[Checkins] SVN: Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/ - added more tests
Yvo Schubbe
y.2010 at wcm-solutions.de
Mon Jun 14 02:04:26 EDT 2010
Log message for revision 113440:
- added more tests
- fixed disable_cookie_login__ behavior
Changed:
U Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py
U Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt
-=-
Modified: Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py
===================================================================
--- Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py 2010-06-14 06:02:21 UTC (rev 113439)
+++ Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/authentication.py 2010-06-14 06:04:26 UTC (rev 113440)
@@ -65,8 +65,11 @@
except (AttributeError, ValueError):
# re-raise the unhandled exception
raise self.context
+ req = self.request
+ if req.get('disable_cookie_login__', 0):
+ # re-raise the unhandled exception
+ raise self.context
- req = self.request
attempt = getattr(req, '_cookie_auth', ATTEMPT_NONE)
if attempt == ATTEMPT_NONE:
# An anonymous user was denied access to something.
Modified: Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt
===================================================================
--- Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt 2010-06-14 06:02:21 UTC (rev 113439)
+++ Products.CMFDefault/branches/cookiecrumbler_with_views/Products/CMFDefault/browser/tests/authentication.txt 2010-06-14 06:04:26 UTC (rev 113440)
@@ -42,6 +42,40 @@
>>> browser.headers['Location']
'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main&retry=&disable_cookie_login__=1'
+Same redirect with a query string. The query string is preserved.
+
+ >>> browser.open('http://localhost/site/manage_main?a:int=1&x:string=y')
+ Traceback (most recent call last):
+ ...
+ HTTPError: HTTP Error 302: Moved Temporarily
+ >>> browser.contents
+ ''
+ >>> browser.headers['Location']
+ 'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main%3Fa%3Aint%3D1%26x%3Astring%3Dy&retry=&disable_cookie_login__=1'
+ >>> quote('manage_main?a:int=1&x:string=y') in browser.headers['Location']
+ True
+
+And requests are redirected to the login_form if a login attempt fails.
+
+ >>> browser.post('http://localhost/site/manage_main',
+ ... '__ac_name=mbr&__ac_password=wrong')
+ Traceback (most recent call last):
+ ...
+ HTTPError: HTTP Error 302: Moved Temporarily
+ >>> browser.contents
+ ''
+ >>> browser.headers['Location']
+ 'http://localhost/site/login_form?came_from=http%3A//localhost/site/manage_main&retry=1&disable_cookie_login__=1'
+
+But requests with 'disable_cookie_login__=1' are not redirected.
+
+ >>> browser.open('http://localhost/site/manage_main?disable_cookie_login__=1')
+ Traceback (most recent call last):
+ ...
+ HTTPError: HTTP Error 401: Unauthorized
+ >>> browser.contents
+ '<strong>You are not authorized to access this resource.</strong>'
+
The view for zExceptions.Unauthorized shows a Forbidden error if logged in.
>>> browser.cookies['__ac'] = '%s' % mbr_credentials
More information about the checkins
mailing list