Context navigation

source: main/waeup.cas/trunk/waeup/cas/tests/test_server.py @ 10604

Last change on this file since 10604 was 10604, checked in by uli, 11 years ago
We need a smarter message box handling. Test it first.
File size: 24.6 KB

Rev	Line
[10321]	1	import os
[10394]	2	import re
[10321]	3	import shutil
	4	import tempfile
	5	import unittest
	6	from paste.deploy import loadapp
[10494]	7	try:
	8	from urlparse import parse_qsl # Python 2.x
	9	except ImportError: # pragma: no cover
	10	from urllib.parse import parse_qsl # Python 3.x
[10394]	11	from webob import Request, Response
	12	from webtest import TestApp as WebTestApp # avoid py.test skip message
	13	from waeup.cas.authenticators import DummyAuthenticator
	14	from waeup.cas.db import DB, LoginTicket, ServiceTicket, TicketGrantingCookie
	15	from waeup.cas.server import (
	16	CASServer, create_service_ticket, create_login_ticket,
	17	create_tgc_value, check_login_ticket, set_session_cookie,
[10414]	18	check_session_cookie, get_template, delete_session_cookie,
[10604]	19	check_service_ticket, update_url, set_message
[10394]	20	)
[10321]	21
[10394]	22	RE_ALPHABET = re.compile('^[a-zA-Z0-9\-]*$')
	23	RE_COOKIE = re.compile('^cas-tgc=[A-Za-z0-9\-]+; Path=/; secure; HttpOnly$')
[10414]	24	RE_COOKIE_DEL = re.compile(
	25	'^cas-tgc=; Max-Age=\-[0-9]+; Path=/; '
	26	'expires=Thu, 01-Jan-1970 00:00:00 GMT; secure; HttpOnly$')
[10394]	27
	28
[10321]	29	class CASServerTests(unittest.TestCase):
	30
	31	def setUp(self):
[10348]	32	# Create a new location where tempfiles are created. This way
	33	# also temporary dirs of local CASServers can be removed on
	34	# tear-down.
	35	self._new_tmpdir = tempfile.mkdtemp()
	36	self._old_tmpdir = tempfile.tempdir
	37	tempfile.tempdir = self._new_tmpdir
	38	self.workdir = os.path.join(self._new_tmpdir, 'home')
	39	self.db_path = os.path.join(self.workdir, 'mycas.db')
[10394]	40	os.mkdir(self.workdir)
[10321]	41	self.paste_conf1 = os.path.join(
	42	os.path.dirname(__file__), 'sample1.ini')
[10352]	43	self.paste_conf2 = os.path.join(
	44	os.path.dirname(__file__), 'sample2.ini')
[10321]	45
	46	def tearDown(self):
[10348]	47	# remove local tempfile and reset old tempdir setting
	48	if os.path.isdir(self._new_tmpdir):
	49	shutil.rmtree(self._new_tmpdir)
	50	tempfile.tempdir = self._old_tmpdir
[10321]	51
	52	def test_paste_deploy_loader(self):
	53	# we can load the CAS server via paste.deploy plugin
	54	app = loadapp('config:%s' % self.paste_conf1)
	55	assert isinstance(app, CASServer)
[10394]	56	assert hasattr(app, 'db')
	57	assert isinstance(app.db, DB)
	58	assert hasattr(app, 'auth')
[10321]	59
	60	def test_paste_deploy_options(self):
	61	# we can set CAS server-related options via paste.deploy config
[10352]	62	app = loadapp('config:%s' % self.paste_conf2)
[10321]	63	assert isinstance(app, CASServer)
[10394]	64	assert app.db_connection_string == 'sqlite:///:memory:'
	65	assert isinstance(app.auth, DummyAuthenticator)
[10321]	66
[10351]	67	def test_init(self):
[10394]	68	# we get a `DB` instance created automatically
[10351]	69	app = CASServer()
[10394]	70	assert hasattr(app, 'db')
	71	assert app.db is not None
[10351]	72
	73	def test_init_explicit_db_path(self):
	74	# we can set a db_path explicitly
[10394]	75	app = CASServer(db='sqlite:///%s' % self.db_path)
	76	assert hasattr(app, 'db')
	77	assert isinstance(app.db, DB)
	78	assert os.path.isfile(self.db_path)
