diff --git a/ckan/config/middleware.py b/ckan/config/middleware.py index 06675e098d4..99e7e5c9c61 100644 --- a/ckan/config/middleware.py +++ b/ckan/config/middleware.py @@ -196,8 +196,19 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf): def ckan_auth_tkt_make_app(**kw): + ''' + Ensure keyword args are correctly set before returning + auth_tkt_make_plugin from repoze.who. + + kw args are set in who.ini. + ''' if not len(kw.get('secret', '')) or kw.get('secret') == 'somesecret': kw['secret'] = config['beaker.session.secret'] + if not kw.get('timeout') and config.get('who.timeout'): + kw['timeout'] = config.get('who.timeout') + if not kw.get('reissue_time') and config.get('who.reissue_time'): + kw['reissue_time'] = config.get('who.reissue_time') + if kw.get('timeout') and not kw.get('reissue_time'): kw['reissue_time'] = int(math.ceil(int(kw.get('timeout')) * 0.1)) return auth_tkt_make_plugin(**kw) diff --git a/ckan/config/who.ini b/ckan/config/who.ini index 964f538b033..5dc888701a5 100644 --- a/ckan/config/who.ini +++ b/ckan/config/who.ini @@ -2,11 +2,14 @@ use = ckan.config.middleware:ckan_auth_tkt_make_app # If no secret key is defined here, beaker.session.secret will be used #secret = somesecret + +# If no timeout or reissue_time is defined here, who.timeout and +# who.reissue_time will be used. # Timeout set in seconds before a non-active session expires (optional). -timeout = 3600 ;One hour +#timeout = 3600 ;One hour # Time before a session ticket is reissued (optional). If not defined, # this will be set to 1/10th the timeout value. -# reissue_time = 360 +#reissue_time = 360 [plugin:friendlyform] use = repoze.who.plugins.friendlyform:FriendlyFormPlugin diff --git a/ckan/new_tests/config/__init__.py b/ckan/new_tests/config/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ckan/new_tests/config/test_middleware.py b/ckan/new_tests/config/test_middleware.py new file mode 100644 index 00000000000..4b26294c175 --- /dev/null +++ b/ckan/new_tests/config/test_middleware.py @@ -0,0 +1,100 @@ +import mock +from nose import tools as nose_tools + +from ckan.new_tests import helpers +from ckan.config import middleware + + +class TestCkanAuthTktMakeApp(object): + + '''Tests for middleware.ckan_auth_tkt_make_app method.''' + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + def test_make_plugin_called_without_timeout_or_reissue_time(self, mock_auth_tkt_make_plugin): + ''' + repoze.who.plugins.auth_tkt.make_plugin is called without timeout or + reissue_time when these haven't been defined in the config or kwargs. + ''' + # Make the call + middleware.ckan_auth_tkt_make_app() + + # What was make_plugin called with? + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_false('timeout' in kwargs.keys()) + nose_tools.assert_false('reissue_time' in kwargs.keys()) + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + def test_make_plugin_called_with_timeout_defined_as_kwargs(self, mock_auth_tkt_make_plugin): + ''' + kwargs are passed into ckan_auth_tkt_make_app come from who.ini and + should be passed to make_plugin. + ''' + middleware.ckan_auth_tkt_make_app(timeout=2000) + + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_true(('timeout', 2000) in kwargs.items()) + nose_tools.assert_true(('reissue_time', 200) in kwargs.items()) + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + def test_make_plugin_called_with_timeout_and_reissue_time_defined_in_kwargs(self, mock_auth_tkt_make_plugin): + ''' + kwargs are passed into ckan_auth_tkt_make_app come from who.ini and + should be passed to make_plugin. + ''' + middleware.ckan_auth_tkt_make_app(timeout=2000, reissue_time=100) + + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_true(('timeout', 2000) in kwargs.items()) + nose_tools.assert_true(('reissue_time', 100) in kwargs.items()) + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + @helpers.change_config('who.timeout', 9000) + def test_make_plugin_called_with_timeout_from_config(self, mock_auth_tkt_make_plugin): + ''' + repoze.who.plugins.auth_tkt.make_plugin is called with timeout defined + in config, but no reissue_time (one will be created). + ''' + middleware.ckan_auth_tkt_make_app() + + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_true(('timeout', 9000) in kwargs.items()) + nose_tools.assert_true(('reissue_time', 900) in kwargs.items()) + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + @helpers.change_config('who.timeout', 9000) + @helpers.change_config('who.reissue_time', 200) + def test_make_plugin_called_with_reissue_from_config(self, mock_auth_tkt_make_plugin): + ''' + repoze.who.plugins.auth_tkt.make_plugin is called with timeout and + reissue_time defined in config. + ''' + middleware.ckan_auth_tkt_make_app() + + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_true(('timeout', 9000) in kwargs.items()) + nose_tools.assert_true(('reissue_time', 200) in kwargs.items()) + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + @helpers.change_config('who.timeout', 9000) + @helpers.change_config('who.reissue_time', 200) + def test_make_plugin_called_with_kwargs_supersede_config(self, mock_auth_tkt_make_plugin): + ''' + keyword args (who.ini values) supersede those in config. + ''' + middleware.ckan_auth_tkt_make_app(timeout=8000, reissue_time=500) + + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_true(('timeout', 8000) in kwargs.items()) + nose_tools.assert_true(('reissue_time', 500) in kwargs.items())