-
Notifications
You must be signed in to change notification settings - Fork 2k
/
test_auth_tkt.py
153 lines (132 loc) · 6.43 KB
/
test_auth_tkt.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
from ckan.lib.auth_tkt import CkanAuthTktCookiePlugin
from ckan.lib.auth_tkt import _set_substring
class TestSetSubstring(object):
'''Tests for auth_tkt._set_substring method.'''
def test_set_substring__value_has_substring_and_substring_should_be_present(self):
'''Substring should be retained in value'''
value = "I love my kitten, it is sweet."
substring = "kitten"
presence = True
new_value = _set_substring(value, substring, presence)
assert new_value == value
def test_set_substring__value_has_substring_and_substring_should_not_be_present(self):
'''Substring should be removed from value.'''
value = "I love my kitten, it is sweet."
substring = "kitten"
presence = False
new_value = _set_substring(value, substring, presence)
assert new_value == "I love my , it is sweet."
def test_set_substring__value_doesnot_have_substring_and_substring_should_be_present(self):
'''Substring is appended to value.'''
value = "I wish I had a "
substring = "kitten"
presence = True
new_value = _set_substring(value, substring, presence)
assert new_value == 'I wish I had a kitten'
def test_set_substring__value_doesnot_have_substring_and_substring_should_not_be_present(self):
'''Substring isn't appended to value.'''
value = "I don't have one."
substring = "kitten"
presence = False
new_value = _set_substring(value, substring, presence)
assert new_value == "I don't have one."
class TestEnsureHttpOnlyForCookies(object):
'''Tests for CkanAuthTktCookiePlugin._ensure_httponly_for_cookies method'''
def _make_plugin(self, httponly):
'''Only httponly needs to be set.'''
return CkanAuthTktCookiePlugin(httponly=httponly,
secret=None,
cookie_name='auth_tkt',
secure=False,
include_ip=False,
timeout=None,
reissue_time=None,
userid_checker=None)
def test_ensure_httponly_for_cookies__should_have_httponly(self):
'''Cookie values should contain HttpOnly.'''
plugin = self._make_plugin(httponly=True)
cookies = [
('Set-Cookie', 'auth_tkt="HELLO"; Path=/'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=localhost'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.localhost')
]
ensured_cookies = plugin._ensure_httponly_for_cookies(cookies)
expected_cookies = [
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; HttpOnly'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=localhost; HttpOnly'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.localhost; HttpOnly')
]
assert ensured_cookies == expected_cookies
def test_ensure_httponly_for_cookies__should_have_httponly_already_do(self):
'''
Cookie values should contain HttpOnly, they already to so nothing
should change.
'''
plugin = self._make_plugin(httponly=True)
cookies = [
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; HttpOnly'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=localhost; HttpOnly'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.localhost; HttpOnly')
]
ensured_cookies = plugin._ensure_httponly_for_cookies(cookies)
assert ensured_cookies == cookies
def test_ensure_httponly_for_cookies__should_not_have_httponly_already_absent(self):
'''
Cookie values should not contain HttpOnly. They don't so nothing
should change.
'''
plugin = self._make_plugin(httponly=False)
cookies = [
('Set-Cookie', 'auth_tkt="HELLO"; Path=/'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=localhost'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.localhost')
]
ensured_cookies = plugin._ensure_httponly_for_cookies(cookies)
assert ensured_cookies == cookies
def test_ensure_httponly_for_cookies__should_not_have_httponly(self):
'''
Cookie values should not contain HttpOnly, they do so it should be
removed.
'''
plugin = self._make_plugin(httponly=False)
cookies = [
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; HttpOnly'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=localhost; HttpOnly'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.localhost; HttpOnly')
]
ensured_cookies = plugin._ensure_httponly_for_cookies(cookies)
expected_cookies = [
('Set-Cookie', 'auth_tkt="HELLO"; Path=/'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=localhost'),
('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.localhost')
]
assert ensured_cookies == expected_cookies
class TestCkanAuthTktCookiePlugin(object):
'''
Test the added methods used by this subclass of
repoze.who.plugins.auth_tkt.AuthTktCookiePlugin
'''
def _make_plugin(self, httponly):
'''Only httponly needs to be set.'''
return CkanAuthTktCookiePlugin(httponly=httponly,
secret=None,
cookie_name='auth_tkt',
secure=False,
include_ip=False,
timeout=None,
reissue_time=None,
userid_checker=None)
def test_httponly_present(self):
'''HttpOnly flag should be present in cookie values.'''
plugin = self._make_plugin(httponly=True)
cookies = plugin._get_cookies(environ={'SERVER_NAME': '0.0.0.0'},
value='ANYTHING')
for cookie in cookies:
assert 'HttpOnly' in cookie[1]
def test_httponly_absent(self):
'''HttpOnly flag should be absent in cookie values.'''
plugin = self._make_plugin(httponly=False)
cookies = plugin._get_cookies(environ={'SERVER_NAME': '0.0.0.0'},
value='ANYTHING')
for cookie in cookies:
assert 'HttpOnly' not in cookie[1]