[10351]	79
[10394]	80	def test_get_template(self):
	81	app = CASServer()
	82	assert app._get_template('login.html') is not None
	83	assert app._get_template('not-existent.html') is None
	84
[10321]	85	def test_call_root(self):
[10326]	86	# the CAS protocol requires no root
[10321]	87	app = CASServer()
	88	req = Request.blank('http://localhost/')
	89	resp = app(req)
[10322]	90	assert resp.status == '404 Not Found'
[10326]	91
	92	def test_first_time_login(self):
	93	# we can get a login page
	94	app = CASServer()
	95	req = Request.blank('http://localhost/login')
	96	resp = app(req)
	97	assert resp.status == '200 OK'
	98
	99	def test_validate(self):
	100	# we can access a validation page
	101	app = CASServer()
[10416]	102	req = Request.blank('http://localhost/validate?service=foo&ticket=bar')
[10326]	103	resp = app(req)
[10416]	104	assert resp.status == '200 OK'
[10326]	105
	106	def test_logout(self):
	107	# we can access a logout page
	108	app = CASServer()
	109	req = Request.blank('http://localhost/logout')
	110	resp = app(req)
[10415]	111	assert resp.status == '200 OK'
[10335]	112
	113	def test_login_simple(self):
	114	# a simple login with no service will result in login screen
	115	# (2.1.1#service of protocol specs)
	116	app = CASServer()
	117	req = Request.blank('http://localhost/login')
	118	resp = app(req)
	119	assert resp.status == '200 OK'
	120	assert resp.content_type == 'text/html'
	121	assert b'<form ' in resp.body
[10394]	122
[10401]	123	def test_login_cred_acceptor_sso_no_service(self):
	124	# 2.2.4: successful login via single sign on
	125	app = CASServer()
	126	tgc = create_tgc_value()
	127	app.db.add(tgc)
	128	value = str(tgc.value)
	129	req = Request.blank('https://localhost/login')
	130	req.headers['Cookie'] = 'cas-tgc=%s' % value
	131	resp = app(req)
	132	assert resp.status == '200 OK'
	133	assert b'already' in resp.body
	134	assert 'Set-Cookie' not in resp.headers
	135	return
[10394]	136
[10411]	137	def test_login_renew_with_cookie(self):
	138	# 2.1.1: cookie will be ignored when renew is set
	139	app = CASServer()
	140	tgc = create_tgc_value()
	141	app.db.add(tgc)
	142	value = str(tgc.value)
	143	req = Request.blank('https://localhost/login?renew=true')
	144	req.headers['Cookie'] = 'cas-tgc=%s' % value
	145	resp = app(req)
	146	assert resp.status == '200 OK'
	147	assert b'username' in resp.body
	148	assert 'Set-Cookie' not in resp.headers
[10401]	149
[10412]	150	def test_login_renew_without_cookie(self):
	151	# 2.1.1: with renew and no cookie, normal auth will happen
	152	app = CASServer()
	153	req = Request.blank('https://localhost/login?renew=true')
	154	resp = app(req)
	155	assert resp.status == '200 OK'
	156	assert b'username' in resp.body
	157
[10411]	158	def test_login_renew_as_empty_string(self):
	159	# `renew` is handled correctly, even with empty value
	160	app = CASServer()
	161	tgc = create_tgc_value()
	162	app.db.add(tgc)
	163	value = str(tgc.value)
	164	req = Request.blank('https://localhost/login?renew')
	165	req.headers['Cookie'] = 'cas-tgc=%s' % value
	166	resp = app(req)
	167	assert resp.status == '200 OK'
	168	assert b'username' in resp.body
	169	assert 'Set-Cookie' not in resp.headers
	170
[10412]	171	def test_login_gateway_no_cookie_with_service(self):
	172	# 2.1.1: with gateway but w/o cookie we will be redirected to service
	173	# no service ticket will be issued
	174	app = CASServer()
