[Zope3-Users] Re: pau, testbrowser, HTTP Error 403: Forbidden

Darryl Cousins darryl at darrylcousins.net.nz
Sun Aug 27 07:32:40 EDT 2006

Cheers Philip for the reply.

Yup. The site I am testing is set up with an initialization handler on
the site folder, with the pau, groups, principals and other bits. The
principal is logged in with this pau in the site folder (I can verify
this with a testbrowser call to the principal account view. The browser
tests which result in the behaviour I described is designed to test the
security arrangement (on groups, principals and objects). I.E. I log in
the principal with (exerpt from doctest):

First up we'll use Kevin who is a member of the Member group only. When
opening account view we will be asked to login.

    >>> browser = Browser()
    >>> browser.open('http://localhost/tfws/account.html')
    >>> browser.getControl(name='login').value = u'kevin.lopez'
    >>> browser.getControl(name='password').value = u'secret'
    >>> browser.getControl(name='SUBMIT').click()
    >>> browser.url

And so I am suprised that:

    >>> print browser.open('http://localhost/tfws/categories/cotton/edit.html')
    >>> 'Unauthorized' in browser.contents

... instead results in:

Exception raised
HTTPError: HTTP Error 403: Forbidden

But in a browser I am redirected to the unauthorised view as expected.

Best regards,

On Sun, 2006-08-27 at 11:46 +0200, Philipp von Weitershausen wrote:
> Darryl Cousins wrote:
> > Hi all,
> > 
> > In normal browser when logged in as a pau principal I am successfully
> > redirected to the standard unauthorized view when accessing a view
> > forbidden to the user.
> > 
> > But accessing the same view in tests using testbrowser and loggd in as
> > the same principal I get: 
> > 
> >     Exception raised:
> >     ...
> >     HTTPError: HTTP Error 403: Forbidden
> > 
> > Any thoughts please?
> The PAU is a local utility stored in your ZODB. Functional tests (e.g.
> testbrowser tests) are run with an in-memory ZODB instance that's thrown
> away after each test (sandbox). They don't see the PAU you have set up.
> If you want to test authentication via your PAU in a test, the test
> should first create and register a PAU, add the principal sources inside
> and then add the principals (if necessary).
> Alternatively, you can just the 'mgr:mgrpw' credentials for functional
> tests.
> Philipp
> _______________________________________________
> Zope3-users mailing list
> Zope3-users at zope.org
> http://mail.zope.org/mailman/listinfo/zope3-users

More information about the Zope3-users mailing list