From 878a15bf374c07af3b94f66215c5743ac798b041 Mon Sep 17 00:00:00 2001 From: Brook Elgie Date: Wed, 29 Oct 2014 11:00:54 +0000 Subject: [PATCH 01/10] [#1943] Add timeout and reissue_time to who.ini --- ckan/config/middleware.py | 3 +++ ckan/config/who.ini | 8 ++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/ckan/config/middleware.py b/ckan/config/middleware.py index 344adf77b2c..134be9635dd 100644 --- a/ckan/config/middleware.py +++ b/ckan/config/middleware.py @@ -1,4 +1,5 @@ """Pylons middleware initialization""" +import math import urllib import urllib2 import logging @@ -195,6 +196,8 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf): def ckan_auth_tkt_make_app(**kw): if not len(kw.get('secret', '')) or kw.get('secret') == 'somesecret': kw['secret'] = config['beaker.session.secret'] + if kw.get('timeout') and not kw.get('reissue_time'): + kw['reissue_time'] = int(math.ceil(int(kw.get('timeout')) * 0.1)) return auth_tkt_make_plugin(**kw) diff --git a/ckan/config/who.ini b/ckan/config/who.ini index 01fc7c07bc8..964f538b033 100644 --- a/ckan/config/who.ini +++ b/ckan/config/who.ini @@ -2,6 +2,11 @@ use = ckan.config.middleware:ckan_auth_tkt_make_app # If no secret key is defined here, beaker.session.secret will be used #secret = somesecret +# Timeout set in seconds before a non-active session expires (optional). +timeout = 3600 ;One hour +# Time before a session ticket is reissued (optional). If not defined, +# this will be set to 1/10th the timeout value. +# reissue_time = 360 [plugin:friendlyform] use = repoze.who.plugins.friendlyform:FriendlyFormPlugin @@ -49,7 +54,7 @@ plugins = auth_tkt [authenticators] -plugins = +plugins = ckan.lib.authenticator:OpenIDAuthenticator ckan.lib.authenticator:UsernamePasswordAuthenticator @@ -58,4 +63,3 @@ plugins = openid friendlyform;browser # basicauth - From 6bf47f4b898ec023ab564642be67eb9dc0fd6897 Mon Sep 17 00:00:00 2001 From: Brook Elgie Date: Wed, 29 Oct 2014 11:11:31 +0000 Subject: [PATCH 02/10] [#1943] PEP8 --- ckan/config/middleware.py | 42 ++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 20 deletions(-) diff --git a/ckan/config/middleware.py b/ckan/config/middleware.py index 134be9635dd..06675e098d4 100644 --- a/ckan/config/middleware.py +++ b/ckan/config/middleware.py @@ -32,6 +32,7 @@ log = logging.getLogger(__name__) + def make_app(conf, full_stack=True, static_files=True, **app_conf): """Create a Pylons WSGI application and return it @@ -128,22 +129,23 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf): OpenIdIdentificationPlugin._redirect_to_loginform = repoze_patch._redirect_to_loginform OpenIdIdentificationPlugin.challenge = repoze_patch.challenge - who_parser.identifiers = [i for i in who_parser.identifiers if \ - not isinstance(i, OpenIdIdentificationPlugin)] - who_parser.challengers = [i for i in who_parser.challengers if \ - not isinstance(i, OpenIdIdentificationPlugin)] - - app = PluggableAuthenticationMiddleware(app, - who_parser.identifiers, - who_parser.authenticators, - who_parser.challengers, - who_parser.mdproviders, - who_parser.request_classifier, - who_parser.challenge_decider, - logging.getLogger('repoze.who'), - logging.WARN, # ignored - who_parser.remote_user_key, - ) + who_parser.identifiers = [i for i in who_parser.identifiers if + not isinstance(i, OpenIdIdentificationPlugin)] + who_parser.challengers = [i for i in who_parser.challengers if + not isinstance(i, OpenIdIdentificationPlugin)] + + app = PluggableAuthenticationMiddleware( + app, + who_parser.identifiers, + who_parser.authenticators, + who_parser.challengers, + who_parser.mdproviders, + who_parser.request_classifier, + who_parser.challenge_decider, + logging.getLogger('repoze.who'), + logging.WARN, # ignored + who_parser.remote_user_key + ) # Establish the Registry for this application app = RegistryManager(app) @@ -156,7 +158,7 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf): else int(config.get('ckan.static_max_age', 3600)) static_app = StaticURLParser(config['pylons.paths']['static_files'], - cache_max_age=static_max_age) + cache_max_age=static_max_age) static_parsers = [static_app, app] storage_directory = uploader.get_storage_path() @@ -169,8 +171,7 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf): if e.errno != 17: raise - storage_app = StaticURLParser(path, - cache_max_age=static_max_age) + storage_app = StaticURLParser(path, cache_max_age=static_max_age) static_parsers.insert(0, storage_app) # Configurable extra static file paths @@ -179,7 +180,7 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf): if public_path.strip(): extra_static_parsers.append( StaticURLParser(public_path.strip(), - cache_max_age=static_max_age) + cache_max_age=static_max_age) ) app = Cascade(extra_static_parsers + static_parsers) @@ -193,6 +194,7 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf): return app + def ckan_auth_tkt_make_app(**kw): if not len(kw.get('secret', '')) or kw.get('secret') == 'somesecret': kw['secret'] = config['beaker.session.secret'] From 679ff0ddf52c2ea2b2c7e99e3ca6df20d631067c Mon Sep 17 00:00:00 2001 From: Brook Elgie Date: Wed, 29 Oct 2014 14:05:58 +0000 Subject: [PATCH 03/10] [#1943] Set timeout and reissue_time from config. Can set the session timeout and reissue_time from the config file if these aren't provided by who.ini. New config settings: who.timeout who.reissue_time --- ckan/config/middleware.py | 11 +++ ckan/config/who.ini | 7 +- ckan/new_tests/config/__init__.py | 0 ckan/new_tests/config/test_middleware.py | 100 +++++++++++++++++++++++ 4 files changed, 116 insertions(+), 2 deletions(-) create mode 100644 ckan/new_tests/config/__init__.py create mode 100644 ckan/new_tests/config/test_middleware.py diff --git a/ckan/config/middleware.py b/ckan/config/middleware.py index 06675e098d4..99e7e5c9c61 100644 --- a/ckan/config/middleware.py +++ b/ckan/config/middleware.py @@ -196,8 +196,19 @@ def make_app(conf, full_stack=True, static_files=True, **app_conf): def ckan_auth_tkt_make_app(**kw): + ''' + Ensure keyword args are correctly set before returning + auth_tkt_make_plugin from repoze.who. + + kw args are set in who.ini. + ''' if not len(kw.get('secret', '')) or kw.get('secret') == 'somesecret': kw['secret'] = config['beaker.session.secret'] + if not kw.get('timeout') and config.get('who.timeout'): + kw['timeout'] = config.get('who.timeout') + if not kw.get('reissue_time') and config.get('who.reissue_time'): + kw['reissue_time'] = config.get('who.reissue_time') + if kw.get('timeout') and not kw.get('reissue_time'): kw['reissue_time'] = int(math.ceil(int(kw.get('timeout')) * 0.1)) return auth_tkt_make_plugin(**kw) diff --git a/ckan/config/who.ini b/ckan/config/who.ini index 964f538b033..5dc888701a5 100644 --- a/ckan/config/who.ini +++ b/ckan/config/who.ini @@ -2,11 +2,14 @@ use = ckan.config.middleware:ckan_auth_tkt_make_app # If no secret key is defined here, beaker.session.secret will be used #secret = somesecret + +# If no timeout or reissue_time is defined here, who.timeout and +# who.reissue_time will be used. # Timeout set in seconds before a non-active session expires (optional). -timeout = 3600 ;One hour +#timeout = 3600 ;One hour # Time before a session ticket is reissued (optional). If not defined, # this will be set to 1/10th the timeout value. -# reissue_time = 360 +#reissue_time = 360 [plugin:friendlyform] use = repoze.who.plugins.friendlyform:FriendlyFormPlugin diff --git a/ckan/new_tests/config/__init__.py b/ckan/new_tests/config/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/ckan/new_tests/config/test_middleware.py b/ckan/new_tests/config/test_middleware.py new file mode 100644 index 00000000000..4b26294c175 --- /dev/null +++ b/ckan/new_tests/config/test_middleware.py @@ -0,0 +1,100 @@ +import mock +from nose import tools as nose_tools + +from ckan.new_tests import helpers +from ckan.config import middleware + + +class TestCkanAuthTktMakeApp(object): + + '''Tests for middleware.ckan_auth_tkt_make_app method.''' + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + def test_make_plugin_called_without_timeout_or_reissue_time(self, mock_auth_tkt_make_plugin): + ''' + repoze.who.plugins.auth_tkt.make_plugin is called without timeout or + reissue_time when these haven't been defined in the config or kwargs. + ''' + # Make the call + middleware.ckan_auth_tkt_make_app() + + # What was make_plugin called with? + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_false('timeout' in kwargs.keys()) + nose_tools.assert_false('reissue_time' in kwargs.keys()) + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + def test_make_plugin_called_with_timeout_defined_as_kwargs(self, mock_auth_tkt_make_plugin): + ''' + kwargs are passed into ckan_auth_tkt_make_app come from who.ini and + should be passed to make_plugin. + ''' + middleware.ckan_auth_tkt_make_app(timeout=2000) + + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_true(('timeout', 2000) in kwargs.items()) + nose_tools.assert_true(('reissue_time', 200) in kwargs.items()) + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + def test_make_plugin_called_with_timeout_and_reissue_time_defined_in_kwargs(self, mock_auth_tkt_make_plugin): + ''' + kwargs are passed into ckan_auth_tkt_make_app come from who.ini and + should be passed to make_plugin. + ''' + middleware.ckan_auth_tkt_make_app(timeout=2000, reissue_time=100) + + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_true(('timeout', 2000) in kwargs.items()) + nose_tools.assert_true(('reissue_time', 100) in kwargs.items()) + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + @helpers.change_config('who.timeout', 9000) + def test_make_plugin_called_with_timeout_from_config(self, mock_auth_tkt_make_plugin): + ''' + repoze.who.plugins.auth_tkt.make_plugin is called with timeout defined + in config, but no reissue_time (one will be created). + ''' + middleware.ckan_auth_tkt_make_app() + + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_true(('timeout', 9000) in kwargs.items()) + nose_tools.assert_true(('reissue_time', 900) in kwargs.items()) + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + @helpers.change_config('who.timeout', 9000) + @helpers.change_config('who.reissue_time', 200) + def test_make_plugin_called_with_reissue_from_config(self, mock_auth_tkt_make_plugin): + ''' + repoze.who.plugins.auth_tkt.make_plugin is called with timeout and + reissue_time defined in config. + ''' + middleware.ckan_auth_tkt_make_app() + + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_true(('timeout', 9000) in kwargs.items()) + nose_tools.assert_true(('reissue_time', 200) in kwargs.items()) + + @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') + @helpers.change_config('who.timeout', 9000) + @helpers.change_config('who.reissue_time', 200) + def test_make_plugin_called_with_kwargs_supersede_config(self, mock_auth_tkt_make_plugin): + ''' + keyword args (who.ini values) supersede those in