	175	params = 'gateway=true&service=http%3A%2F%2Fwww.service.com'
	176	req = Request.blank('https://localhost/login?%s' % params)
	177	resp = app(req)
	178	assert resp.status == '303 See Other'
	179	assert 'Location' in resp.headers
	180	assert resp.headers['Location'] == 'http://www.service.com'
[10411]	181
[10412]	182	def test_login_gateway_with_cookie_and_service(self):
	183	# 2.1.1: with cookie and gateway we will be redirected to service
	184	app = CASServer()
	185	tgc = create_tgc_value()
	186	app.db.add(tgc)
	187	value = str(tgc.value)
	188	params = 'gateway=true&service=http%3A%2F%2Fwww.service.com'
	189	req = Request.blank('https://localhost/login?%s' % params)
	190	req.headers['Cookie'] = 'cas-tgc=%s' % value
	191	resp = app(req)
	192	assert resp.status == '303 See Other'
	193	assert 'Location' in resp.headers
	194	assert resp.headers['Location'].startswith(
	195	'http://www.service.com?ticket=ST-')
	196
	197	def test_login_gateway_and_renew(self):
	198	# 2.1.1 if both, gateway and renew are specified, only renew is valid
	199	app = CASServer()
	200	tgc = create_tgc_value()
	201	app.db.add(tgc)
	202	value = str(tgc.value)
	203	req = Request.blank('https://localhost/login?renew=true&gateway=true')
	204	req.headers['Cookie'] = 'cas-tgc=%s' % value
	205	resp = app(req)
	206	# with only gateway true, this would lead to a redirect
	207	assert resp.status == '200 OK'
	208	assert b'username' in resp.body
	209	assert 'Set-Cookie' not in resp.headers
	210
[10413]	211	def test_login_warn(self):
	212	# 2.2.1 as a credential acceptor, with `warn` set we require confirm
	213	app = CASServer()
	214	tgc = create_tgc_value()
	215	app.db.add(tgc)
	216	value = str(tgc.value)
	217	params = 'warn=true&service=http%3A%2F%2Fwww.service.com'
	218	req = Request.blank('https://localhost/login?%s' % params)
	219	req.headers['Cookie'] = 'cas-tgc=%s' % value
	220	resp = app(req)
	221	# without warn, we would get a redirect
	222	assert resp.status == '200 OK'
	223	assert b'CAS login successful' in resp.body
[10412]	224
[10415]	225	def test_logout_no_cookie(self):
	226	# 2.3 logout displays a logout page.
	227	app = CASServer()
	228	req = Request.blank('https://localhost/logout')
	229	resp = app(req)
	230	assert resp.status == '200 OK'
	231	assert b'logged out' in resp.body
[10413]	232
[10415]	233	def test_logout_with_cookie(self):
	234	# 2.3 logout destroys any existing SSO session
	235	app = CASServer()
	236	tgc = create_tgc_value()
	237	app.db.add(tgc)
	238	value = str(tgc.value)
	239	req = Request.blank('https://localhost/logout')
	240	req.headers['Cookie'] = 'cas-tgc=%s' % value
	241	resp = app(req)
	242	assert resp.status == '200 OK'
	243	assert b'logged out' in resp.body
	244	assert 'Set-Cookie' in resp.headers
	245	cookie = resp.headers['Set-Cookie']
	246	assert cookie.startswith('cas-tgc=;')
	247	assert 'expires' in cookie
	248	assert 'Max-Age' in cookie
	249	assert len(list(app.db.query(TicketGrantingCookie))) == 0
	250
	251	def test_logout_url(self):
	252	# 2.3.1 with an `url` given we provide a link on logout
	253	app = CASServer()
	254	params = 'url=http%3A%2F%2Fwww.logout.com'
	255	req = Request.blank('https://localhost/logout?%s' % params)
	256	resp = app(req)
	257	assert resp.status == '200 OK'
	258	assert b'logged out' in resp.body
	259	assert b'like you to' in resp.body
	260	assert b'http://www.logout.com' in resp.body
	261
[10416]	262	def test_validate_invalid(self):
