Commit c91508e5 authored by Christophe de Vienne's avatar Christophe de Vienne
Browse files

[auth] Authtkt http_only and secure by default

The test suite is now full 'https'.

Closes #4731765
parent 197e10cb74f7
......@@ -144,7 +144,9 @@ def includeme(config):
'hashalg': 'sha512',
'cookie_name': 'auth_tkt',
'timeout': 1200,
'reissue_time': 120
'reissue_time': 120,
'http_only': True,
'secure': True
},
prefix=session_prefix,
**settings
......@@ -158,7 +160,9 @@ def includeme(config):
'hashalg': 'sha512',
'cookie_name': 'pauth_tkt',
'max_age': 3600*24*30,
'reissue_time': 3600*24
'reissue_time': 3600*24,
'http_only': True,
'secure': True
},
prefix=persistent_prefix,
**settings
......
......@@ -15,6 +15,8 @@ class PyramidCWTest(CubicWebTestTC):
config.global_set_option('anonymous-user', 'anon')
config['pyramid-auth-secret'] = 'authsecret'
config['pyramid-session-secret'] = 'sessionsecret'
config.https_uiprops = None
config.https_datadir_url = None
def setUp(self):
# Skip CubicWebTestTC setUp
......@@ -22,7 +24,9 @@ class PyramidCWTest(CubicWebTestTC):
config = make_cubicweb_application(self.config, self.settings)
self.includeme(config)
self.pyr_registry = config.registry
self.webapp = webtest.TestApp(config.make_wsgi_app())
self.webapp = webtest.TestApp(
config.make_wsgi_app(),
extra_environ={'wsgi.url_scheme': 'https'})
def includeme(self, config):
pass
......@@ -96,9 +96,3 @@ class WSGIAppTest(PyramidCWTest):
'/', POST=params,
content_type='application/x-www-form-urlencoded'))
self.assertEqual(u"é", req.form['arg'])
@classmethod
def init_config(cls, config):
super(WSGIAppTest, cls).init_config(config)
config.https_uiprops = None
config.https_datadir_url = None
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment