Changeset 10414 for main/waeup.cas


Ignore:
Timestamp:
7 Jul 2013, 08:42:04 (11 years ago)
Author:
uli
Message:

Add function to delete set cookie.

Location:
main/waeup.cas/trunk/waeup/cas
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • main/waeup.cas/trunk/waeup/cas/server.py

    r10413 r10414  
    11"""A WSGI app for serving CAS.
    22"""
     3import datetime
    34import os
    45import random
     
    9798    response.set_cookie(
    9899        'cas-tgc', tgc.value, path='/', secure=True, httponly=True)
     100    return response
     101
     102
     103def delete_session_cookie(db, response, old_value=None):
     104    """Delete session cookie.
     105
     106    Sets cookie with expiration date in past and deletes respective
     107    entry from database.
     108    """
     109    if old_value is not None:
     110        # delete old tgc from db
     111        q = db.query(TicketGrantingCookie).filter(
     112            TicketGrantingCookie.value == old_value)
     113        result = list(q)
     114        if len(result) == 1:
     115            db.delete(result[0])
     116    response.set_cookie(
     117        'cas-tgc', '', path='/', secure=True, httponly=True,
     118        expires=datetime.datetime(1970, 1, 1, 0, 0, 0))
    99119    return response
    100120

  • main/waeup.cas/trunk/waeup/cas/tests/test_server.py

    r10413 r10414  
    1212    CASServer, create_service_ticket, create_login_ticket,
    1313    create_tgc_value, check_login_ticket, set_session_cookie,
    14     check_session_cookie, get_template,
     14    check_session_cookie, get_template, delete_session_cookie,
    1515    )
    1616
    1717RE_ALPHABET = re.compile('^[a-zA-Z0-9\-]*$')
    1818RE_COOKIE = re.compile('^cas-tgc=[A-Za-z0-9\-]+; Path=/; secure; HttpOnly$')
     19RE_COOKIE_DEL = re.compile(
     20    '^cas-tgc=; Max-Age=\-[0-9]+; Path=/; '
     21    'expires=Thu, 01-Jan-1970 00:00:00 GMT; secure; HttpOnly$')
    1922
    2023
     
    424427        assert get_template('not-existing-template') is None
    425428        assert get_template('login.html') is not None
     429
     430    def test_delete_session_cookie(self):
     431        # we can unset cookies
     432        db = DB('sqlite:///')
     433        tgc = create_tgc_value()
     434        db.add(tgc)
     435        value = tgc.value
     436        resp = delete_session_cookie(db, Response(), old_value=value)
     437        assert 'Set-Cookie' in resp.headers
     438        cookie = resp.headers['Set-Cookie']
     439        assert RE_COOKIE_DEL.match(cookie), (
     440            'Cookie in unexpected format: %s' % cookie)
     441        # the cookie values was deleted from database
     442        q = db.query(TicketGrantingCookie).filter(
     443            TicketGrantingCookie.value == value)
     444        assert len(list(q)) == 0
Note: See TracChangeset for help on using the changeset viewer.