	263	# 2.4.2 validation failures is indicated by a given format
	264	app = CASServer()
	265	params = 'ticket=foo&service=bar'
	266	req = Request.blank('https://localhost/validate?%s' % params)
	267	resp = app(req)
	268	assert resp.body == b'no\n\n'
[10415]	269
[10416]	270	def test_validate_valid(self):
	271	# 2.4 validation success is indicated by a given format
	272	app = CASServer()
	273	sticket = create_service_ticket(
	274	'someuser', 'http://service.com/', sso=False)
	275	app.db.add(sticket)
	276	params = 'ticket=%s&service=%s' % (
	277	sticket.ticket, sticket.service)
	278	req = Request.blank('https://localhost/validate?%s' % params)
	279	resp = app(req)
	280	assert resp.body == b'yes\nsomeuser\n'
	281
	282	def test_validate_renew_invalid(self):
	283	# 2.4.1 with `renew` we accept only non-sso issued tickets
	284	app = CASServer()
	285	sticket = create_service_ticket(
	286	'someuser', 'http://service.com/', sso=True)
	287	app.db.add(sticket)
	288	params = 'ticket=%s&service=%s&renew=true' % (
	289	sticket.ticket, sticket.service)
	290	req = Request.blank('https://localhost/validate?%s' % params)
	291	resp = app(req)
	292	assert resp.body == b'no\n\n'
	293
	294	def test_validate_renew_valid(self):
	295	# 2.4.1 with `renew` we accept only non-sso issued tickets
	296	app = CASServer()
	297	sticket = create_service_ticket(
	298	'someuser', 'http://service.com/', sso=False)
	299	app.db.add(sticket)
	300	params = 'ticket=%s&service=%s&renew=true' % (
	301	sticket.ticket, sticket.service)
	302	req = Request.blank('https://localhost/validate?%s' % params)
	303	resp = app(req)
	304	assert resp.body == b'yes\nsomeuser\n'
	305
[10601]	306	def test_style_css(self):
	307	# we can get a custom style sheet
	308	app = CASServer()
	309	req = Request.blank('https://localhost/style.css')
	310	resp = app(req)
	311	assert resp.status == '200 OK'
	312	assert resp.content_type == 'text/css'
[10416]	313
[10604]	314	def test_set_message(self):
	315	# we can set a message
	316	result = set_message('Hi there', '<body>MSG_TEXT</body>')
	317	assert result == '<body>Hi there</body>'
[10601]	318
[10604]	319	def test_set_message_empty_or_none(self):
	320	# without a message, no message text will be displayed
	321	result = set_message('', '<body>MSG_TEXT</body>')
	322	assert result == '<body></body>'
	323	result = set_message('', '<body><div id="msg">MSG_TEXT</div></body>')
	324	assert result == '<body></body>'
	325	result = set_message(None, '<body><div id="msg">MSG_TEXT</div></body>')
	326	assert result == '<body></body>'
	327	result = set_message(
	328	None,
	329	'<body><div a="1">\n<div id="msg">MSG_TEXT</div>a\n</div></body>')
	330	assert result == '<body><div a="1">\na\n</div></body>'
	331	result = set_message(
	332	None,
	333	'<body><div a="1"><div id="msg">MSG_TEXT</div>a</div></body>')
	334	assert result == '<body><div a="1">a</div></body>'
	335
	336
[10394]	337	class BrowserTests(unittest.TestCase):
	338
	339	def setUp(self):
	340	self.raw_app = CASServer(auth=DummyAuthenticator())
	341	self.app = WebTestApp(self.raw_app)
	342
	343	def test_login(self):
	344	resp = self.app.get('/login')
	345	assert resp.status == '200 OK'
	346	form = resp.forms[0]
	347	# 2.1.3: form must be submitted by POST
	348	assert form.method == 'post'
	349	fieldnames = form.fields.keys()
	350	# 2.1.3: form must contain: username, password, lt
	351	assert 'username' in fieldnames
