Changeset 7517 for main/waeup.sirp/trunk/src/waeup/sirp/students

Timestamp:

26 Jan 2012, 18:32:11 (13 years ago)

Author:

Henrik Bettermann

Message:

Add test which shows that we can't logout when using basic authentication.

Wikipedia: Existing browsers retain authentication information until the tab or browser is closed or the user clears the history.[3] HTTP does not provide a method for a server to direct clients to discard these cached credentials. This means that there is no effective way for a server to "log out" the user without closing the browser. This is a significant defect that requires browser manufacturers to support a "logout" user interface element ...

File:

• main/waeup.sirp/trunk/src/waeup/sirp/students/tests/test_browser.py (modified) (1 diff)

main/waeup.sirp/trunk/src/waeup/sirp/students/tests/test_browser.py

@@ -346 +346 @@
 
     layer = FunctionalLayer
+
+    def test_basic_auth(self):
+        self.browser.addHeader('Authorization', 'Basic mgr:mgrpw')
+        self.browser.open('http://localhost/app')
+        self.browser.getLink("Logout").click()
+        self.assertTrue('You have been logged out' in self.browser.contents)
+        # But we are still logged in since we've used basic authentication here.
+        # Wikipedia says: Existing browsers retain authentication information
+        # until the tab or browser is closed or the user clears the history.
+        # HTTP does not provide a method for a server to direct clients to
+        # discard these cached credentials. This means that there is no
+        # effective way for a server to "log out" the user without closing
+        # the browser. This is a significant defect that requires browser
+        # manufacturers to support a "logout" user interface element ...
+        self.assertTrue('Manager' in self.browser.contents)
 
     def test_manage_access(self):