[#1943] Set timeout and reissue_time from config.

Can set the session timeout and reissue_time from the config file if
these aren't provided by who.ini. New config settings:

who.timeout
who.reissue_time

ckan/config/middleware.py

@@ -196,8 +196,19 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf):
 
 
 def ckan_auth_tkt_make_app(**kw):
+    '''
+    Ensure keyword args are correctly set before returning
+    auth_tkt_make_plugin from repoze.who.
+
+    kw args are set in who.ini.
+    '''
     if not len(kw.get('secret', '')) or kw.get('secret') == 'somesecret':
         kw['secret'] = config['beaker.session.secret']
+    if not kw.get('timeout') and config.get('who.timeout'):
+        kw['timeout'] = config.get('who.timeout')
+    if not kw.get('reissue_time') and config.get('who.reissue_time'):
+        kw['reissue_time'] = config.get('who.reissue_time')
+
     if kw.get('timeout') and not kw.get('reissue_time'):
         kw['reissue_time'] = int(math.ceil(int(kw.get('timeout')) * 0.1))
     return auth_tkt_make_plugin(**kw)

ckan/config/who.ini

@@ -2,11 +2,14 @@
 use = ckan.config.middleware:ckan_auth_tkt_make_app
 # If no secret key is defined here, beaker.session.secret will be used
 #secret = somesecret
+
+# If no timeout or reissue_time is defined here, who.timeout and
+# who.reissue_time will be used.
 # Timeout set in seconds before a non-active session expires (optional).
-timeout = 3600 ;One hour
+#timeout = 3600 ;One hour
 # Time before a session ticket is reissued (optional). If not defined,
 # this will be set to 1/10th the timeout value.
-# reissue_time = 360
+#reissue_time = 360
 
 [plugin:friendlyform]
 use = repoze.who.plugins.friendlyform:FriendlyFormPlugin

ckan/new_tests/config/test_middleware.py

@@ -0,0 +1,100 @@
+import mock
+from nose import tools as nose_tools
+
+from ckan.new_tests import helpers
+from ckan.config import middleware
+
+
+class TestCkanAuthTktMakeApp(object):
+
+    '''Tests for middleware.ckan_auth_tkt_make_app method.'''
+
+    @mock.patch('ckan.config.middleware.auth_tkt_make_plugin')
+    def test_make_plugin_called_without_timeout_or_reissue_time(self, mock_auth_tkt_make_plugin):
+        '''
+        repoze.who.plugins.auth_tkt.make_plugin is called without timeout or
+        reissue_time when these haven't been defined in the config or kwargs.
+        '''
+        # Make the call
+        middleware.ckan_auth_tkt_make_app()
+
+        # What was make_plugin called with?
+        mock_call_args = mock_auth_tkt_make_plugin.call_args
+        _, kwargs = mock_call_args
+
+        nose_tools.assert_false('timeout' in kwargs.keys())
+        nose_tools.assert_false('reissue_time' in kwargs.keys())
+
+    @mock.patch('ckan.config.middleware.auth_tkt_make_plugin')
+    def test_make_plugin_called_with_timeout_defined_as_kwargs(self, mock_auth_tkt_make_plugin):
+        '''
+        kwargs are passed into ckan_auth_tkt_make_app come from who.ini and
+        should be passed to make_plugin.
+        '''
+        middleware.ckan_auth_tkt_make_app(timeout=2000)
+
+        mock_call_args = mock_auth_tkt_make_plugin.call_args
+        _, kwargs = mock_call_args
+
+        nose_tools.assert_true(('timeout', 2000) in kwargs.items())
+        nose_tools.assert_true(('reissue_time', 200) in kwargs.items())
+
+    @mock.patch('ckan.config.middleware.auth_tkt_make_plugin')
+    def test_make_plugin_called_with_timeout_and_reissue_time_defined_in_kwargs(self, mock_auth_tkt_make_plugin):
+        '''
+        kwargs are passed into ckan_auth_tkt_make_app come from who.ini and
+        should be passed to make_plugin.
+        '''
+        middleware.ckan_auth_tkt_make_app(timeout=2000, reissue_time=100)
+
+        mock_call_args = mock_auth_tkt_make_plugin.call_args
+        _, kwargs = mock_call_args
+
+        nose_tools.assert_true(('timeout', 2000) in kwargs.items())
+        nose_tools.assert_true(('reissue_time', 100) in kwargs.items())
+
+    @mock.patch('ckan.config.middleware.auth_tkt_make_plugin')
+    @helpers.change_config('who.timeout', 9000)
+    def test_make_plugin_called_with_timeout_from_config(self, mock_auth_tkt_make_plugin):
+        '''
+        repoze.who.plugins.auth_tkt.make_plugin is called with timeout defined
+        in config, but no reissue_time (one will be created).
+        '''
+        middleware.ckan_auth_tkt_make_app()
+
+        mock_call_args = mock_auth_tkt_make_plugin.call_args
+        _, kwargs = mock_call_args
+
+        nose_tools.assert_true(('timeout', 9000) in kwargs.items())
+        nose_tools.assert_true(('reissue_time', 900) in kwargs.items())
+
+    @mock.patch('ckan.config.middleware.auth_tkt_make_plugin')
+    @helpers.change_config('who.timeout', 9000)
+    @helpers.change_config('who.reissue_time', 200)
+    def test_make_plugin_called_with_reissue_from_config(self, mock_auth_tkt_make_plugin):
+        '''
+        repoze.who.plugins.auth_tkt.make_plugin is called with timeout and
+        reissue_time defined in config.
+        '''
+        middleware.ckan_auth_tkt_make_app()
+
+        mock_call_args = mock_auth_tkt_make_plugin.call_args
+        _, kwargs = mock_call_args
+
+        nose_tools.assert_true(('timeout', 9000) in kwargs.items())
+        nose_tools.assert_true(('reissue_time', 200) in kwargs.items())
+
+    @mock.patch('ckan.config.middleware.auth_tkt_make_plugin')
+    @helpers.change_config('who.timeout', 9000)
+    @helpers.change_config('who.reissue_time', 200)
+    def test_make_plugin_called_with_kwargs_supersede_config(self, mock_auth_tkt_make_plugin):
+        '''
+        keyword args (who.ini values) supersede those in config.
+        '''
+        middleware.ckan_auth_tkt_make_app(timeout=8000, reissue_time=500)
+
+        mock_call_args = mock_auth_tkt_make_plugin.call_args
+        _, kwargs = mock_call_args
+
+        nose_tools.assert_true(('timeout', 8000) in kwargs.items())
+        nose_tools.assert_true(('reissue_time', 500) in kwargs.items())