	352	assert 'password' in fieldnames
	353	assert 'lt' in fieldnames
	354	assert RE_ALPHABET.match(form['lt'].value)
	355
	356	def test_login_no_service(self):
	357	# w/o a service passed in, the form should not contain service
	358	# (not a strict protocol requirement, but handy)
	359	resp = self.app.get('/login')
	360	assert 'service' not in resp.forms[0].fields.keys()
	361
	362	def test_login_service_replayed(self):
	363	# 2.1.3: the login form must contain the service param sent
	364	resp = self.app.get('/login?service=http%3A%2F%2Fwww.service.com')
	365	form = resp.forms[0]
	366	assert resp.status == '200 OK'
	367	assert 'service' in form.fields.keys()
	368	assert form['service'].value == 'http://www.service.com'
	369
	370	def test_login_cred_acceptor_valid_no_service(self):
	371	# 2.2.4: successful login w/o service yields a message
	372	lt = create_login_ticket()
	373	self.raw_app.db.add(lt)
	374	lt_string = lt.ticket
	375	resp = self.app.post('/login', dict(
	376	username='bird', password='bebop', lt=lt_string))
	377	assert resp.status == '200 OK'
	378	assert b'successful' in resp.body
	379	# single-sign-on session initiated
	380	assert 'Set-Cookie' in resp.headers
	381	cookie = resp.headers['Set-Cookie']
	382	assert cookie.startswith('cas-tgc=')
	383
	384	def test_login_cred_acceptor_valid_w_service(self):
	385	# 2.2.4: successful login with service makes a redirect
	386	# Appendix B: safe redirect
	387	lt = create_login_ticket()
	388	self.raw_app.db.add(lt)
	389	lt_string = lt.ticket
	390	resp = self.app.post('/login', dict(
	391	username='bird', password='bebop', lt=lt_string,
	392	service='http://example.com/Login'))
	393	assert resp.status == '303 See Other'
	394	assert 'Location' in resp.headers
	395	assert resp.headers['Location'].startswith(
	396	'http://example.com/Login?ticket=ST-')
	397	assert 'Pragma' in resp.headers
	398	assert resp.headers['Pragma'] == 'no-cache'
	399	assert 'Cache-Control' in resp.headers
	400	assert resp.headers['Cache-Control'] == 'no-store'
	401	assert 'Expires' in resp.headers
	402	assert resp.headers['Expires'] == 'Thu, 01 Dec 1994 16:00:00 GMT'
	403	assert b'window.location.href' in resp.body
	404	assert b'noscript' in resp.body
	405	assert b'ticket=ST-' in resp.body
[10498]	406	q = self.raw_app.db.query(ServiceTicket)
	407	st = q.all()[0]
	408	assert st.user == 'bird'
	409	assert st.service == 'http://example.com/Login'
	410	assert st.ticket.startswith('ST-')
[10394]	411
[10397]	412	def test_login_cred_acceptor_failed(self):
	413	# 2.2.4: failed login yields a message
	414	lt = create_login_ticket()
	415	self.raw_app.db.add(lt)
	416	lt_string = lt.ticket
	417	resp = self.app.post('/login', dict(
	418	username='bird', password='cat', lt=lt_string))
	419	assert resp.status == '200 OK'
	420	assert b'failed' in resp.body
[10394]	421
[10401]	422	def test_login_sso_no_service(self):
	423	# we can initiate single-sign-on without service
	424	resp1 = self.app.get('https://localhost/login') # HTTPS required!
	425	assert resp1.status == '200 OK'
	426	assert 'cas-tgc' not in self.app.cookies
	427	form = resp1.forms[0]
	428	form.set('username', 'bird')
	429	form.set('password', 'bebop')
	430	resp2 = form.submit('AUTHENTICATE')
	431	assert resp2.status == '200 OK'
	432	# we got a secure cookie
	433	assert 'cas-tgc' in self.app.cookies
	434	# when we get the login page again, the cookie will replace creds.
