# HG changeset patch # User Denis Laxalde # Date 1512123129 -3600 # Node ID a46fb3f58ea2ea9f2c33f1e6a3391f40b8d2ce70 # Parent 68ca7fe0ca29b92ce61c7bcfbf353cc9d87cea1d [pyramid] Do not issue security warnings in test mode When some session or authtk secret is missing in Pyramid settings, scary "!! SECURITY WARNING !!" are issued. This is arguably pointless in tests. So disable them in this case. diff -r 68ca7fe0ca29 -r a46fb3f58ea2 cubicweb/pyramid/auth.py --- a/cubicweb/pyramid/auth.py Thu Nov 30 11:55:35 2017 +0100 +++ b/cubicweb/pyramid/auth.py Fri Dec 01 11:12:09 2017 +0100 @@ -198,7 +198,8 @@ session_prefix + 'secret', 'notsosecret') persistent_secret = settings.get( persistent_prefix + 'secret', 'notsosecret') - if 'notsosecret' in (session_secret, persistent_secret): + if ('notsosecret' in (session_secret, persistent_secret) + and config.registry['cubicweb.config'].mode != 'test'): warnings.warn(''' !! SECURITY WARNING !! diff -r 68ca7fe0ca29 -r a46fb3f58ea2 cubicweb/pyramid/session.py --- a/cubicweb/pyramid/session.py Thu Nov 30 11:55:35 2017 +0100 +++ b/cubicweb/pyramid/session.py Fri Dec 01 11:12:09 2017 +0100 @@ -255,17 +255,18 @@ secret = settings['cubicweb.session.secret'] except KeyError: secret = 'notsosecret' - warnings.warn(''' + if config.registry['cubicweb.config'].mode != 'test': + warnings.warn(''' - !! WARNING !! !! WARNING !! + !! WARNING !! !! WARNING !! - The session cookies are signed with a static secret key. - To put your own secret key, edit your pyramid.ini file - and set the 'cubicweb.session.secret' key. + The session cookies are signed with a static secret key. + To put your own secret key, edit your pyramid.ini file + and set the 'cubicweb.session.secret' key. - YOU SHOULD STOP THIS INSTANCE unless your really know what you - are doing !! + YOU SHOULD STOP THIS INSTANCE unless your really know what you + are doing !! - ''') + ''') session_factory = CWSessionFactory(secret) config.set_session_factory(session_factory)