[#1943] Move session config to lib/auth_tkt

ckan/lib/auth_tkt.py

@@ -1,3 +1,4 @@
+import math
 import os
 
 from pylons import config
@@ -41,13 +42,19 @@ def make_plugin(secret=None,
                 userid_checker=None):
     from repoze.who.utils import resolveDotted
 
-    # ckan specific: get secret from beaker setting if necessary
+    # ckan specifics:
+    # Get secret from beaker setting if necessary
     if secret is None or secret == 'somesecret':
         secret = config['beaker.session.secret']
-
+    # Session timeout and reissue time for auth cookie
+    if timeout is None and config.get('who.timeout'):
+        timeout = config.get('who.timeout')
+    if reissue_time is None and config.get('who.reissue_time'):
+        reissue_time = config.get('who.reissue_time')
+    if timeout is not None and reissue_time is None:
+        reissue_time = int(math.ceil(int(timeout) * 0.1))
     # Set httponly based on config value. Default is True
     httponly = config.get('who.httponly', True)
-
     # Set secure based on config value. Default is False
     secure = config.get('who.secure', False)
 

ckan/new_tests/lib/test_auth_tkt.py

@@ -1,24 +1,18 @@
+from nose import tools as nose_tools
+
 from ckan.new_tests import helpers
-from ckan.lib.auth_tkt import CkanAuthTktCookiePlugin, make_plugin
+from ckan.lib.auth_tkt import make_plugin
 
 
-class TestCkanAuthTktCookiePlugin(object):
+class TestCkanAuthTktCookiePlugin(helpers.FunctionalTestBase):
 
     '''
     Test the added methods used by this subclass of
     repoze.who.plugins.auth_tkt.AuthTktCookiePlugin
-    '''
 
-    def _make_plugin(self, httponly):
-        '''Only httponly needs to be set.'''
-        return CkanAuthTktCookiePlugin(httponly=httponly,
-                                       secret=None,
-                                       cookie_name='auth_tkt',
-                                       secure=False,
-                                       include_ip=False,
-                                       timeout=None,
-                                       reissue_time=None,
-                                       userid_checker=None)
+    Subclassing FunctionalTestBase ensures the original config is restored
+    after each test.
+    '''
 
     @helpers.change_config('who.httponly', True)
     def test_httponly_expected_cookies_with_config_httponly_true(self):
@@ -109,3 +103,36 @@ def test_secure_expected_cookies_without_config_secure(self):
             ('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.0.0.0.0; HttpOnly')
         ]
         assert cookies == expected_cookies
+
+    def test_timeout_not_set_in_config(self):
+        '''
+        Creating a CkanAuthTktCookiePlugin instance without setting timeout in
+        config sets correct values in CkanAuthTktCookiePlugin instance.
+        '''
+        plugin = make_plugin(secret='sosecret')
+
+        nose_tools.assert_equal(plugin.timeout, None)
+        nose_tools.assert_equal(plugin.reissue_time, None)
+
+    @helpers.change_config('who.timeout', 9000)
+    def test_timeout_set_in_config(self):
+        '''
+        Setting who.timeout in config sets correct values in
+        CkanAuthTktCookiePlugin instance.
+        '''
+        plugin = make_plugin(secret='sosecret')
+
+        nose_tools.assert_equal(plugin.timeout, 9000)
+        nose_tools.assert_equal(plugin.reissue_time, 900)
+
+    @helpers.change_config('who.timeout', 9000)
+    @helpers.change_config('who.reissue_time', 200)
+    def test_reissue_set_in_config(self):
+        '''
+        Setting who.reissue in config sets correct values in
+        CkanAuthTktCookiePlugin instance.
+        '''
+        plugin = make_plugin(secret='sosecret')
+
+        nose_tools.assert_equal(plugin.timeout, 9000)
+        nose_tools.assert_equal(plugin.reissue_time, 200)