	435	resp3 = self.app.get('https://localhost/login')
	436	assert b'You logged in already' in resp3.body
[10397]	437
[10409]	438	def test_login_sso_with_service(self):
	439	resp1 = self.app.get(
[10410]	440	'https://localhost/login?service=http%3A%2F%2Fservice.com%2F')
[10409]	441	assert resp1.status == '200 OK'
	442	assert 'cas-tgc' not in self.app.cookies
	443	form = resp1.forms[0]
	444	form.set('username', 'bird')
	445	form.set('password', 'bebop')
	446	resp2 = form.submit('AUTHENTICATE')
	447	assert resp2.status == '303 See Other'
	448	assert resp2.headers['Location'].startswith(
	449	'http://service.com/?ticket=ST-')
	450	# we got a secure cookie
	451	assert 'cas-tgc' in self.app.cookies
	452	resp3 = self.app.get(
[10410]	453	'https://localhost/login?service=http%3A%2F%2Fservice.com%2F')
[10409]	454	assert resp3.status == '303 See Other'
	455	assert resp3.headers['Location'].startswith(
	456	'http://service.com/?ticket=ST-')
[10401]	457
[10490]	458	def test_login_sso_with_service_additional_params1(self):
	459	# we can get a service ticket also with a service providing
	460	# get params
	461	# this service url reads http://service.com/index.php?authCAS=CAS
	462	service_url = 'http%3A%2F%2Fservice.com%2Findex.php%3FauthCAS%3DCAS'
	463	resp1 = self.app.get(
	464	'https://localhost/login?service=%s' % service_url)
	465	assert resp1.status == '200 OK'
	466	assert 'cas-tgc' not in self.app.cookies
	467	form = resp1.forms[0]
	468	form.set('username', 'bird')
	469	form.set('password', 'bebop')
	470	resp2 = form.submit('AUTHENTICATE')
	471	assert resp2.status == '303 See Other'
	472	location = resp2.headers['Location']
[10492]	473	query_string = location.split('?', 1)[1]
	474	query_params = dict(parse_qsl(query_string))
	475	assert 'authCAS' in query_params.keys()
	476	assert 'ticket' in query_params.keys()
	477	assert len(query_params['ticket']) == 32
[10409]	478
[10490]	479
[10394]	480	class CASServerHelperTests(unittest.TestCase):
	481
	482	def setUp(self):
	483	self.workdir = tempfile.mkdtemp()
	484	self.db_file = os.path.join(self.workdir, 'mycas.db')
	485	self.conn_string = 'sqlite:///%s' % self.db_file
	486	self.db = DB(self.conn_string)
	487
	488	def tearDown(self):
	489	shutil.rmtree(self.workdir)
	490
	491	def test_create_service_ticket(self):
	492	# we can create service tickets
	493	st = create_service_ticket(
	494	user='bob', service='http://www.example.com')
	495	assert isinstance(st, ServiceTicket)
	496	# 3.1.1: service not part of ticket
	497	assert 'example.com' not in st.ticket
	498	# 3.1.1: ticket must start with 'ST-'
	499	assert st.ticket.startswith('ST-')
	500	# 3.1.1: min. ticket length clients must be able to process is 32
	501	assert len(st.ticket) < 33
	502	# 3.7: allowed character set == [a-zA-Z0-9\-]
	503	assert RE_ALPHABET.match(st.ticket), (
	504	'Ticket contains forbidden chars: %s' % st)
[10498]	505	assert st.service == 'http://www.example.com'
	506	assert st.user == 'bob'
[10394]	507
	508	def test_create_login_ticket(self):
	509	# we can create login tickets
	510	lt = create_login_ticket()
	511	# 3.5.1: ticket should start with 'LT-'
	512	assert lt.ticket.startswith('LT-')
	513	# 3.7: allowed character set == [a-zA-Z0-9\-]
	514	assert RE_ALPHABET.match(lt.ticket), (
	515	'Ticket contains forbidden chars: %s' % lt)
	516
	517	def test_create_login_ticket_unique(self):
	518	# 3.5.1: login tickets are unique (although not hard to guess)
	519	ticket_num = 1000 # increase to test more thoroughly
	520	lt_list = [create_login_ticket() for x in range(ticket_num)]
	521	assert len(set(lt_list)) == ticket_num
	522
	523	def test_create_tgc_value(self):
	524	# we can create ticket granting cookies
	525	tgc = create_tgc_value()
	526	assert isinstance(tgc, TicketGrantingCookie)
	527	# 3.6.1: cookie value should start with 'TGC-'
	528	assert tgc.value.startswith('TGC-')
	529	# 3.7: allowed character set == [a-zA-Z0-9\-]
