[#1941] Can set HttpOnly flag from config

ckan/lib/auth_tkt.py

@@ -60,8 +60,7 @@ def _set_substring(value, substring, presence=True):
     return value
 
 
-def make_plugin(httponly=True,
-                secret=None,
+def make_plugin(secret=None,
                 secretfile=None,
                 cookie_name='auth_tkt',
                 secure=False,
@@ -75,6 +74,9 @@ def make_plugin(httponly=True,
     if secret is None or secret == 'somesecret':
         secret = config['beaker.session.secret']
 
+    # Set httponly based on config value. Default is True
+    httponly = config.get('who.httponly', True)
+
     # back to repoze boilerplate
     if (secret is None and secretfile is None):
         raise ValueError("One of 'secret' or 'secretfile' must not be None.")
@@ -91,7 +93,7 @@ def make_plugin(httponly=True,
         reissue_time = int(reissue_time)
     if userid_checker is not None:
         userid_checker = resolveDotted(userid_checker)
-    plugin = CkanAuthTktCookiePlugin(httponly,
+    plugin = CkanAuthTktCookiePlugin(_bool(httponly),
                                      secret,
                                      cookie_name,
                                      _bool(secure),

ckan/new_tests/lib/test_auth_tkt.py

@@ -1,5 +1,7 @@
-from ckan.lib.auth_tkt import CkanAuthTktCookiePlugin
-from ckan.lib.auth_tkt import _set_substring
+from ckan.new_tests import helpers
+from ckan.lib.auth_tkt import (CkanAuthTktCookiePlugin,
+                               _set_substring,
+                               make_plugin)
 
 
 class TestSetSubstring(object):
@@ -136,9 +138,12 @@ def _make_plugin(self, httponly):
                                        reissue_time=None,
                                        userid_checker=None)
 
-    def test_httponly_expected_cookies_with_httponly(self):
-        '''The returned cookies are still what we expect.'''
-        plugin = self._make_plugin(httponly=True)
+    @helpers.change_config('who.httponly', True)
+    def test_httponly_expected_cookies_with_config_httponly_true(self):
+        '''
+        The returned cookies are in the format we expect, with HttpOnly flag.
+        '''
+        plugin = make_plugin(secret='sosecret')
         cookies = plugin._get_cookies(environ={'SERVER_NAME': '0.0.0.0'},
                                       value='HELLO')
         expected_cookies = [
@@ -148,9 +153,13 @@ def test_httponly_expected_cookies_with_httponly(self):
         ]
         assert cookies == expected_cookies
 
-    def test_httponly_expected_cookies_without_httponly(self):
-        '''The returned cookies are still what we expect.'''
-        plugin = self._make_plugin(httponly=False)
+    @helpers.change_config('who.httponly', False)
+    def test_httponly_expected_cookies_with_config_httponly_false(self):
+        '''
+        The returned cookies are in the format we expect, without HttpOnly
+        flag.
+        '''
+        plugin = make_plugin(secret='sosecret')
         cookies = plugin._get_cookies(environ={'SERVER_NAME': '0.0.0.0'},
                                       value='HELLO')
         expected_cookies = [
@@ -159,3 +168,17 @@ def test_httponly_expected_cookies_without_httponly(self):
             ('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.0.0.0.0')
         ]
         assert cookies == expected_cookies
+
+    def test_httponly_expected_cookies_without_config_httponly(self):
+        '''
+        The returned cookies are in the format we expect, with HttpOnly flag.
+        '''
+        plugin = make_plugin(secret='sosecret')
+        cookies = plugin._get_cookies(environ={'SERVER_NAME': '0.0.0.0'},
+                                      value='HELLO')
+        expected_cookies = [
+            ('Set-Cookie', 'auth_tkt="HELLO"; Path=/; HttpOnly'),
+            ('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=0.0.0.0; HttpOnly'),
+            ('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.0.0.0.0; HttpOnly')
+        ]
+        assert cookies == expected_cookies