16 |
16 |
from quixote import get_session_manager
|
17 |
17 |
from quixote.errors import RequestError
|
18 |
18 |
|
|
19 |
from wcs.categories import Category
|
|
20 |
from wcs.formdef import FormDef
|
19 |
21 |
from wcs.qommon import x509utils
|
20 |
22 |
from wcs.qommon.http_request import HTTPRequest
|
21 |
23 |
from wcs.qommon.ident.idp import MethodAdminDirectory
|
... | ... | |
591 |
593 |
assert req.session is None
|
592 |
594 |
|
593 |
595 |
|
594 |
|
def test_opened_session_cookie(pub):
|
|
596 |
@pytest.mark.parametrize('path', ['/', '/foobar/test/'])
|
|
597 |
def test_opened_session_cookie(pub, path):
|
|
598 |
Category.wipe()
|
|
599 |
cat = Category(name='foobar')
|
|
600 |
cat.store()
|
|
601 |
|
|
602 |
FormDef.wipe()
|
|
603 |
formdef = FormDef()
|
|
604 |
formdef.name = 'test'
|
|
605 |
formdef.category_id = str(cat.id)
|
|
606 |
formdef.fields = []
|
|
607 |
formdef.store()
|
|
608 |
|
595 |
609 |
app = get_app(pub)
|
596 |
610 |
app.set_cookie('IDP_OPENED_SESSION', '1')
|
597 |
|
resp = app.get('/')
|
|
611 |
resp = app.get(path)
|
598 |
612 |
assert resp.status_int == 200
|
599 |
613 |
pub.site_options.set('options', 'idp_session_cookie_name', 'IDP_OPENED_SESSION')
|
600 |
614 |
with open(os.path.join(pub.app_dir, 'site-options.cfg'), 'w') as fd:
|
601 |
615 |
pub.site_options.write(fd)
|
602 |
616 |
|
603 |
|
resp = app.get('/?parameter=value')
|
|
617 |
resp = app.get(f'{path}?parameter=value')
|
604 |
618 |
cookie_name = '%s-passive-auth-tried' % pub.config.session_cookie_name
|
605 |
619 |
cookie_store = http.cookies.SimpleCookie()
|
606 |
620 |
cookie_store.load(resp.headers['Set-Cookie'])
|
... | ... | |
611 |
625 |
assert resp.status_int == 302
|
612 |
626 |
assert (
|
613 |
627 |
resp.location
|
614 |
|
== 'http://example.net/login/?ReturnUrl=http%3A//example.net/%3Fparameter%3Dvalue&IsPassive=true'
|
|
628 |
== f'http://example.net/login/?ReturnUrl=http%3A//example.net{path}%3Fparameter%3Dvalue&IsPassive=true'
|
615 |
629 |
)
|
616 |
630 |
assert cookie_name in app.cookies
|
617 |
631 |
|
618 |
632 |
# if we try again, no passive authentication occurs
|
619 |
|
resp = app.get('/?parameter=value')
|
|
633 |
resp = app.get(f'{path}?parameter=value').maybe_follow()
|
620 |
634 |
assert resp.status_int != 302
|
621 |
635 |
|
622 |
636 |
# if IDP_OPENED_SESSION is modified, then passive authentication is tried again
|
623 |
637 |
app.set_cookie('IDP_OPENED_SESSION', '2')
|
624 |
|
resp = app.get('/?parameter=value')
|
|
638 |
resp = app.get(f'{path}?parameter=value')
|
625 |
639 |
assert resp.status_int == 302
|
626 |
640 |
|
627 |
641 |
# simulate a saml login
|
... | ... | |
640 |
654 |
app.set_cookie(pub.config.session_cookie_name, session.id)
|
641 |
655 |
assert get_session(app).opened_session_value == '2'
|
642 |
656 |
|
643 |
|
resp = app.get('/?parameter=value')
|
|
657 |
resp = app.get(f'{path}?parameter=value')
|
644 |
658 |
assert resp.status_int == 200
|
645 |
659 |
assert get_session(app).opened_session_value == '2'
|
646 |
660 |
assert get_session(app).user == user.id
|
... | ... | |
649 |
663 |
|
650 |
664 |
# if OPENED_SESSION_COOKIE change then we are logged out
|
651 |
665 |
app.set_cookie('IDP_OPENED_SESSION', '3')
|
652 |
|
resp = app.get('/?parameter=value')
|
|
666 |
resp = app.get(f'{path}?parameter=value')
|
653 |
667 |
assert not get_session(app)
|
654 |
668 |
assert not get_session_manager().session_class.get(session.id, ignore_errors=True)
|
655 |
669 |
|
656 |
|
-
|