	530	assert RE_ALPHABET.match(tgc.value), (
	531	'Cookie value contains forbidden chars: %s' % tgc)
	532
	533	def test_check_login_ticket(self):
	534	db = DB('sqlite:///')
	535	lt = LoginTicket('LT-123456')
	536	db.add(lt)
	537	assert check_login_ticket(db, None) is False
	538	assert check_login_ticket(db, 'LT-123456') is True
	539	# the ticket will be removed after check
	540	assert check_login_ticket(db, 'LT-123456') is False
	541	assert check_login_ticket(db, 'LT-654321') is False
	542
[10490]	543	def test_set_session_cookie1(self):
[10394]	544	# make sure we can add session cookies to responses
	545	db = DB('sqlite:///')
[10405]	546	resp = set_session_cookie(db, Response())
[10394]	547	assert 'Set-Cookie' in resp.headers
	548	cookie = resp.headers['Set-Cookie']
	549	assert RE_COOKIE.match(cookie), (
	550	'Cookie in unexpected format: %s' % cookie)
	551	# the cookie is stored in database
	552	value = cookie.split('=')[1].split(';')[0]
	553	q = db.query(TicketGrantingCookie).filter(
	554	TicketGrantingCookie.value == value)
	555	assert len(list(q)) == 1
[10398]	556
[10490]	557	def test_check_session_cookie2(self):
[10398]	558	db = DB('sqlite:///')
	559	tgc = create_tgc_value()
	560	db.add(tgc)
	561	value = tgc.value
	562	assert check_session_cookie(db, value) == tgc
	563	assert check_session_cookie(db, 'foo') is None
	564	assert check_session_cookie(db, b'foo') is None
[10402]	565	assert check_session_cookie(db, None) is None
[10398]	566	value2 = value.encode('utf-8')
	567	assert check_session_cookie(db, value2) == tgc
[10404]	568
	569	def test_get_template(self):
	570	# we can load templates
	571	assert get_template('not-existing-template') is None
	572	assert get_template('login.html') is not None
[10414]	573
	574	def test_delete_session_cookie(self):
	575	# we can unset cookies
	576	db = DB('sqlite:///')
	577	tgc = create_tgc_value()
	578	db.add(tgc)
	579	value = tgc.value
	580	resp = delete_session_cookie(db, Response(), old_value=value)
	581	assert 'Set-Cookie' in resp.headers
	582	cookie = resp.headers['Set-Cookie']
	583	assert RE_COOKIE_DEL.match(cookie), (
	584	'Cookie in unexpected format: %s' % cookie)
	585	# the cookie values was deleted from database
	586	q = db.query(TicketGrantingCookie).filter(
	587	TicketGrantingCookie.value == value)
	588	assert len(list(q)) == 0
[10416]	589
	590	def test_check_service_ticket(self):
	591	db = DB('sqlite:///')
	592	st = ServiceTicket(
	593	'ST-123456', 'someuser', 'http://myservice.com', True)
	594	db.add(st)
	595	assert check_service_ticket(db, None, 'foo') is None
	596	assert check_service_ticket(db, 'foo', None) is None
	597	assert check_service_ticket(db, 'ST-123456', 'foo') is None
	598	assert check_service_ticket(db, 'foo', 'http://myservice.com') is None
	599	result = check_service_ticket(db, 'ST-123456', 'http://myservice.com')
	600	assert isinstance(result, ServiceTicket)
	601	assert result.user == 'someuser'
	602	assert check_service_ticket(
	603	db, 'ST-123456', 'http://myservice.com', True) is None
	604	assert check_service_ticket(
	605	db, 'ST-123456', 'http://myservice.com', False) is not None
[10491]	606
	607	def test_update_url(self):
	608	# we can create valid new urls with query string params updated
	609	result1 = update_url('http://sample.com/index?a=1&b=2', dict(b='3'))
[10494]	610	assert result1 in (
	611	'http://sample.com/index?a=1&b=3',
	612	'http://sample.com/index?b=3&a=1')
[10491]	613	result2 = update_url('http://sample.com/index?b=2', dict(b='3'))
	614	assert result2 == 'http://sample.com/index?b=3'
	615	result3 = update_url('http://sample.com/index', dict(b='3'))
	616	assert result3 == 'http://sample.com/index?b=3'
	617	result4 = update_url('http://sample.com/index?a=2', dict(b='3'))
[10494]	618	assert result4 in (
	619	'http://sample.com/index?a=2&b=3',
	620	'http://sample.com/index?b=3&a=2')

Note: See TracBrowser for help on using the repository browser.

Download in other formats: