeOne('secret')
@@ -348,7 +410,8 @@ def test_remember_creds_different_unicode_userid(self):
self.assertEqual(len(result), 3)
self.assertEqual(result[0],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/' % new_val))
+ 'auth_tkt="%s"; '
+ 'Path=/' % new_val))
def test_remember_creds_reissue(self):
import time
@@ -363,7 +426,8 @@ def test_remember_creds_reissue(self):
self.assertEqual(len(result), 3)
self.assertEqual(result[0],
('Set-Cookie',
- 'auth_tkt="%s"; Path=/' % new_val))
+ 'auth_tkt="%s"; '
+ 'Path=/' % new_val))
def test_remember_max_age(self):
plugin = self._makeOne('secret')

0 comments on commit 7f99073

Please sign in to comment.