config. + ''' + middleware.ckan_auth_tkt_make_app(timeout=8000, reissue_time=500) + + mock_call_args = mock_auth_tkt_make_plugin.call_args + _, kwargs = mock_call_args + + nose_tools.assert_true(('timeout', 8000) in kwargs.items()) + nose_tools.assert_true(('reissue_time', 500) in kwargs.items()) From cae923973a95ab4df07fc17d08de0b3e3a2159ff Mon Sep 17 00:00:00 2001 From: Brook Elgie Date: Wed, 29 Oct 2014 14:11:13 +0000 Subject: [PATCH 04/10] [#1943] Add settings to development template --- ckan/config/deployment.ini_tmpl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ckan/config/deployment.ini_tmpl b/ckan/config/deployment.ini_tmpl index e427f9c625c..0c0d2ab0b2d 100644 --- a/ckan/config/deployment.ini_tmpl +++ b/ckan/config/deployment.ini_tmpl @@ -40,7 +40,9 @@ app_instance_uuid = ${app_instance_uuid} who.config_file = %(here)s/who.ini who.log_level = warning who.log_file = %(cache_dir)s/who_log.ini - +# Session timeout (user logged out after period of inactivity, in seconds) +who.timeout = 3600 +#who.reissue_time = 360 ## Database Settings sqlalchemy.url = postgresql://ckan_default:pass@localhost/ckan_default From f2aa14cad83679d8e9a2e7b91361796fd466a4ba Mon Sep 17 00:00:00 2001 From: Brook Elgie Date: Wed, 29 Oct 2014 14:28:19 +0000 Subject: [PATCH 05/10] [#1943] Remove who.reissue_time from dev template. This provides too fine-grained control for most users. So leaving it out of the template (though leaving use of the setting in the code). --- ckan/config/deployment.ini_tmpl | 1 - 1 file changed, 1 deletion(-) diff --git a/ckan/config/deployment.ini_tmpl b/ckan/config/deployment.ini_tmpl index 0c0d2ab0b2d..0c7e1c92010 100644 --- a/ckan/config/deployment.ini_tmpl +++ b/ckan/config/deployment.ini_tmpl @@ -42,7 +42,6 @@ who.log_level = warning who.log_file = %(cache_dir)s/who_log.ini # Session timeout (user logged out after period of inactivity, in seconds) who.timeout = 3600 -#who.reissue_time = 360 ## Database Settings sqlalchemy.url = postgresql://ckan_default:pass@localhost/ckan_default From a3ff6fe2a203dce72bc7b9a7c6827f0ee22441e8 Mon Sep 17 00:00:00 2001 From: Brook Elgie Date: Wed, 29 Oct 2014 14:32:00 +0000 Subject: [PATCH 06/10] [#1943] Add session timeout to docs --- doc/maintaining/configuration.rst | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/doc/maintaining/configuration.rst b/doc/maintaining/configuration.rst index 4b736fa99b2..466a1fcb13a 100644 --- a/doc/maintaining/configuration.rst +++ b/doc/maintaining/configuration.rst @@ -60,6 +60,25 @@ files, and enables CKAN templates' debugging features. commands. +Repoze.who Settings +------------------- + +.. _who.timeout + +who.timeout +^^^^^^^^^^^ + +Example:: + + who.timeout = 3600 + +Default value: 3600 + +This defines how long (in seconds) until a user is logged out after a period +of inactivity. If this isn't defined, the session doesn't expire. Default +value is 3600 seconds (1 hour). + + Database Settings ----------------- From 3ba87f8e5f9604ce20ba2c62942d46692a41f38d Mon Sep 17 00:00:00 2001 From: Brook Elgie Date: Wed, 29 Oct 2014 15:37:47 +0000 Subject: [PATCH 07/10] [#1943] Fix malformed link is docs --- doc/maintaining/configuration.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/maintaining/configuration.rst b/doc/maintaining/configuration.rst index 466a1fcb13a..4d51470f3ec 100644 --- a/doc/maintaining/configuration.rst +++ b/doc/maintaining/configuration.rst @@ -63,7 +63,7 @@ files, and enables CKAN templates' debugging features. Repoze.who Settings ------------------- -.. _who.timeout +.. _who.timeout: who.timeout ^^^^^^^^^^^ From 70ca1e60e62f65624f43b8f07d6c581ac1169c0a Mon Sep 17 00:00:00 2001 From: Brook Elgie Date: Thu, 30 Oct 2014 16:41:12 +0000 Subject: [PATCH 08/10] [#1943] Inactive by default (non-expiring) --- ckan/config/deployment.ini_tmpl | 5 +++-- ckan/config/who.ini | 4 ++-- doc/maintaining/configuration.rst | 6 +++--- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/ckan/config/deployment.ini_tmpl b/ckan/config/deployment.ini_tmpl index 0c7e1c92010..8a1dd85d445 100644 --- a/ckan/config/deployment.ini_tmpl +++ b/ckan/config/deployment.ini_tmpl @@ -40,8 +40,9 @@ app_instance_uuid = ${app_instance_uuid} who.config_file = %(here)s/who.ini who.log_level = warning who.log_file = %(cache_dir)s/who_log.ini -# Session timeout (user logged out after period of inactivity, in seconds) -who.timeout = 3600 +# Session timeout (user logged out after period of inactivity, in seconds). +# Inactive by default, so the session doesn't expire. +# who.timeout = 86400 ## Database Settings sqlalchemy.url = postgresql://ckan_default:pass@localhost/ckan_default diff --git a/ckan/config/who.ini b/ckan/config/who.ini index 5dc888701a5..379f68d5385 100644 --- a/ckan/config/who.ini +++ b/ckan/config/who.ini @@ -6,10 +6,10 @@ use = ckan.config.middleware:ckan_auth_tkt_make_app # If no timeout or reissue_time is defined here, who.timeout and # who.reissue_time will be used. # Timeout set in seconds before a non-active session expires (optional). -#timeout = 3600 ;One hour +#timeout = 86400 ;One day # Time before a session ticket is reissued (optional). If not defined, # this will be set to 1/10th the timeout value. -#reissue_time = 360 +#reissue_time = 8640 [plugin:friendlyform] use = repoze.who.plugins.friendlyform:FriendlyFormPlugin diff --git a/doc/maintaining/configuration.rst b/doc/maintaining/configuration.rst index 4d51470f3ec..c3f9c483a3e 100644 --- a/doc/maintaining/configuration.rst +++ b/doc/maintaining/configuration.rst @@ -72,11 +72,11 @@ Example:: who.timeout = 3600 -Default value: 3600 +Default value: None This defines how long (in seconds) until a user is logged out after a period -of inactivity. If this isn't defined, the session doesn't expire. Default -value is 3600 seconds (1 hour). +of inactivity. If the setting isn't defined, the session doesn't expire. Not +active by default. Database Settings From 296c3b2e31334ca0b193b45652f28142260c78f4 Mon Sep 17 00:00:00 2001 From: Brook Elgie Date: Thu, 20 Nov 2014 14:10:07 +0000 Subject: [PATCH 09/10] [#1943] Removed example config from who.ini. All config should be centralized to the .ini files. --- ckan/config/who.ini | 8 -------- 1 file changed, 8 deletions(-) diff --git a/ckan/config/who.ini b/ckan/config/who.ini index 77b82f78628..913f0e72fbe 100644 --- a/ckan/config/who.ini +++ b/ckan/config/who.ini @@ -3,14 +3,6 @@ use = ckan.lib.auth_tkt:make_plugin # If no secret key is defined here, beaker.session.secret will be used #secret = somesecret -# If no timeout or reissue_time is defined here, who.timeout and -# who.reissue_time will be used. -# Timeout set in seconds before a non-active session expires (optional). -#timeout = 86400 ;One day -# Time before a session ticket is reissued (optional). If not defined, -# this will be set to 1/10th the timeout value. -#reissue_time = 8640 - [plugin:friendlyform] use = repoze.who.plugins.friendlyform:FriendlyFormPlugin login_form_url= /user/login From c260d58387167c660c4981b0305d514693064e20 Mon Sep 17 00:00:00 2001 From: Brook Elgie Date: Thu, 20 Nov 2014 16:43:11 +0000 Subject: [PATCH 10/10] [#1943] Move session config to lib/auth_tkt --- ckan/lib/auth_tkt.py | 13 ++- ckan/new_tests/config/test_middleware.py | 100 ----------------------- ckan/new_tests/lib/test_auth_tkt.py | 53 +++++++++--- 3 files changed, 50 insertions(+), 116 deletions(-) delete mode 100644 ckan/new_tests/config/test_middleware.py diff --git a/ckan/lib/auth_tkt.py b/ckan/lib/auth_tkt.py index cc68a4dde55..526d5e26f7a 100644 --- a/ckan/lib/auth_tkt.py +++ b/ckan/lib/auth_tkt.py @@ -1,3 +1,4 @@ +import math import os from pylons import config @@ -41,13 +42,19 @@ def make_plugin(secret=None, userid_checker=None): from repoze.who.utils import resolveDotted - # ckan specific: get secret from beaker setting if necessary + # ckan specifics: + # Get secret from beaker setting if necessary if secret is None or secret == 'somesecret': secret = config['beaker.session.secret'] - + # Session timeout and reissue time for auth cookie + if timeout is None and config.get('who.timeout'): + timeout = config.get('who.timeout') + if reissue_time is None and config.get('who.reissue_time'): + reissue_time = config.get('who.reissue_time') + if timeout is not None and reissue_time is None: + reissue_time = int(math.ceil(int(timeout) * 0.1)) # Set httponly based on config value. Default is True httponly = config.get('who.httponly', True) - # Set secure based on config value. Default is False secure = config.get('who.secure', False) diff --git a/ckan/new_tests/config/test_middleware.py b/ckan/new_tests/config/test_middleware.py deleted file mode 100644 index 4b26294c175..00000000000 --- a/ckan/new_tests/config/test_middleware.py +++ /dev/null @@ -1,100 +0,0 @@ -import mock -from nose import tools as nose_tools - -from ckan.new_tests import helpers -from ckan.config import middleware - - -class TestCkanAuthTktMakeApp(object): - - '''Tests for middleware.ckan_auth_tkt_make_app method.''' - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - def test_make_plugin_called_without_timeout_or_reissue_time(self, mock_auth_tkt_make_plugin): - ''' - repoze.who.plugins.auth_tkt.make_plugin is called without timeout or - reissue_time when these haven't been defined in the config or kwargs. - ''' - # Make the call - middleware.ckan_auth_tkt_make_app() - - # What was make_plugin called with? - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_false('timeout' in kwargs.keys()) - nose_tools.assert_false('reissue_time' in kwargs.keys()) - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - def test_make_plugin_called_with_timeout_defined_as_kwargs(self, mock_auth_tkt_make_plugin): - ''' - kwargs are passed into ckan_auth_tkt_make_app come from who.ini and - should be passed to make_plugin. - ''' - middleware.ckan_auth_tkt_make_app(timeout=2000) - - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_true(('timeout', 2000) in kwargs.items()) - nose_tools.assert_true(('reissue_time', 200) in kwargs.items()) - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - def test_make_plugin_called_with_timeout_and_reissue_time_defined_in_kwargs(self, mock_auth_tkt_make_plugin): - ''' - kwargs are passed into ckan_auth_tkt_make_app come from who.ini and - should be passed to make_plugin. - ''' - middleware.ckan_auth_tkt_make_app(timeout=2000, reissue_time=100) - - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_true(('timeout', 2000) in kwargs.items()) - nose_tools.assert_true(('reissue_time', 100) in kwargs.items()) - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - @helpers.change_config('who.timeout', 9000) - def test_make_plugin_called_with_timeout_from_config(self, mock_auth_tkt_make_plugin): - ''' - repoze.who.plugins.auth_tkt.make_plugin is called with timeout defined - in config, but no reissue_time (one will be created). - ''' - middleware.ckan_auth_tkt_make_app() - - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_true(('timeout', 