Commit d9e60901 authored by Jérome Perrin's avatar Jérome Perrin Committed by Arnaud Fontaine

zope4: depend on Zope 4.8.3 ( unreleased 68f0c122 )

parent d0baea73
......@@ -34,6 +34,8 @@ import unittest
import urllib
from Products.ERP5Type.tests.ERP5TypeTestCase import ERP5TypeTestCase
from DateTime import DateTime
from ZPublisher.cookie import normalizeCookieParameterName
class TestAuoLogout(ERP5TypeTestCase):
"""
......@@ -87,7 +89,7 @@ class TestAuoLogout(ERP5TypeTestCase):
# check '__ac' cookie has set an expire timeout
ac_cookie = response.getCookie('__ac')
self.assertNotEqual(ac_cookie, None)
cookie_expire = ac_cookie['expires']
cookie_expire = ac_cookie[normalizeCookieParameterName('expires')]
one_second = 1/24.0/60.0/60.0
self.assertGreater((now + (5 + 1) * one_second), DateTime(cookie_expire)) # give 1s tollerance
......@@ -100,7 +102,7 @@ class TestAuoLogout(ERP5TypeTestCase):
self.assertIn('Welcome to ERP5', response.getBody())
ac_cookie = response.getCookie('__ac')
self.assertNotEqual(ac_cookie, None)
self.assertEqual(ac_cookie.get('expires', None), None)
self.assertEqual(ac_cookie.get(normalizeCookieParameterName('expires'), None), None)
def test_suite():
suite = unittest.TestSuite()
......
......@@ -3285,10 +3285,6 @@ def test_suite():
add_tests(suite, ZPublisher.tests.testHTTPRequest)
import ZPublisher.tests.testHTTPResponse
testHTTPResponse_TestHeaderEncodingRegistry_test_encode_words = \
ZPublisher.tests.testHTTPResponse.TestHeaderEncodingRegistry.test_encode_words
ZPublisher.tests.testHTTPResponse.TestHeaderEncodingRegistry.test_encode_words = \
unittest.expectedFailure(testHTTPResponse_TestHeaderEncodingRegistry_test_encode_words)
add_tests(suite, ZPublisher.tests.testHTTPResponse)
import ZPublisher.tests.testIterators
......
......@@ -167,7 +167,7 @@ class TestFacebookLogin(ERP5TypeTestCase):
ac_cookie, = [v for (k, v) in response.listHeaders() if k.lower() == 'set-cookie' and '__ac_facebook_hash=' in v]
self.assertIn('; Secure', ac_cookie)
self.assertIn('; HTTPOnly', ac_cookie)
self.assertIn('; HttpOnly', ac_cookie)
self.assertIn('; SameSite=Lax', ac_cookie)
def test_create_user_in_ERP5Site_createFacebookUserToOAuth(self):
......
......@@ -216,7 +216,7 @@ class TestGoogleLogin(GoogleLoginTestCase):
ac_cookie, = [v for (k, v) in response.listHeaders() if k.lower() == 'set-cookie' and '__ac_google_hash=' in v]
self.assertIn('; Secure', ac_cookie)
self.assertIn('; HTTPOnly', ac_cookie)
self.assertIn('; HttpOnly', ac_cookie)
self.assertIn('; SameSite=Lax', ac_cookie)
def test_create_user_in_ERP5Site_createGoogleUserToOAuth(self):
......
......@@ -135,7 +135,7 @@ class TestOpenIdConnectLogin(OpenIdConnectLoginTestCase):
ac_cookie, = [v for (k, v) in response.listHeaders() if k.lower() == 'set-cookie' and '__ac_openidconnect_hash=' in v]
self.assertIn('; Secure', ac_cookie)
self.assertIn('; HTTPOnly', ac_cookie)
self.assertIn('; HttpOnly', ac_cookie)
self.assertIn('; SameSite=Lax', ac_cookie)
def test_existing_user(self):
......
......@@ -1585,8 +1585,8 @@ class TestAuthenticationCookie(UserManagementTestCase):
# Secure flag so that cookie is sent only on https
self.assertIn('; Secure', ac_cookie)
# HTTPOnly flag so that javascript cannot access cookie
self.assertIn('; HTTPOnly', ac_cookie)
# HttpOnly flag so that javascript cannot access cookie
self.assertIn('; HttpOnly', ac_cookie)
# SameSite=Lax flag so that cookie is not sent on cross origin requests.
# We set Lax (and not strict) so that opening a link to ERP5 from an
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment