Commit 6e273685 authored by Denis Laxalde's avatar Denis Laxalde
Browse files

[pyramid] Do not issue security warnings in test mode

When some session or authtk secret is missing in Pyramid settings,
scary "!! SECURITY WARNING !!" are issued. This is arguably pointless in
tests. So disable them in this case.
parent 68ca7fe0ca29
...@@ -198,7 +198,8 @@ def includeme(config): ...@@ -198,7 +198,8 @@ def includeme(config):
session_prefix + 'secret', 'notsosecret') session_prefix + 'secret', 'notsosecret')
persistent_secret = settings.get( persistent_secret = settings.get(
persistent_prefix + 'secret', 'notsosecret') persistent_prefix + 'secret', 'notsosecret')
if 'notsosecret' in (session_secret, persistent_secret): if ('notsosecret' in (session_secret, persistent_secret)
and config.registry['cubicweb.config'].mode != 'test'):
warnings.warn(''' warnings.warn('''
!! SECURITY WARNING !! !! SECURITY WARNING !!
......
...@@ -255,17 +255,18 @@ def includeme(config): ...@@ -255,17 +255,18 @@ def includeme(config):
secret = settings['cubicweb.session.secret'] secret = settings['cubicweb.session.secret']
except KeyError: except KeyError:
secret = 'notsosecret' secret = 'notsosecret'
warnings.warn(''' if config.registry['cubicweb.config'].mode != 'test':
warnings.warn('''
!! WARNING !! !! WARNING !! !! WARNING !! !! WARNING !!
The session cookies are signed with a static secret key. The session cookies are signed with a static secret key.
To put your own secret key, edit your pyramid.ini file To put your own secret key, edit your pyramid.ini file
and set the 'cubicweb.session.secret' key. and set the 'cubicweb.session.secret' key.
YOU SHOULD STOP THIS INSTANCE unless your really know what you YOU SHOULD STOP THIS INSTANCE unless your really know what you
are doing !! are doing !!
''') ''')
session_factory = CWSessionFactory(secret) session_factory = CWSessionFactory(secret)
config.set_session_factory(session_factory) config.set_session_factory(session_factory)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment