Changeset 7517


Ignore:
Timestamp:
26 Jan 2012, 18:32:11 (13 years ago)
Author:
Henrik Bettermann
Message:

Add test which shows that we can't logout when using basic authentication.

Wikipedia: Existing browsers retain authentication information until the tab or browser is closed or the user clears the history.[3] HTTP does not provide a method for a server to direct clients to discard these cached credentials. This means that there is no effective way for a server to "log out" the user without closing the browser. This is a significant defect that requires browser manufacturers to support a "logout" user interface element ...

File:
1 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.sirp/trunk/src/waeup/sirp/students/tests/test_browser.py

    r7513 r7517  
    346346
    347347    layer = FunctionalLayer
     348
     349    def test_basic_auth(self):
     350        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
     351        self.browser.open('http://localhost/app')
     352        self.browser.getLink("Logout").click()
     353        self.assertTrue('You have been logged out' in self.browser.contents)
     354        # But we are still logged in since we've used basic authentication here.
     355        # Wikipedia says: Existing browsers retain authentication information
     356        # until the tab or browser is closed or the user clears the history.
     357        # HTTP does not provide a method for a server to direct clients to
     358        # discard these cached credentials. This means that there is no
     359        # effective way for a server to "log out" the user without closing
     360        # the browser. This is a significant defect that requires browser
     361        # manufacturers to support a "logout" user interface element ...
     362        self.assertTrue('Manager' in self.browser.contents)
    348363
    349364    def test_manage_access(self):
Note: See TracChangeset for help on using the changeset viewer.