9000) in kwargs.items()) - nose_tools.assert_true(('reissue_time', 900) in kwargs.items()) - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - @helpers.change_config('who.timeout', 9000) - @helpers.change_config('who.reissue_time', 200) - def test_make_plugin_called_with_reissue_from_config(self, mock_auth_tkt_make_plugin): - ''' - repoze.who.plugins.auth_tkt.make_plugin is called with timeout and - reissue_time defined in config. - ''' - middleware.ckan_auth_tkt_make_app() - - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_true(('timeout', 9000) in kwargs.items()) - nose_tools.assert_true(('reissue_time', 200) in kwargs.items()) - - @mock.patch('ckan.config.middleware.auth_tkt_make_plugin') - @helpers.change_config('who.timeout', 9000) - @helpers.change_config('who.reissue_time', 200) - def test_make_plugin_called_with_kwargs_supersede_config(self, mock_auth_tkt_make_plugin): - ''' - keyword args (who.ini values) supersede those in config. - ''' - middleware.ckan_auth_tkt_make_app(timeout=8000, reissue_time=500) - - mock_call_args = mock_auth_tkt_make_plugin.call_args - _, kwargs = mock_call_args - - nose_tools.assert_true(('timeout', 8000) in kwargs.items()) - nose_tools.assert_true(('reissue_time', 500) in kwargs.items()) diff --git a/ckan/new_tests/lib/test_auth_tkt.py b/ckan/new_tests/lib/test_auth_tkt.py index 6e729fd0ab4..644f23f6f56 100644 --- a/ckan/new_tests/lib/test_auth_tkt.py +++ b/ckan/new_tests/lib/test_auth_tkt.py @@ -1,24 +1,18 @@ +from nose import tools as nose_tools + from ckan.new_tests import helpers -from ckan.lib.auth_tkt import CkanAuthTktCookiePlugin, make_plugin +from ckan.lib.auth_tkt import make_plugin -class TestCkanAuthTktCookiePlugin(object): +class TestCkanAuthTktCookiePlugin(helpers.FunctionalTestBase): ''' Test the added methods used by this subclass of repoze.who.plugins.auth_tkt.AuthTktCookiePlugin - ''' - def _make_plugin(self, httponly): - '''Only httponly needs to be set.''' - return CkanAuthTktCookiePlugin(httponly=httponly, - secret=None, - cookie_name='auth_tkt', - secure=False, - include_ip=False, - timeout=None, - reissue_time=None, - userid_checker=None) + Subclassing FunctionalTestBase ensures the original config is restored + after each test. + ''' @helpers.change_config('who.httponly', True) def test_httponly_expected_cookies_with_config_httponly_true(self): @@ -109,3 +103,36 @@ def test_secure_expected_cookies_without_config_secure(self): ('Set-Cookie', 'auth_tkt="HELLO"; Path=/; Domain=.0.0.0.0; HttpOnly') ] assert cookies == expected_cookies + + def test_timeout_not_set_in_config(self): + ''' + Creating a CkanAuthTktCookiePlugin instance without setting timeout in + config sets correct values in CkanAuthTktCookiePlugin instance. + ''' + plugin = make_plugin(secret='sosecret') + + nose_tools.assert_equal(plugin.timeout, None) + nose_tools.assert_equal(plugin.reissue_time, None) + + @helpers.change_config('who.timeout', 9000) + def test_timeout_set_in_config(self): + ''' + Setting who.timeout in config sets correct values in + CkanAuthTktCookiePlugin instance. + ''' + plugin = make_plugin(secret='sosecret') + + nose_tools.assert_equal(plugin.timeout, 9000) + nose_tools.assert_equal(plugin.reissue_time, 900) + + @helpers.change_config('who.timeout', 9000) + @helpers.change_config('who.reissue_time', 200) + def test_reissue_set_in_config(self): + ''' + Setting who.reissue in config sets correct values in + CkanAuthTktCookiePlugin instance. + ''' + plugin = make_plugin(secret='sosecret') + + nose_tools.assert_equal(plugin.timeout, 9000) + nose_tools.assert_equal(plugin.reissue_time, 200)