332 req, origsession = self.init_authentication('http') |
332 req, origsession = self.init_authentication('http') |
333 self.assertAuthFailure(req) |
333 self.assertAuthFailure(req) |
334 self.assertRaises(AuthenticationError, self.app_publish, req, 'login') |
334 self.assertRaises(AuthenticationError, self.app_publish, req, 'login') |
335 self.assertEqual(req.cnx, None) |
335 self.assertEqual(req.cnx, None) |
336 authstr = base64.encodestring('%s:%s' % (self.admlogin, self.admpassword)) |
336 authstr = base64.encodestring('%s:%s' % (self.admlogin, self.admpassword)) |
337 req._headers['Authorization'] = 'basic %s' % authstr |
337 req.set_request_header('Authorization', 'basic %s' % authstr) |
338 self.assertAuthSuccess(req, origsession) |
338 self.assertAuthSuccess(req, origsession) |
339 self.assertRaises(LogOut, self.app_publish, req, 'logout') |
339 self.assertRaises(LogOut, self.app_publish, req, 'logout') |
340 self.assertEqual(len(self.open_sessions), 0) |
340 self.assertEqual(len(self.open_sessions), 0) |
341 |
341 |
342 def test_cookie_auth_no_anon(self): |
342 def test_cookie_auth_no_anon(self): |
376 # preparing the suite of the test |
376 # preparing the suite of the test |
377 # set session id in cookie |
377 # set session id in cookie |
378 cookie = Cookie.SimpleCookie() |
378 cookie = Cookie.SimpleCookie() |
379 sessioncookie = self.app.session_handler.session_cookie(req) |
379 sessioncookie = self.app.session_handler.session_cookie(req) |
380 cookie[sessioncookie] = req.session.sessionid |
380 cookie[sessioncookie] = req.session.sessionid |
381 req._headers['Cookie'] = cookie[sessioncookie].OutputString() |
381 req.set_request_header('Cookie', cookie[sessioncookie].OutputString(), |
|
382 raw=True) |
382 clear_cache(req, 'get_authorization') |
383 clear_cache(req, 'get_authorization') |
383 # reset session as if it was a new incoming request |
384 # reset session as if it was a new incoming request |
384 req.session = req.cnx = None |
385 req.session = req.cnx = None |
385 |
386 |
386 def _test_auth_anon(self, req): |
387 def _test_auth_anon(self, req): |
401 |
402 |
402 def test_http_auth_anon_allowed(self): |
403 def test_http_auth_anon_allowed(self): |
403 req, origsession = self.init_authentication('http', 'anon') |
404 req, origsession = self.init_authentication('http', 'anon') |
404 self._test_auth_anon(req) |
405 self._test_auth_anon(req) |
405 authstr = base64.encodestring('toto:pouet') |
406 authstr = base64.encodestring('toto:pouet') |
406 req._headers['Authorization'] = 'basic %s' % authstr |
407 req.set_request_header('Authorization', 'basic %s' % authstr) |
407 self._test_anon_auth_fail(req) |
408 self._test_anon_auth_fail(req) |
408 authstr = base64.encodestring('%s:%s' % (self.admlogin, self.admpassword)) |
409 authstr = base64.encodestring('%s:%s' % (self.admlogin, self.admpassword)) |
409 req._headers['Authorization'] = 'basic %s' % authstr |
410 req.set_request_header('Authorization', 'basic %s' % authstr) |
410 self.assertAuthSuccess(req, origsession) |
411 self.assertAuthSuccess(req, origsession) |
411 self.assertRaises(LogOut, self.app_publish, req, 'logout') |
412 self.assertRaises(LogOut, self.app_publish, req, 'logout') |
412 self.assertEqual(len(self.open_sessions), 0) |
413 self.assertEqual(len(self.open_sessions), 0) |
413 |
414 |
414 def test_cookie_auth_anon_allowed(self): |
415 def test_cookie_auth_anon_allowed(self): |