[pyramid] Do not issue security warnings in test mode
When some session or authtk secret is missing in Pyramid settings,
scary "!! SECURITY WARNING !!" are issued. This is arguably pointless in
tests. So disable them in this case.
--- a/cubicweb/pyramid/auth.py Thu Nov 30 11:55:35 2017 +0100
+++ b/cubicweb/pyramid/auth.py Fri Dec 01 11:12:09 2017 +0100
@@ -198,7 +198,8 @@
session_prefix + 'secret', 'notsosecret')
persistent_secret = settings.get(
persistent_prefix + 'secret', 'notsosecret')
- if 'notsosecret' in (session_secret, persistent_secret):
+ if ('notsosecret' in (session_secret, persistent_secret)
+ and config.registry['cubicweb.config'].mode != 'test'):
warnings.warn('''
!! SECURITY WARNING !!
--- a/cubicweb/pyramid/session.py Thu Nov 30 11:55:35 2017 +0100
+++ b/cubicweb/pyramid/session.py Fri Dec 01 11:12:09 2017 +0100
@@ -255,17 +255,18 @@
secret = settings['cubicweb.session.secret']
except KeyError:
secret = 'notsosecret'
- warnings.warn('''
+ if config.registry['cubicweb.config'].mode != 'test':
+ warnings.warn('''
- !! WARNING !! !! WARNING !!
+ !! WARNING !! !! WARNING !!
- The session cookies are signed with a static secret key.
- To put your own secret key, edit your pyramid.ini file
- and set the 'cubicweb.session.secret' key.
+ The session cookies are signed with a static secret key.
+ To put your own secret key, edit your pyramid.ini file
+ and set the 'cubicweb.session.secret' key.
- YOU SHOULD STOP THIS INSTANCE unless your really know what you
- are doing !!
+ YOU SHOULD STOP THIS INSTANCE unless your really know what you
+ are doing !!
- ''')
+ ''')
session_factory = CWSessionFactory(secret)
config.set_session_factory(session_factory)