[Checkins] SVN: Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/ - added more tests

Yvo Schubbe y.2010 at wcm-solutions.de
Mon Jun 14 02:04:26 EDT 2010


Log message for revision 113440:
  - added more tests
  - fixed disable_cookie_login__ behavior

Changed:
  U   Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py
  U   Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt

-=-
Modified: Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py
===================================================================
--- Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py	2010-06-14 06:02:21 UTC (rev 113439)
+++ Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py	2010-06-14 06:04:26 UTC (rev 113440)
@@ -65,8 +65,11 @@
         except (AttributeError, ValueError):
             # re-raise the unhandled exception
             raise self.context
+        req = self.request
+        if req.get('disable_cookie_login__', 0):
+            # re-raise the unhandled exception
+            raise self.context
 
-        req = self.request
         attempt = getattr(req, '_cookie_auth', ATTEMPT_NONE)
         if attempt == ATTEMPT_NONE:
             # An anonymous user was denied access to something.

Modified: Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt
===================================================================
--- Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt	2010-06-14 06:02:21 UTC (rev 113439)
+++ Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt	2010-06-14 06:04:26 UTC (rev 113440)
@@ -42,6 +42,40 @@
     >>> browser.headers['Location']
     'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main&retry=&disable_cookie_login__=1'
 
+Same redirect with a query string. The query string is preserved.
+
+    >>> browser.open('http://localhost/site/manage_main?a:int=1&x:string=y')
+    Traceback (most recent call last):
+    ...
+    HTTPError: HTTP Error 302: Moved Temporarily
+    >>> browser.contents
+    ''
+    >>> browser.headers['Location']
+    'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main%3Fa%3Aint%3D1%26x%3Astring%3Dy&retry=&disable_cookie_login__=1'
+    >>> quote('manage_main?a:int=1&x:string=y') in browser.headers['Location']
+    True
+
+And requests are redirected to the login_form if a login attempt fails.
+
+    >>> browser.post('http://localhost/site/manage_main',
+    ...              '__ac_name=mbr&__ac_password=wrong')
+    Traceback (most recent call last):
+    ...
+    HTTPError: HTTP Error 302: Moved Temporarily
+    >>> browser.contents
+    ''
+    >>> browser.headers['Location']
+    'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main&retry=1&disable_cookie_login__=1'
+
+But requests with 'disable_cookie_login__=1' are not redirected.
+
+    >>> browser.open('http://localhost/site/manage_main?disable_cookie_login__=1')
+    Traceback (most recent call last):
+    ...
+    HTTPError: HTTP Error 401: Unauthorized
+    >>> browser.contents
+    '<strong>You are not authorized to access this resource.</strong>'
+
 The view for zExceptions.Unauthorized shows a Forbidden error if logged in.
 
     >>> browser.cookies['__ac'] = '%s' % mbr_credentials



More information about the checkins mailing list