Test for Cookie Auth
====================

  >>> import os
  >>> import hmac
  >>> import sha
  >>> import base64
  >>> import re
  >>> from urllib import quote
  >>> from zope.interface import implementedBy
  >>> from Interface.Implements import flattenInterfaces
  >>> from Products.PloneTestCase.PloneTestCase import portal_name

Ensure that the environment is set up
  >>> secret_file_name = os.environ.get('TOPP_SECRET_FILENAME', '')
  >>> if not secret_file_name:
  ...    secret_file_name = os.path.join(os.environ.get('INSTANCE_HOME'), 'secret.txt')

  >>> len(secret_file_name) > 0
  True
  >>> os.path.exists(secret_file_name)
  True
  >>> f = open (secret_file_name)
  >>> secret = f.readline().strip()
  >>> f.close()
  >>> len(secret) > 0
  True


Make sure cookie plugin is installed and activated.

  >>> uf = self.portal.acl_users

  >>> uf.objectIds('Signed Cookie Auth Helper')
  ['credentials_signed_cookie_auth']

  >>> plugins = uf.plugins
  >>> cookie = uf['credentials_signed_cookie_auth']

Create a user

  >>> user_name, user_password, user_role = ('baz', 'bar', 'Manager')
  >>> uf.userFolderAddUser(user_name, user_password, [user_role], [])

  >>> uf.getUserById(user_name)
  <MembraneUser 'baz'>

Login to Plone site using Signed Cookie Auth should work too.

  >>> cookie = uf['credentials_signed_cookie_auth']

  >>> auth = hmac.new(secret, user_name, sha).hexdigest()
  >>> encoded = base64.encodestring('%s\0%s' % (user_name, auth))
  >>> print base64.encodestring('%s\0%s' % (user_name, auth))
  YmF6A...
  ...

The cookie set by PlonePAS should be URL-quoted.

  >>> response = http(r"""
  ... GET /%s/logged_in HTTP/1.1
  ... Cookie: __ac=%s
  ... """ % (portal_name, quote(encoded)), handle_errors=False)
  >>> response = str(response)
  >>> response.startswith('HTTP/1.1 200 OK')
  True
  >>> match = re.search('Set-Cookie: __ac="[^"]*"', response)
  >>> match is not None
  True

Bad cookies should be rejected
  >>> bad = base64.encodestring('%s\0%s' % (user_name, 'bogusauth'))
  >>> print http(r"""
  ... GET /%s/logged_in HTTP/1.1
  ... Cookie: __ac=%s
  ... """ % (portal_name, quote(bad)), handle_errors=False)
  HTTP/1.1 200 OK
  ...
  Set-Cookie: __ac="deleted";...

