Hello,
I'm having a hard time testing my Pyramid project authentication and
authorization with Webtest. The problem is, I believe, is that my cookie
auth_tkt is never sent to the server and this makes the authentication
impossible.
Here are my query and response when I am manually testing with Firefox:
GET /login?user=Pierre HTTP/1.1
Host: localhost:6543
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/
37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr-CA,fr;q=0.8,fr-FR;q=0.6,en-US;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate
Cookie: csrftoken=rD5qbfw2SXHc6XeeZDdaZWD292EuMMKX
Connection: keep-alive
Cache-Control: max-age=0
HTTP/1.1 200 OK
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Sat, 25 Apr 2015 21:11:49 GMT
Server: waitress
Set-Cookie:
'auth_tkt'="08f6c31471ffbc1f7d7064ebc71e9c4a553c0315UGllcnJl!userid_type:b64unicode";
Max-Age=2592000; Path=/; expires=2592000; secure; HttpOnly
Set-Cookie:
'auth_tkt'="08f6c31471ffbc1f7d7064ebc71e9c4a553c0315UGllcnJl!userid_type:b64unicode";
Domain=localhost; Max-Age=2592000; Path=/; expires=2592000; secure;
HttpOnly
Set-Cookie:
'auth_tkt'="08f6c31471ffbc1f7d7064ebc71e9c4a553c0315UGllcnJl!userid_type:b64unicode";
Domain=.localhost; Max-Age=2592000; Path=/; expires=2592000; secure;
HttpOnly
You can see there is a Set-Cookie in the response.
But if I query again, the cookie auth_tkt is not send to the server.
GET /login?user=Pierre HTTP/1.1
Host: localhost:6543
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/
37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: fr-CA,fr;q=0.8,fr-FR;q=0.6,en-US;q=0.4,en;q=0.2
Accept-Encoding: gzip, deflate
Cookie: csrftoken=rD5qbfw2SXHc6XeeZDdaZWD292EuMMKX
Connection: keep-alive
In my config file I have:
auth.secret = 'some secret'
auth.token = 'auth_tkt' auth.secure = False
# Session valid 30 days:
auth.timeout = 2592000 auth.reissue_time = None
# Session will expire after timeout
auth.max_age = 2592000
And in the code I have:
config.set_authentication_policy(
AuthTktAuthenticationPolicy(secret=settings["auth.secret"],
callback=_get_groups,
cookie_name=settings["auth.token"],
secure=settings["auth.secure"],
include_ip=False,
timeout=settings["auth.timeout"],
reissue_time=settings["auth.reissue_time"],
max_age=settings["auth.max_age"],
path="/", http_only=True,
wild_domain=True,
debug=False))
I am using Pyramid 1.5.4 with Python 2.7.3 on Debian 7 AMD64.
What do you think I might be doing wrong?
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/pylons-discuss.
For more options, visit https://groups.google.com/d/optout.
