Skip to content

Z
Zope
Commit 14c4305d authored by Tres Seaver's avatar Tres Seaver
Browse files
Options

Use more canonical interface names; get real test coveage.

parent d71e3139
Hide whitespace changes
Inline Side-by-side
Showing with 784 additions and 432 deletions
src/Products/Sessions/BrowserIdManager.py
View file @ 14c4305d
...@@ -43,7 +43,7 @@ from ZPublisher.BeforeTraverse import unregisterBeforeTraverse ...@@ -43,7 +43,7 @@ from ZPublisher.BeforeTraverse import unregisterBeforeTraverse
from ZPublisher.BeforeTraverse import queryBeforeTraverse from ZPublisher.BeforeTraverse import queryBeforeTraverse
from zope.interface import implements from zope.interface import implements
from Products.Sessions.SessionInterfaces import BrowserIdManagerInterface from Products.Sessions.SessionInterfaces import IBrowserIdManager
from Products.Sessions.SessionPermissions import ACCESS_CONTENTS_PERM from Products.Sessions.SessionPermissions import ACCESS_CONTENTS_PERM
from Products.Sessions.SessionPermissions import CHANGE_IDMGR_PERM from Products.Sessions.SessionPermissions import CHANGE_IDMGR_PERM
from Products.Sessions.SessionPermissions import MGMT_SCREEN_PERM from Products.Sessions.SessionPermissions import MGMT_SCREEN_PERM
...@@ -82,25 +82,15 @@ def constructBrowserIdManager( ...@@ -82,25 +82,15 @@ def constructBrowserIdManager(
if REQUEST is not None: if REQUEST is not None:
return self.manage_main(self, REQUEST, update_menu=1) return self.manage_main(self, REQUEST, update_menu=1)
class BrowserIdManagerErr(Exception): pass class BrowserIdManagerErr(ValueError): # BBB
pass
class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
""" browser id management class """ """ browser id management class
"""
implements(IBrowserIdManager)
meta_type = 'Browser Id Manager' meta_type = 'Browser Id Manager'
manage_options=(
{'label': 'Settings',
'action':'manage_browseridmgr',
},
{'label': 'Security', 'action':'manage_access'},
{'label': 'Ownership', 'action':'manage_owner'}
)
implements(BrowserIdManagerInterface)
icon = 'misc_/Sessions/idmgr.gif'
security = ClassSecurityInfo() security = ClassSecurityInfo()
security.declareObjectPublic() security.declareObjectPublic()
ok = {'meta_type':1, 'id':1, 'title': 1, 'icon':1, ok = {'meta_type':1, 'id':1, 'title': 1, 'icon':1,
...@@ -110,7 +100,7 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -110,7 +100,7 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
security.setPermissionDefault(ACCESS_CONTENTS_PERM,['Manager','Anonymous']) security.setPermissionDefault(ACCESS_CONTENTS_PERM,['Manager','Anonymous'])
security.setPermissionDefault(CHANGE_IDMGR_PERM, ['Manager']) security.setPermissionDefault(CHANGE_IDMGR_PERM, ['Manager'])
# backwards-compatibility for pre-2.6 instances # BBB
auto_url_encoding = 0 auto_url_encoding = 0
def __init__(self, id, title='', idname='_ZopeId', def __init__(self, id, title='', idname='_ZopeId',
...@@ -128,30 +118,19 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -128,30 +118,19 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
self.setCookieHTTPOnly(cookiehttponly) self.setCookieHTTPOnly(cookiehttponly)
self.setAutoUrlEncoding(auto_url_encoding) self.setAutoUrlEncoding(auto_url_encoding)
def manage_afterAdd(self, item, container): # IBrowserIdManager
""" Maybe add our traversal hook """
self.updateTraversalData()
def manage_beforeDelete(self, item, container):
""" Remove our traversal hook if it exists """
self.unregisterTraversalHook()
security.declareProtected(ACCESS_CONTENTS_PERM, 'hasBrowserId') security.declareProtected(ACCESS_CONTENTS_PERM, 'hasBrowserId')
def hasBrowserId(self): def hasBrowserId(self):
""" Returns true if there is a current browser id, but does """ See IBrowserIdManager.
not create a browser id for the current request if one doesn't """
already exist """ try:
if self.getBrowserId(create=0): return 1 return self.getBrowserId(create=0) is not None
except BrowserIdManagerErr:
return False
security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserId') security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserId')
def getBrowserId(self, create=1): def getBrowserId(self, create=1):
""" """ See IBrowserIdManager.
Examines the request and hands back browser id value or
None if no id exists. If there is no browser id
and if 'create' is true, create one. If cookies are are
an allowable id namespace and create is true, set one. Stuff
the id and the namespace it was found in into the REQUEST object
for further reference during this request.
""" """
REQUEST = self.REQUEST REQUEST = self.REQUEST
# let's see if bid has already been attached to request # let's see if bid has already been attached to request
...@@ -162,10 +141,9 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -162,10 +141,9 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
if not isAWellFormedBrowserId(bid): if not isAWellFormedBrowserId(bid):
# somebody screwed with the REQUEST instance during # somebody screwed with the REQUEST instance during
# this request. # this request.
raise BrowserIdManagerErr, ( raise BrowserIdManagerErr(
'Ill-formed browserid in REQUEST.browser_id_: %s' % 'Ill-formed browserid in '
escape(bid) 'REQUEST.browser_id_: %s' % escape(bid))
)
return bid return bid
# fall through & ck form/cookie namespaces if bid is not in request. # fall through & ck form/cookie namespaces if bid is not in request.
tk = self.browserid_name tk = self.browserid_name
...@@ -196,71 +174,84 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -196,71 +174,84 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
# implies a return of None if: # implies a return of None if:
# (not create=1) and (invalid or ((not in req) and (not in ns))) # (not create=1) and (invalid or ((not in req) and (not in ns)))
security.declareProtected(ACCESS_CONTENTS_PERM, 'flushBrowserIdCookie') security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserIdName')
def flushBrowserIdCookie(self): def getBrowserIdName(self):
""" removes the bid cookie from the client browser """ """ See IBrowserIdManager.
if 'cookies' not in self.browserid_namespaces: """
raise BrowserIdManagerErr,('Cookies are not now being used as a ' return self.browserid_name
'browser id namespace, thus the '
'browserid cookie cannot be flushed.')
self._setCookie('deleted', self.REQUEST, remove=1)
security.declareProtected(ACCESS_CONTENTS_PERM,'setBrowserIdCookieByForce') security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdNew')
def setBrowserIdCookieByForce(self, bid): def isBrowserIdNew(self):
""" """ """ See IBrowserIdManager.
if 'cookies' not in self.browserid_namespaces: """
raise BrowserIdManagerErr,('Cookies are not now being used as a ' if not self.getBrowserId(create=False):
'browser id namespace, thus the ' raise BrowserIdManagerErr('There is no current browser id.')
'browserid cookie cannot be forced.') # ns will be None if new
self._setCookie(bid, self.REQUEST) return getattr(self.REQUEST, 'browser_id_ns_', None) is None
security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdFromCookie') security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdFromCookie')
def isBrowserIdFromCookie(self): def isBrowserIdFromCookie(self):
""" returns true if browser id is from REQUEST.cookies """ """ See IBrowserIdManager.
if not self.getBrowserId(): # make sure the bid is stuck on REQUEST """
raise BrowserIdManagerErr, 'There is no current browser id.' if not self.getBrowserId(create=False):
raise BrowserIdManagerErr('There is no current browser id.')
if getattr(self.REQUEST, 'browser_id_ns_') == 'cookies': if getattr(self.REQUEST, 'browser_id_ns_') == 'cookies':
return 1 return 1
security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdFromForm') security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdFromForm')
def isBrowserIdFromForm(self): def isBrowserIdFromForm(self):
""" returns true if browser id is from REQUEST.form """ """ See IBrowserIdManager.
if not self.getBrowserId(): # make sure the bid is stuck on REQUEST """
raise BrowserIdManagerErr, 'There is no current browser id.' if not self.getBrowserId(create=False):
raise BrowserIdManagerErr('There is no current browser id.')
if getattr(self.REQUEST, 'browser_id_ns_') == 'form': if getattr(self.REQUEST, 'browser_id_ns_') == 'form':
return 1 return 1
security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdFromUrl') security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdFromUrl')
def isBrowserIdFromUrl(self): def isBrowserIdFromUrl(self):
""" returns true if browser id is from first element of the """ See IBrowserIdManager.
URL """ """
if not self.getBrowserId(): # make sure the bid is stuck on REQUEST if not self.getBrowserId(create=False):
raise BrowserIdManagerErr, 'There is no current browser id.' raise BrowserIdManagerErr('There is no current browser id.')
if getattr(self.REQUEST, 'browser_id_ns_') == 'url': if getattr(self.REQUEST, 'browser_id_ns_') == 'url':
return 1 return 1
security.declareProtected(ACCESS_CONTENTS_PERM, 'isBrowserIdNew') security.declareProtected(ACCESS_CONTENTS_PERM, 'flushBrowserIdCookie')
def isBrowserIdNew(self): def flushBrowserIdCookie(self):
""" See IBrowserIdManager.
""" """
returns true if browser id is 'new', meaning the id exists if 'cookies' not in self.browserid_namespaces:
but it has not yet been acknowledged by the client (the client raise BrowserIdManagerErr(
hasn't sent it back to us in a cookie or in a formvar). 'Cookies are not now being used as a '
'browser id namespace, thus the '
'browserid cookie cannot be flushed.')
self._setCookie('deleted', self.REQUEST, remove=1)
security.declareProtected(ACCESS_CONTENTS_PERM,'setBrowserIdCookieByForce')
def setBrowserIdCookieByForce(self, bid):
""" See IBrowserIdManager.
"""
if 'cookies' not in self.browserid_namespaces:
raise BrowserIdManagerErr(
'Cookies are not now being used as a '
'browser id namespace, thus the '
'browserid cookie cannot be forced.')
self._setCookie(bid, self.REQUEST)
security.declareProtected(ACCESS_CONTENTS_PERM, 'getHiddenFormField')
def getHiddenFormField(self):
""" See IBrowserIdManager.
""" """
if not self.getBrowserId(): # make sure the id is stuck on REQUEST s = '<input type="hidden" name="%s" value="%s" />'
raise BrowserIdManagerErr, 'There is no current browser id.' return s % (self.getBrowserIdName(), self.getBrowserId())
# ns will be None if new, negating None below returns 1, which
# would indicate that it's new on this request
return getattr(self.REQUEST, 'browser_id_ns_', None) == None
security.declareProtected(ACCESS_CONTENTS_PERM, 'encodeUrl') security.declareProtected(ACCESS_CONTENTS_PERM, 'encodeUrl')
def encodeUrl(self, url, style='querystring', create=1): def encodeUrl(self, url, style='querystring', create=1):
""" """ See IBrowserIdManager.
encode a URL with the browser id as a postfixed query string
element or inlined into the url depending on the 'style' parameter
""" """
bid = self.getBrowserId(create) bid = self.getBrowserId(create)
if bid is None: if bid is None:
raise BrowserIdManagerErr, 'There is no current browser id.' raise BrowserIdManagerErr('There is no current browser id.')
name = self.getBrowserIdName() name = self.getBrowserIdName()
if style == 'querystring': # encode bid in querystring if style == 'querystring': # encode bid in querystring
if '?' in url: if '?' in url:
...@@ -272,43 +263,18 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -272,43 +263,18 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
path = '/%s/%s%s' % (name, bid, path) path = '/%s/%s%s' % (name, bid, path)
return urlunparse((proto, host, path, params, query, frag)) return urlunparse((proto, host, path, params, query, frag))
security.declareProtected(MGMT_SCREEN_PERM, 'manage_browseridmgr') # Non-IBrowserIdManager accessors / mutators.
manage_browseridmgr = DTMLFile('dtml/manageIdManager', globals())
security.declareProtected(CHANGE_IDMGR_PERM,
'manage_changeBrowserIdManager')
def manage_changeBrowserIdManager(
self, title='', idname='_ZopeId', location=('cookies', 'form'),
cookiepath='/', cookiedomain='', cookielifedays=0, cookiesecure=0,
cookiehttponly=0, auto_url_encoding=0, REQUEST=None
):
""" """
self.title = str(title)
self.setBrowserIdName(idname)
self.setCookiePath(cookiepath)
self.setCookieDomain(cookiedomain)
self.setCookieLifeDays(cookielifedays)
self.setCookieSecure(cookiesecure)
self.setCookieHTTPOnly(cookiehttponly)
self.setBrowserIdNamespaces(location)
self.setAutoUrlEncoding(auto_url_encoding)
self.updateTraversalData()
if REQUEST is not None:
msg = '/manage_browseridmgr?manage_tabs_message=Changes saved'
REQUEST.RESPONSE.redirect(self.absolute_url()+msg)
security.declareProtected(CHANGE_IDMGR_PERM, 'setBrowserIdName') security.declareProtected(CHANGE_IDMGR_PERM, 'setBrowserIdName')
def setBrowserIdName(self, k): def setBrowserIdName(self, k):
""" sets browser id name string """ """ Set browser id name string
o Enforce "valid" values.
"""
if not (type(k) is type('') and k and not badidnamecharsin(k)): if not (type(k) is type('') and k and not badidnamecharsin(k)):
raise BrowserIdManagerErr,'Bad id name string %s' % escape(repr(k)) raise BrowserIdManagerErr(
'Bad id name string %s' % escape(repr(k)))
self.browserid_name = k self.browserid_name = k
security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserIdName')
def getBrowserIdName(self):
""" """
return self.browserid_name
security.declareProtected(CHANGE_IDMGR_PERM, 'setBrowserIdNamespaces') security.declareProtected(CHANGE_IDMGR_PERM, 'setBrowserIdNamespaces')
def setBrowserIdNamespaces(self, ns): def setBrowserIdNamespaces(self, ns):
""" """
...@@ -316,9 +282,8 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -316,9 +282,8 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
""" """
for name in ns: for name in ns:
if name not in ALLOWED_BID_NAMESPACES: if name not in ALLOWED_BID_NAMESPACES:
raise BrowserIdManagerErr, ( raise BrowserIdManagerErr(
'Bad browser id namespace %s' % repr(name) 'Bad browser id namespace %s' % repr(name))
)
self.browserid_namespaces = tuple(ns) self.browserid_namespaces = tuple(ns)
security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserIdNamespaces') security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserIdNamespaces')
...@@ -330,7 +295,8 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -330,7 +295,8 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
def setCookiePath(self, path=''): def setCookiePath(self, path=''):
""" sets cookie 'path' element for id cookie """ """ sets cookie 'path' element for id cookie """
if not (type(path) is type('') and not badcookiecharsin(path)): if not (type(path) is type('') and not badcookiecharsin(path)):
raise BrowserIdManagerErr,'Bad cookie path %s' % escape(repr(path)) raise BrowserIdManagerErr(
'Bad cookie path %s' % escape(repr(path)))
self.cookie_path = path self.cookie_path = path
security.declareProtected(ACCESS_CONTENTS_PERM, 'getCookiePath') security.declareProtected(ACCESS_CONTENTS_PERM, 'getCookiePath')
...@@ -342,10 +308,9 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -342,10 +308,9 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
def setCookieLifeDays(self, days): def setCookieLifeDays(self, days):
""" offset for id cookie 'expires' element """ """ offset for id cookie 'expires' element """
if type(days) not in (type(1), type(1.0)): if type(days) not in (type(1), type(1.0)):
raise BrowserIdManagerErr,( raise BrowserIdManagerErr(
'Bad cookie lifetime in days %s (requires integer value)' 'Bad cookie lifetime in days %s '
% escape(repr(days)) '(requires integer value)' % escape(repr(days)))
)
self.cookie_life_days = int(days) self.cookie_life_days = int(days)
security.declareProtected(ACCESS_CONTENTS_PERM, 'getCookieLifeDays') security.declareProtected(ACCESS_CONTENTS_PERM, 'getCookieLifeDays')
...@@ -357,22 +322,21 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -357,22 +322,21 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
def setCookieDomain(self, domain): def setCookieDomain(self, domain):
""" sets cookie 'domain' element for id cookie """ """ sets cookie 'domain' element for id cookie """
if type(domain) is not type(''): if type(domain) is not type(''):
raise BrowserIdManagerErr, ( raise BrowserIdManagerErr(
'Cookie domain must be string: %s' % escape(repr(domain)) 'Cookie domain must be string: %s'
) % escape(repr(domain)))
if not domain: if not domain:
self.cookie_domain = '' self.cookie_domain = ''
return return
if not twodotsin(domain): if not twodotsin(domain):
raise BrowserIdManagerErr, ( raise BrowserIdManagerErr(
'Cookie domain must contain at least two dots (e.g. ' 'Cookie domain must contain at least two dots '
'".zope.org" or "www.zope.org") or it must be left blank. : ' '(e.g. ".zope.org" or "www.zope.org") or it must '
'%s' % escape(`domain`) 'be left blank. : ' '%s' % escape(`domain`))
)
if badcookiecharsin(domain): if badcookiecharsin(domain):
raise BrowserIdManagerErr, ( raise BrowserIdManagerErr(
'Bad characters in cookie domain %s' % escape(`domain`) 'Bad characters in cookie domain %s'
) % escape(`domain`))
self.cookie_domain = domain self.cookie_domain = domain
security.declareProtected(ACCESS_CONTENTS_PERM, 'getCookieDomain') security.declareProtected(ACCESS_CONTENTS_PERM, 'getCookieDomain')
...@@ -416,15 +380,6 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -416,15 +380,6 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
for this browser id """ for this browser id """
return 'url' in self.browserid_namespaces return 'url' in self.browserid_namespaces
security.declareProtected(ACCESS_CONTENTS_PERM, 'getHiddenFormField')
def getHiddenFormField(self):
"""
Convenience method which returns a hidden form element
representing the current browser id name and browser id
"""
s = '<input type="hidden" name="%s" value="%s">'
return s % (self.getBrowserIdName(), self.getBrowserId())
def _setCookie( def _setCookie(
self, bid, REQUEST, remove=0, now=time.time, strftime=time.strftime, self, bid, REQUEST, remove=0, now=time.time, strftime=time.strftime,
gmtime=time.gmtime gmtime=time.gmtime
...@@ -459,13 +414,15 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -459,13 +414,15 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
def _setId(self, id): def _setId(self, id):
if id != self.id: if id != self.id:
raise MessageDialog( raise ValueError('Cannot rename a browser id manager')
title='Cannot rename',
message='You cannot rename a browser id manager, sorry!', # Jukes for handling URI-munged browser IDS
action ='./manage_main',) def hasTraversalHook(self, parent):
name = TRAVERSAL_APPHANDLE
return not not queryBeforeTraverse(parent, name)
def updateTraversalData(self): def updateTraversalData(self):
if self.isUrlInBidNamespaces(): if 'url' in self.browserid_namespaces:
self.registerTraversalHook() self.registerTraversalHook()
else: else:
self.unregisterTraversalHook() self.unregisterTraversalHook()
...@@ -484,9 +441,47 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs): ...@@ -484,9 +441,47 @@ class BrowserIdManager(Item, Persistent, Implicit, RoleManager, Owned, Tabs):
priority = 40 # "higher" priority than session data traverser priority = 40 # "higher" priority than session data traverser
registerBeforeTraverse(parent, hook, name, priority) registerBeforeTraverse(parent, hook, name, priority)
def hasTraversalHook(self, parent): # ZMI
name = TRAVERSAL_APPHANDLE icon = 'misc_/Sessions/idmgr.gif'
return not not queryBeforeTraverse(parent, name) manage_options=({'label': 'Settings', 'action':'manage_browseridmgr'},
{'label': 'Security', 'action':'manage_access'},
{'label': 'Ownership', 'action':'manage_owner'},
)
def manage_afterAdd(self, item, container):
""" Maybe add our traversal hook """
self.updateTraversalData()
def manage_beforeDelete(self, item, container):
""" Remove our traversal hook if it exists """
self.unregisterTraversalHook()
security.declareProtected(MGMT_SCREEN_PERM, 'manage_browseridmgr')
manage_browseridmgr = DTMLFile('dtml/manageIdManager', globals())
security.declareProtected(CHANGE_IDMGR_PERM,
'manage_changeBrowserIdManager')
def manage_changeBrowserIdManager(
self, title='', idname='_ZopeId', location=('cookies', 'form'),
cookiepath='/', cookiedomain='', cookielifedays=0, cookiesecure=0,
cookiehttponly=0, auto_url_encoding=0, REQUEST=None
):
""" """
self.title = str(title)
self.setBrowserIdName(idname)
self.setCookiePath(cookiepath)
self.setCookieDomain(cookiedomain)
self.setCookieLifeDays(cookielifedays)
self.setCookieSecure(cookiesecure)
self.setCookieHTTPOnly(cookiehttponly)
self.setBrowserIdNamespaces(location)
self.setAutoUrlEncoding(auto_url_encoding)
self.updateTraversalData()
if REQUEST is not None:
msg = '/manage_browseridmgr?manage_tabs_message=Changes saved'
REQUEST.RESPONSE.redirect(self.absolute_url()+msg)
InitializeClass(BrowserIdManager)
class BrowserIdManagerTraverser(Persistent): class BrowserIdManagerTraverser(Persistent):
def __call__(self, container, request, browser_id=None, def __call__(self, container, request, browser_id=None,
...@@ -583,5 +578,3 @@ def getNewBrowserId(randint=random.randint, maxint=99999999): ...@@ -583,5 +578,3 @@ def getNewBrowserId(randint=random.randint, maxint=99999999):
""" """
return '%08i%s' % (randint(0, maxint-1), getB64TStamp()) return '%08i%s' % (randint(0, maxint-1), getB64TStamp())
InitializeClass(BrowserIdManager)
src/Products/Sessions/tests/testBrowserIdManager.py
View file @ 14c4305d
...@@ -12,289 +12,648 @@ ...@@ -12,289 +12,648 @@
############################################################################## ##############################################################################
""" """
Test suite for session id manager. Test suite for session id manager.
$Id$
""" """
__version__ = "$Revision: 1.13 $"[11:-2] import unittest
import sys class TestBrowserIdManager(unittest.TestCase):
import ZODB
from Products.Sessions.BrowserIdManager import BrowserIdManager, \ def _getTargetClass(self):
BrowserIdManagerErr, BrowserIdManagerTraverser, \ from Products.Sessions.BrowserIdManager import BrowserIdManager
isAWellFormedBrowserId return BrowserIdManager
from unittest import TestCase, TestSuite, TextTestRunner, makeSuite
from ZPublisher.HTTPRequest import HTTPRequest def _makeOne(self, request=None, name='browser_id_manager'):
from ZPublisher.HTTPResponse import HTTPResponse bid = self._getTargetClass()(name)
from ZPublisher.BeforeTraverse import queryBeforeTraverse if request is not None:
from sys import stdin bid.REQUEST = request
from OFS.Application import Application return bid
class TestBrowserIdManager(TestCase): def test_hasBrowserId_already_set_on_request_invalid(self):
def setUp(self): request = DummyRequest(browser_id_='xxx')
self.app = Application() mgr = self._makeOne(request)
self.app.id = 'App' self.failIf(mgr.hasBrowserId())
mgr = BrowserIdManager('browser_id_manager')
self.app._setObject('browser_id_manager', mgr) def test_hasBrowserId_already_set_on_request(self):
self.m = self.app.browser_id_manager from Products.Sessions.BrowserIdManager import getNewBrowserId
resp = HTTPResponse() request = DummyRequest(browser_id_=getNewBrowserId())
environ = {} mgr = self._makeOne(request)
environ['SERVER_NAME']='fred' self.failUnless(mgr.hasBrowserId())
environ['SERVER_PORT']='80'
self.req = HTTPRequest(stdin, environ, resp) def test_hasBrowserId_namespace_hit(self):
self.req['TraversalRequestNameStack'] = ['foo', 'bar'] from Products.Sessions.BrowserIdManager import getNewBrowserId
self.app.REQUEST = self.req request = DummyRequest(cookies={'bid': getNewBrowserId()})
mgr = self._makeOne(request)
def tearDown(self): mgr.setBrowserIdName('bid')
del self.m self.failUnless(mgr.hasBrowserId())
self.app.REQUEST = None
del self.app def test_hasBrowserId_namespace_miss(self):
request = DummyRequest()
def testSetBrowserIdName(self): mgr = self._makeOne(request)
self.m.setBrowserIdName('foo') self.failIf(mgr.hasBrowserId())
self.failUnless(self.m.getBrowserIdName()== 'foo') self.assertRaises(AttributeError, getattr, request, 'browser_id_')
self.assertRaises(AttributeError, getattr, request, 'browser_id_ns_')
def testSetBadBrowserIdName(self):
self.assertRaises(BrowserIdManagerErr, def test_getBrowserId_already_set_on_request_invalid_raises(self):
lambda self=self: self.m.setBrowserIdName('')) request = DummyRequest(browser_id_='xxx')
self.assertRaises(BrowserIdManagerErr, mgr = self._makeOne(request)
lambda self=self: self.m.setBrowserIdName(1)) self.assertRaises(ValueError, mgr.getBrowserId)
def testSetBadNamespaces(self): def test_getBrowserId_already_set_on_request(self):
d = ('gummy', 'froopy') from Products.Sessions.BrowserIdManager import getNewBrowserId
self.assertRaises(BrowserIdManagerErr, bid = getNewBrowserId()
lambda self=self,d=d: request = DummyRequest(browser_id_=bid)
self.m.setBrowserIdNamespaces(d)) mgr = self._makeOne(request)
self.assertEqual(mgr.getBrowserId(), bid)
def testSetGoodNamespaces(self):
d = ('cookies', 'url', 'form') def test_getBrowserId_namespace_hit(self):
self.m.setBrowserIdNamespaces(d) from Products.Sessions.BrowserIdManager import getNewBrowserId
self.failUnless(self.m.getBrowserIdNamespaces() == d) bid = getNewBrowserId()
request = DummyRequest(cookies={'bid': bid})
def testSetBadCookiePath(self): mgr = self._makeOne(request)
path = '/;' mgr.setBrowserIdName('bid')
self.assertRaises(BrowserIdManagerErr, self.failUnless(mgr.hasBrowserId())
lambda self=self, path=path:self.m.setCookiePath(path)) self.assertEqual(request.browser_id_, bid)
self.assertEqual(request.browser_id_ns_, 'cookies')
def testSetGoodCookiePath(self):
self.m.setCookiePath('/foo') def test_getBrowserId_namespace_miss_no_create(self):
self.failUnless(self.m.getCookiePath() == '/foo') request = DummyRequest()
mgr = self._makeOne(request)
def testSetBadCookieLifeDays(self): mgr.setBrowserIdName('bid')
self.assertRaises(BrowserIdManagerErr, self.assertEqual(mgr.getBrowserId(create=False), None)
lambda self=self: self.m.setCookieLifeDays('')) self.assertRaises(AttributeError, getattr, request, 'browser_id_')
self.assertRaises(AttributeError, getattr, request, 'browser_id_ns_')
def testSetGoodCookieLifeDays(self):
self.m.setCookieLifeDays(1) def test_getBrowserId_namespace_miss_w_create_no_cookies(self):
self.failUnless(self.m.getCookieLifeDays() == 1) from Products.Sessions.BrowserIdManager import isAWellFormedBrowserId
request = DummyRequest()
def testSetBadCookieDomain(self): mgr = self._makeOne(request)
self.assertRaises(BrowserIdManagerErr, mgr.setBrowserIdName('bid')
lambda self=self: self.m.setCookieDomain('gubble')) mgr.setBrowserIdNamespaces(())
bid = mgr.getBrowserId()
def testSetGoodCookieLifeDays(self): self.failUnless(isAWellFormedBrowserId(bid))
self.m.setCookieLifeDays(1) self.assertEqual(request.browser_id_, bid)
self.failUnless(self.m.getCookieLifeDays() == 1) self.assertEqual(request.browser_id_ns_, None)
def testSetNoCookieDomain(self): def test_getBrowserId_namespace_miss_w_create_w_cookies(self):
domain = '' from Products.Sessions.BrowserIdManager import isAWellFormedBrowserId
self.m.setCookieDomain(domain) response = DummyResponse(cookies={})
setdomain = self.m.getCookieDomain() request = DummyRequest(RESPONSE=response)
self.failUnless(setdomain == domain) mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
def testSetBadCookieDomain(self): mgr.setBrowserIdNamespaces(('cookies',))
# not enough dots, must be stringtype, semicolon follows respectively bid = mgr.getBrowserId()
for domain in ('zope.org', {1:1}, '.zope.org;'): self.failUnless(isAWellFormedBrowserId(bid))
self.assertRaises(BrowserIdManagerErr, self.assertEqual(request.browser_id_, bid)
lambda self=self, domain=domain: self.m.setCookieDomain(domain)) self.assertEqual(request.browser_id_ns_, None)
self.assertEqual(response.cookies['bid'], {'path': '/', 'value': bid})
def testSetGoodCookieDomain(self):
self.m.setCookieDomain('.zope.org') def test_isBrowserIdNew_nonesuch_raises(self):
setdomain = self.m.getCookieDomain() request = DummyRequest()
self.failUnless( setdomain == '.zope.org', "%s" % setdomain ) mgr = self._makeOne(request)
self.assertRaises(ValueError, mgr.isBrowserIdNew)
def testSetCookieSecure(self):
self.m.setCookieSecure(1) def test_isBrowserIdNew_no_ns(self):
self.failUnless( self.m.getCookieSecure() == 1 ) from Products.Sessions.BrowserIdManager import getNewBrowserId
bid = getNewBrowserId()
def testSetCookieHTTPOnly(self): request = DummyRequest(browser_id_=bid, browser_id_ns_=None)
self.m.setCookieHTTPOnly(True) mgr = self._makeOne(request)
self.assertEqual( self.m.getCookieHTTPOnly(), True ) self.failUnless(mgr.isBrowserIdNew())
def testGetBrowserIdCookie(self): def test_isBrowserIdNew_w_ns(self):
token = self.m.getBrowserId() from Products.Sessions.BrowserIdManager import getNewBrowserId
self.m.REQUEST.browser_id_ = token bid = getNewBrowserId()
self.m.REQUEST.browser_id_ns_ = 'cookies' request = DummyRequest(browser_id_=bid, browser_id_ns_='url')
tokenkey = self.m.getBrowserIdName() mgr = self._makeOne(request)
self.m.REQUEST.cookies[tokenkey] = token self.failIf(mgr.isBrowserIdNew())
a = self.m.getBrowserId()
self.failUnless( a == token, repr(a) ) def test_isBrowserIdFromCookie_nonesuch_raises(self):
self.failUnless( self.m.isBrowserIdFromCookie() ) request = DummyRequest()
mgr = self._makeOne(request)
def testSetBrowserIdDontCreate(self): self.assertRaises(ValueError, mgr.isBrowserIdFromCookie)
a = self.m.getBrowserId(0)
self.failUnless( a == None ) def test_isBrowserIdFromCookie_wrong_ns(self):
from Products.Sessions.BrowserIdManager import getNewBrowserId
def testSetBrowserIdCreate(self): bid = getNewBrowserId()
a = self.m.getBrowserId(1) request = DummyRequest(browser_id_=bid, browser_id_ns_='url')
tokenkey = self.m.getBrowserIdName() mgr = self._makeOne(request)
b = self.m.REQUEST.RESPONSE.cookies[tokenkey] self.failIf(mgr.isBrowserIdFromCookie())
self.failUnless( a == b['value'] )
def test_isBrowserIdFromCookie_right_ns(self):
def testHasBrowserId(self): from Products.Sessions.BrowserIdManager import getNewBrowserId
self.failUnless( not self.m.hasBrowserId() ) bid = getNewBrowserId()
a = self.m.getBrowserId() request = DummyRequest(browser_id_=bid, browser_id_ns_='cookies')
self.failUnless( self.m.hasBrowserId() ) mgr = self._makeOne(request)
self.failUnless(mgr.isBrowserIdFromCookie())
def testBrowserIdIsNew(self):
a = self.m.getBrowserId() def test_isBrowserIdFromForm_nonesuch_raises(self):
self.failUnless( self.m.isBrowserIdNew() ) request = DummyRequest()
mgr = self._makeOne(request)
def testIsBrowserIdFromCookieOnly(self): self.assertRaises(ValueError, mgr.isBrowserIdFromForm)
token = self.m.getBrowserId()
self.m.REQUEST.browser_id_ = token def test_isBrowserIdFromForm_wrong_ns(self):
self.m.REQUEST.browser_id_ns_ = 'cookies' from Products.Sessions.BrowserIdManager import getNewBrowserId
tokenkey = self.m.getBrowserIdName() bid = getNewBrowserId()
self.m.REQUEST.form[tokenkey] = token request = DummyRequest(browser_id_=bid, browser_id_ns_='url')
self.m.setBrowserIdNamespaces(('cookies',)) mgr = self._makeOne(request)
a = self.m.getBrowserId() self.failIf(mgr.isBrowserIdFromForm())
self.failUnless( self.m.isBrowserIdFromCookie() )
self.failUnless( not self.m.isBrowserIdFromForm() ) def test_isBrowserIdFromForm_right_ns(self):
from Products.Sessions.BrowserIdManager import getNewBrowserId
def testIsBrowserIdFromFormOnly(self): bid = getNewBrowserId()
token = self.m.getBrowserId() request = DummyRequest(browser_id_=bid, browser_id_ns_='form')
self.m.REQUEST.browser_id_ = token mgr = self._makeOne(request)
self.m.REQUEST.browser_id_ns_ = 'form' self.failUnless(mgr.isBrowserIdFromForm())
tokenkey = self.m.getBrowserIdName()
self.m.REQUEST.form[tokenkey] = token def test_isBrowserIdFromUrl_nonesuch_raises(self):
self.m.setBrowserIdNamespaces(('form',)) request = DummyRequest()
a = self.m.getBrowserId() mgr = self._makeOne(request)
self.failUnless( not self.m.isBrowserIdFromCookie() ) self.assertRaises(ValueError, mgr.isBrowserIdFromUrl)
self.failUnless( self.m.isBrowserIdFromForm() )
def test_isBrowserIdFromUrl_wrong_ns(self):
def testIsBrowserIdFromUrlOnly(self): from Products.Sessions.BrowserIdManager import getNewBrowserId
token = self.m.getBrowserId() bid = getNewBrowserId()
self.m.REQUEST.browser_id_ = token request = DummyRequest(browser_id_=bid, browser_id_ns_='form')
self.m.REQUEST.browser_id_ns_ = 'url' mgr = self._makeOne(request)
self.m.setBrowserIdNamespaces(('url',)) self.failIf(mgr.isBrowserIdFromUrl())
a = self.m.getBrowserId()
self.failUnless( not self.m.isBrowserIdFromCookie() ) def test_isBrowserIdFromUrl_right_ns(self):
self.failUnless( self.m.isBrowserIdFromUrl() ) from Products.Sessions.BrowserIdManager import getNewBrowserId
bid = getNewBrowserId()
def testFlushBrowserIdCookie(self): request = DummyRequest(browser_id_=bid, browser_id_ns_='url')
token = self.m.getBrowserId() mgr = self._makeOne(request)
self.m.REQUEST.browser_id_ = token self.failUnless(mgr.isBrowserIdFromUrl())
self.m.REQUEST.browser_id_ns_ = 'cookies'
tokenkey = self.m.getBrowserIdName() def test_flushBrowserIdCookie_wrong_ns_raises(self):
self.m.REQUEST.cookies[tokenkey] = token mgr = self._makeOne()
a = self.m.getBrowserId() mgr.setBrowserIdNamespaces(('url', 'form'))
self.failUnless( a == token, repr(a) ) self.assertRaises(ValueError, mgr.flushBrowserIdCookie)
self.failUnless( self.m.isBrowserIdFromCookie() )
self.m.flushBrowserIdCookie() def test_flushBrowserIdCookie_ok(self):
c = self.m.REQUEST.RESPONSE.cookies[tokenkey] response = DummyResponse(cookies={})
self.failUnless( c['value'] == 'deleted' ) request = DummyRequest(RESPONSE=response)
mgr = self._makeOne(request)
def testSetBrowserIdCookieByForce(self): mgr.setBrowserIdName('bid')
token = self.m.getBrowserId() mgr.setBrowserIdNamespaces(('cookies',))
self.m.REQUEST.browser_id_ = token mgr.flushBrowserIdCookie()
self.m.REQUEST.browser_id_ns_ = 'cookies' self.assertEqual(response.cookies['bid'],
tokenkey = self.m.getBrowserIdName() {'path': '/',
self.m.REQUEST.cookies[tokenkey] = token 'expires': 'Sun, 10-May-1971 11:59:00 GMT',
a = self.m.getBrowserId() 'value': 'deleted'})
self.failUnless( a == token )
self.failUnless( self.m.isBrowserIdFromCookie() ) def test_setBrowserIdCookieByForce_wrong_ns_raises(self):
token = 'abcdefghijk' from Products.Sessions.BrowserIdManager import getNewBrowserId
self.m.setBrowserIdCookieByForce(token) bid = getNewBrowserId()
c = self.m.REQUEST.RESPONSE.cookies[tokenkey] mgr = self._makeOne()
self.failUnless( c['value'] == token ) mgr.setBrowserIdNamespaces(('url', 'form'))
self.assertRaises(ValueError, mgr.setBrowserIdCookieByForce, bid)
def testEncodeUrl(self):
keystring = self.m.getBrowserIdName() def test_setBrowserIdCookieByForce_ok(self):
key = self.m.getBrowserId() from Products.Sessions.BrowserIdManager import getNewBrowserId
u = '/home/chrism/foo' bid = getNewBrowserId()
r = self.m.encodeUrl(u) response = DummyResponse(cookies={})
self.failUnless( r == '%s?%s=%s' % (u, keystring, key) ) request = DummyRequest(RESPONSE=response)
u = 'http://www.zope.org/Members/mcdonc?foo=bar&spam=eggs' mgr = self._makeOne(request)
r = self.m.encodeUrl(u) mgr.setBrowserIdName('bid')
self.failUnless( r == '%s&amp;%s=%s' % (u, keystring, key) ) mgr.setBrowserIdNamespaces(('cookies',))
r = self.m.encodeUrl(u, style='inline') mgr.setBrowserIdCookieByForce(bid)
self.failUnless( r == 'http://www.zope.org/%s/%s/Members/mcdonc?foo=bar&spam=eggs' % (keystring, key)) self.assertEqual(response.cookies['bid'], {'path': '/', 'value': bid})
def testGetHiddenFormField(self): def test_getHiddenFormField(self):
keystring = self.m.getBrowserIdName() from Products.Sessions.BrowserIdManager import getNewBrowserId
key = self.m.getBrowserId() bid = getNewBrowserId()
html = self.m.getHiddenFormField() request = DummyRequest(browser_id_=bid)
expected = ('<input type="hidden" name="%s" value="%s">' % mgr = self._makeOne(request)
(keystring, key)) mgr.setBrowserIdName('bid')
self.failUnless( html == expected ) self.assertEqual(mgr.getHiddenFormField(),
'<input type="hidden" name="bid" value="%s" />' % bid)
def testHTTPOnlyCookieAttribute(self):
self.m.setCookieHTTPOnly(True) def test_encodeUrl_no_create_no_bid_raises(self):
self.failUnless(self.m.getBrowserId()) URL = 'http://example.com/'
resp_cookies = self.req.RESPONSE.cookies request = DummyRequest()
session_cookie = resp_cookies[self.m.browserid_name] mgr = self._makeOne(request)
self.assertEqual(session_cookie['http_only'], True) self.assertRaises(ValueError, mgr.encodeUrl, URL, create=False)
def testSecureCookieAttribute_correct_url(self): def test_encodeUrl_no_create_w_bid_querystring_style(self):
self.m.setCookieSecure(1) from Products.Sessions.BrowserIdManager import getNewBrowserId
self.req['URL1'] = 'https://www.test.org' URL = 'http://example.com/'
self.failUnless(self.m.getBrowserId()) bid = getNewBrowserId()
resp_cookies = self.req.RESPONSE.cookies request = DummyRequest(browser_id_=bid)
session_cookie = resp_cookies[self.m.browserid_name] mgr = self._makeOne(request)
self.assertEqual(session_cookie['secure'], True) mgr.setBrowserIdName('bid')
munged = mgr.encodeUrl(URL, create=False)
# This test document the 'feature': self.assertEqual(munged, '%s?bid=%s' % (URL, bid))
# return a browser ID but dont set the cookie
def testSecureCookieAttribute_wrong_url(self): def test_encodeUrl_no_create_w_bid_querystring_style_existing_qs(self):
self.m.setCookieSecure(1) from Products.Sessions.BrowserIdManager import getNewBrowserId
self.req['URL1'] = 'http://www.test.org' URL = 'http://example.com/'
self.failUnless(self.m.getBrowserId()) QS = 'foo=bar'
self.assertEqual( self.req.RESPONSE.cookies, {} ) bid = getNewBrowserId()
request = DummyRequest(browser_id_=bid)
mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
munged = mgr.encodeUrl('%s?%s' % (URL, QS), create=False)
self.assertEqual(munged, '%s?%s&amp;bid=%s' % (URL, QS, bid))
def test_encodeUrl_no_create_w_bid_inline_style(self):
from Products.Sessions.BrowserIdManager import getNewBrowserId
NETHOST = 'http://example.com'
PATH_INFO = 'path/to/page'
URL = '%s/%s' % (NETHOST, PATH_INFO)
bid = getNewBrowserId()
request = DummyRequest(browser_id_=bid)
mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
munged = mgr.encodeUrl(URL, style='inline', create=False)
self.assertEqual(munged, '%s/bid/%s/%s' % (NETHOST, bid, PATH_INFO))
def test_setBrowserIdName_empty_string_raises(self):
mgr = self._makeOne()
self.assertRaises(ValueError, mgr.setBrowserIdName, '')
def test_setBrowserIdName_non_string_raises(self):
mgr = self._makeOne()
self.assertRaises(ValueError, mgr.setBrowserIdName, 1)
def test_setBrowserIdName_normal(self):
mgr = self._makeOne()
mgr.setBrowserIdName('foo')
self.assertEqual(mgr.getBrowserIdName(), 'foo')
def test_setBrowserIdNamespaces_invalid_raises(self):
mgr = self._makeOne()
self.assertRaises(ValueError,
mgr.setBrowserIdNamespaces, ('gummy', 'froopy'))
def test_setBrowserIdNamespaces_normal(self):
NAMESPACES = ('cookies', 'url', 'form')
mgr = self._makeOne()
mgr.setBrowserIdNamespaces(NAMESPACES)
self.assertEqual(mgr.getBrowserIdNamespaces(), NAMESPACES)
def test_setCookiePath_invalid_raises(self):
mgr = self._makeOne()
self.assertRaises(ValueError, mgr.setCookiePath, '/;')
def test_setCookiePath_normal(self):
mgr = self._makeOne()
mgr.setCookiePath('/foo')
self.assertEqual(mgr.getCookiePath(), '/foo')
def test_setCookieLifeDays_invalid_raises(self):
mgr = self._makeOne()
self.assertRaises(ValueError, mgr.setCookieLifeDays, '')
def test_setCookieLifeDays_normal(self):
mgr = self._makeOne()
mgr.setCookieLifeDays(1)
self.assertEqual(mgr.getCookieLifeDays(), 1)
def test_setCookieDomain_non_string_raises(self):
mgr = self._makeOne()
self.assertRaises(ValueError, mgr.setCookieDomain, {1:1})
def test_setCookieDomain_no_dots_raises(self):
mgr = self._makeOne()
self.assertRaises(ValueError, mgr.setCookieDomain, 'gubble')
def test_setCookieDomain_one_dot_raises(self):
mgr = self._makeOne()
self.assertRaises(ValueError, mgr.setCookieDomain, 'zope.org')
def test_setCookieDomain_trailing_semicolon_raises(self):
mgr = self._makeOne()
self.assertRaises(ValueError, mgr.setCookieDomain, '.zope.org;')
def test_setCookieDomain_empty_OK(self):
mgr = self._makeOne()
mgr.setCookieDomain('')
self.assertEqual(mgr.getCookieDomain(), '')
def test_setCookieDomain_two_dots(self):
mgr = self._makeOne()
mgr.setCookieDomain('.zope.org')
self.assertEqual(mgr.getCookieDomain(), '.zope.org')
def test_setCookieDomain_three_dots(self):
mgr = self._makeOne()
mgr.setCookieDomain('.dev.zope.org')
self.assertEqual(mgr.getCookieDomain(), '.dev.zope.org')
def test_setCookieSecure_int(self):
mgr = self._makeOne()
mgr.setCookieSecure(1)
self.failUnless(mgr.getCookieSecure())
mgr.setCookieSecure(0)
self.failIf(mgr.getCookieSecure())
def test_setCookieSecure_bool(self):
mgr = self._makeOne()
mgr.setCookieSecure(True)
self.failUnless(mgr.getCookieSecure())
mgr.setCookieSecure(False)
self.failIf(mgr.getCookieSecure())
def test_setCookieHTTPOnly_bool(self):
mgr = self._makeOne()
mgr.setCookieHTTPOnly(True)
self.failUnless(mgr.getCookieHTTPOnly())
mgr.setCookieHTTPOnly(False)
self.failIf(mgr.getCookieHTTPOnly())
def test_setAutoUrlEncoding_bool(self):
mgr = self._makeOne()
mgr.setAutoUrlEncoding(True)
self.failUnless(mgr.getAutoUrlEncoding())
mgr.setAutoUrlEncoding(False)
self.failIf(mgr.getAutoUrlEncoding())
def test_isUrlInBidNamespaces(self):
mgr = self._makeOne()
mgr.setBrowserIdNamespaces(('cookies', 'url', 'form'))
self.failUnless(mgr.isUrlInBidNamespaces())
mgr.setBrowserIdNamespaces(('cookies', 'form'))
self.failIf(mgr.isUrlInBidNamespaces())
def test__setCookie_remove(self):
response = DummyResponse(cookies={})
request = DummyRequest(RESPONSE=response)
mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
mgr._setCookie('xxx', request, remove=True)
self.assertEqual(response.cookies['bid'],
{'path': '/', 'value': 'xxx',
'expires': 'Sun, 10-May-1971 11:59:00 GMT'})
def test__setCookie_cookie_life_days(self):
response = DummyResponse(cookies={})
request = DummyRequest(RESPONSE=response)
mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
mgr.setCookieLifeDays(1)
mgr._setCookie('xxx', request,
now=lambda: 1,
strftime=lambda x, y: 'Seconds: %d' % y,
gmtime=lambda x: x)
self.assertEqual(response.cookies['bid'],
{'path': '/', 'value': 'xxx',
'expires': 'Seconds: 86401'})
def test__setCookie_cookie_secure_no_URL1_sets_no_cookie(self):
request = DummyRequest()
mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
mgr.setCookieSecure(True)
mgr._setCookie('xxx', request) # no response, doesn't blow up
def test__setCookie_cookie_secure_not_https_sets_no_cookie(self):
request = DummyRequest(URL1='http://example.com/')
mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
mgr.setCookieSecure(True)
mgr._setCookie('xxx', request) # no response, doesn't blow up
def test__setCookie_cookie_secure_is_https(self):
response = DummyResponse(cookies={})
request = DummyRequest(RESPONSE=response, URL1='https://example.com/')
mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
mgr.setCookieSecure(True)
mgr._setCookie('xxx', request)
self.assertEqual(response.cookies['bid'],
{'path': '/', 'value': 'xxx', 'secure': True})
def test__setCookie_domain(self):
response = DummyResponse(cookies={})
request = DummyRequest(RESPONSE=response)
mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
mgr.setCookieDomain('.zope.org')
mgr._setCookie('xxx', request)
self.assertEqual(response.cookies['bid'],
{'path': '/', 'value': 'xxx', 'domain': '.zope.org'})
def test__setCookie_path(self):
response = DummyResponse(cookies={})
request = DummyRequest(RESPONSE=response)
mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
mgr.setCookiePath('/path/')
mgr._setCookie('xxx', request)
self.assertEqual(response.cookies['bid'],
{'path': '/path/', 'value': 'xxx'})
def test__setCookie_http_only(self):
response = DummyResponse(cookies={})
request = DummyRequest(RESPONSE=response, URL1='https://example.com/')
mgr = self._makeOne(request)
mgr.setBrowserIdName('bid')
mgr.setCookieHTTPOnly(True)
mgr._setCookie('xxx', request)
self.assertEqual(response.cookies['bid'],
{'path': '/', 'value': 'xxx', 'http_only': True})
def test__setId_same_id_noop(self):
mgr = self._makeOne(name='foo')
mgr._setId('foo')
def test__setId_different_id_raises(self):
mgr = self._makeOne(name='foo')
self.assertRaises(ValueError, mgr._setId, 'bar')
def test_setCookieSecure_non_HTTPS_doesnt_set_cookie(self):
# Document the "feature" that 'setCookieSecure' allows returning
# a browser ID even where the URL is not HTTPS, and therefor no
# cookie is set.
response = DummyResponse(cookies={})
request = DummyRequest(RESPONSE=response, URL1='http://example.com/')
mgr = self._makeOne(request)
mgr.setCookieSecure(1)
bid = mgr.getBrowserId() # doesn't raise
self.assertEqual(len(response.cookies), 0)
def test_hasTraversalHook_missing(self):
mgr = self._makeOne()
parent = DummyObject()
self.failIf(mgr.hasTraversalHook(parent))
def test_hasTraversalHook_present(self):
mgr = self._makeOne()
parent = DummyObject()
parent.__before_traverse__ = {(0, 'BrowserIdManager'): object()}
self.failUnless(mgr.hasTraversalHook(parent))
def test_updateTraversalData_w_url_ns(self):
from Acquisition import Implicit
from ZPublisher.BeforeTraverse import queryBeforeTraverse
from Products.Sessions.BrowserIdManager import BrowserIdManagerTraverser
class Parent(Implicit):
pass
mgr = self._makeOne()
mgr.setBrowserIdNamespaces(('url',))
parent = Parent()
parent.browser_id_manager = mgr
parent.browser_id_manager.updateTraversalData() # needs wrapper
hooks = queryBeforeTraverse(parent, 'BrowserIdManager')
self.assertEqual(len(hooks), 1)
self.assertEqual(hooks[0][0], 40)
self.failUnless(isinstance(hooks[0][1], BrowserIdManagerTraverser))
def test_updateTraversalData_not_url_ns(self):
from Acquisition import Implicit
from ZPublisher.BeforeTraverse import queryBeforeTraverse
class Parent(Implicit):
pass
mgr = self._makeOne()
mgr.setBrowserIdNamespaces(('cookies', 'form'))
parent = Parent()
parent.__before_traverse__ = {(0, 'BrowserIdManager'): object()}
parent.browser_id_manager = mgr
parent.browser_id_manager.updateTraversalData() # needs wrapper
self.failIf(queryBeforeTraverse(mgr, 'BrowserIdManager'))
def test_registerTraversalHook_doesnt_replace_existing(self):
from Acquisition import Implicit
from ZPublisher.BeforeTraverse import queryBeforeTraverse
class Parent(Implicit):
pass
mgr = self._makeOne()
parent = Parent()
hook = object()
parent.__before_traverse__ = {(0, 'BrowserIdManager'): hook}
parent.browser_id_manager = mgr
parent.browser_id_manager.registerTraversalHook() # needs wrapper
hooks = queryBeforeTraverse(parent, 'BrowserIdManager')
self.assertEqual(len(hooks), 1)
self.assertEqual(hooks[0][0], 0)
self.failUnless(hooks[0][1] is hook)
def test_registerTraversalHook_normal(self):
from Acquisition import Implicit
from ZPublisher.BeforeTraverse import queryBeforeTraverse
from Products.Sessions.BrowserIdManager import BrowserIdManagerTraverser
class Parent(Implicit):
pass
mgr = self._makeOne()
parent = Parent()
parent.browser_id_manager = mgr
parent.browser_id_manager.registerTraversalHook() # needs wrapper
hooks = queryBeforeTraverse(parent, 'BrowserIdManager')
self.assertEqual(len(hooks), 1)
self.assertEqual(hooks[0][0], 40)
self.failUnless(isinstance(hooks[0][1], BrowserIdManagerTraverser))
def test_unregisterTraversalHook_nonesuch_doesnt_raise(self):
from Acquisition import Implicit
class Parent(Implicit):
pass
mgr = self._makeOne()
parent = Parent()
parent.browser_id_manager = mgr
parent.browser_id_manager.unregisterTraversalHook() # needs wrapper
def test_unregisterTraversalHook_normal(self):
from Acquisition import Implicit
from ZPublisher.BeforeTraverse import queryBeforeTraverse
class Parent(Implicit):
pass
mgr = self._makeOne()
parent = Parent()
parent.__before_traverse__ = {(0, 'BrowserIdManager'): object()}
parent.browser_id_manager = mgr
parent.browser_id_manager.unregisterTraversalHook() # needs wrapper
self.failIf(queryBeforeTraverse(mgr, 'BrowserIdManager'))
def testAutoUrlEncoding(self):
self.m.setAutoUrlEncoding(1)
self.m.setBrowserIdNamespaces(('url',))
self.m.updateTraversalData()
traverser = BrowserIdManagerTraverser()
traverser(self.app, self.req)
self.failUnless(isAWellFormedBrowserId(self.req.browser_id_))
self.failUnless(self.req.browser_id_ns_ == None)
self.failUnless(self.req._script[-1] == self.req.browser_id_)
self.failUnless(self.req._script[-2] == '_ZopeId')
def testUrlBrowserIdIsFound(self):
bid = '43295340A0bpcu4nkCI'
name = '_ZopeId'
resp = HTTPResponse()
environ = {}
environ['SERVER_NAME']='fred'
environ['SERVER_PORT']='80'
self.req = HTTPRequest(stdin, environ, resp)
self.req['TraversalRequestNameStack'] = ['foo', 'bar', bid, name]
self.app.REQUEST = self.req
self.m.setAutoUrlEncoding(1)
self.m.setBrowserIdNamespaces(('url',))
self.m.updateTraversalData()
traverser = BrowserIdManagerTraverser()
traverser(self.app, self.req)
self.failUnless(isAWellFormedBrowserId(self.req.browser_id_))
self.failUnless(self.req.browser_id_ns_ == 'url')
self.failUnless(self.req._script[-1] == self.req.browser_id_)
self.failUnless(self.req._script[-2] == '_ZopeId')
self.failUnless(self.req['TraversalRequestNameStack'] == ['foo','bar'])
def testUpdateTraversalData(self):
self.m.setBrowserIdNamespaces(('url',))
self.m.updateTraversalData()
self.failUnless(self.m.hasTraversalHook(self.app))
self.failUnless(queryBeforeTraverse(self.app, 'BrowserIdManager'))
self.m.setBrowserIdNamespaces(('cookies', 'form'))
self.m.updateTraversalData()
self.failUnless(not queryBeforeTraverse(self.app,'BrowserIdManager'))
def test_suite(): class TestBrowserIdManagerTraverser(unittest.TestCase):
testsuite = makeSuite(TestBrowserIdManager, 'test')
return testsuite def _getTargetClass(self):
from Products.Sessions.BrowserIdManager \
import BrowserIdManagerTraverser
return BrowserIdManagerTraverser
def _makeOne(self):
return self._getTargetClass()()
def test___call___no_mgr(self):
traverser = self._makeOne()
container = DummyObject()
request = DummyRequest()
traverser(container, request) # doesn't raise
def test___call___w_mgr_request_has_no_stack(self):
traverser = self._makeOne()
mgr = DummyBrowserIdManager()
container = DummyObject(browser_id_manager=mgr)
request = DummyRequest()
traverser(container, request) # doesn't raise
def test___call___w_mgr_request_has_stack_no_auto_encode(self):
from Products.Sessions.BrowserIdManager import getNewBrowserId
bid = getNewBrowserId()
traverser = self._makeOne()
mgr = DummyBrowserIdManager()
container = DummyObject(browser_id_manager=mgr)
request = DummyRequest(
TraversalRequestNameStack=[bid, 'bid'])
traverser(container, request)
self.assertEqual(request.browser_id_, bid)
self.assertEqual(request.browser_id_ns_, 'url')
self.assertEqual(len(request.TraversalRequestNameStack), 0)
def test___call___w_mgr_request_has_stack_w_auto_encode(self):
from Products.Sessions.BrowserIdManager import getNewBrowserId
bid = getNewBrowserId()
traverser = self._makeOne()
mgr = DummyBrowserIdManager(True)
container = DummyObject(browser_id_manager=mgr)
request = DummyRequest(
TraversalRequestNameStack=[bid, 'bid'], _script=[])
traverser(container, request)
self.assertEqual(request.browser_id_, bid)
self.assertEqual(request.browser_id_ns_, 'url')
self.assertEqual(len(request.TraversalRequestNameStack), 0)
self.assertEqual(len(request._script), 2)
self.assertEqual(request._script[0], 'bid')
self.assertEqual(request._script[1], bid)
def test___call___w_mgr_request_empty_stack_w_auto_encode(self):
from Products.Sessions.BrowserIdManager import isAWellFormedBrowserId
traverser = self._makeOne()
mgr = DummyBrowserIdManager(True)
container = DummyObject(browser_id_manager=mgr)
request = DummyRequest( TraversalRequestNameStack=[], _script=[])
traverser(container, request)
bid = request.browser_id_
self.failUnless(isAWellFormedBrowserId(bid))
self.assertEqual(request.browser_id_ns_, None)
self.assertEqual(len(request.TraversalRequestNameStack), 0)
self.assertEqual(len(request._script), 2)
self.assertEqual(request._script[0], 'bid')
self.assertEqual(request._script[1], bid)
class DummyObject:
def __init__(self, **kw):
self.__dict__.update(kw)
class DummyResponse(DummyObject):
pass
class DummyRequest(DummyObject):
def __getitem__(self, key):
return getattr(self, key)
def get(self, key, default=None):
return getattr(self, key, default)
class DummyBrowserIdManager:
def __init__(self, auto=False):
self._auto = auto
def getBrowserIdName(self):
return 'bid'
def getAutoUrlEncoding(self):
return self._auto
if __name__ == '__main__': def test_suite():
runner = TextTestRunner(verbosity=9) return unittest.TestSuite((
runner.run(test_suite()) unittest.makeSuite(TestBrowserIdManager),
unittest.makeSuite(TestBrowserIdManagerTraverser),
))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7