[kforge-dev] Authentication bug: not finding the cookie
rufus.pollock at okfn.org
Thu Nov 2 16:29:19 GMT 2006
John Bywater wrote:
> Rufus Pollock wrote:
>> Looking at the code this implies that there **are** cookies in the
>> request but that there is no kui session cookie:
>> kui_auth_cookie = cookies.get('kui_auth')
> That's the problem: the cookie isn't called 'kui_auth' anymore, but
> I've fixed the cookie name up by using the kforge.dicitonarywords
> constant, so we don't suffer from the same word mismatch in the furture.
> I'm also just finishing refactoring the (very long) procedural
> mod_python handlers we have into an OO style , and in the process
Yes I'd already seen the start on that and it looked a lot cleaner than
the *very* long methods we'd ended up with.
> putting those objects under unit test. I've also reviewed the mod_python
> manual, and improved the way a few things are done. I hope the redirect
> to login is also sorted out. I also rewrote the apache config fragment,
> to be clearer about what happens  (search for 'Satisfy Any') . But I
> didn't check everything in yet.
> The only reason we were thinking this code was difficult to test is
> because we needed to import apache, which you can't do from the unit
> test suite. But we only need to import apache for apache return codes
> (apache.OK, etc). So I've written the handlers to return more human
Good point (I thought we also used it for the cookie stuff but obviously
> readable string codes ('ALLOW', 'DENY', 'DEFER', 'REDIRECT'), and then
> configured apache to register functions to wrap these unit-tested
> handler objects, and to return apache codes instead of the strings.
> For the unit tests I wrote some mock mod_python request objects. So we
> should be able to pin everything down now.
Yes not having that under unittest was definitely an issue. I think we
can also address this by writing more web unit tests something I intend
to spend some time doing.
> I will leave room for the tests to be refined and extended.
> PS Hope to commit things shortly......
More information about the kforge-dev