launchpad-reviewers team mailing list archive

Thread
Date

[Merge] ~cjwatson/launchpad:fix-no-anonymous-session-cookies into launchpad:master

To: mp+375099@xxxxxxxxxxxxxxxxxx
From: Colin Watson <cjwatson@xxxxxxxxxxxxx>
Date: Mon, 04 Nov 2019 16:02:24 -0000
Reply-to: mp+375099@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

Colin Watson has proposed merging ~cjwatson/launchpad:fix-no-anonymous-session-cookies into launchpad:master.

Commit message:
Make no-anonymous-session-cookies.txt more robust

Simplify the workaround for the fact that loggerhead isn't running: we
don't actually care here about anything that happens after the
redirection, so it's sufficient to just tell the client not to process
redirections.

LP: #577596

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)
Related bugs:
  Bug #577596 in Launchpad itself: "Test no-anonymous-session-cookies.txt is deficient and needs fixing"
  https://bugs.launchpad.net/launchpad/+bug/577596

For more details, see:
https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/375099
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~cjwatson/launchpad:fix-no-anonymous-session-cookies into launchpad:master.

diff --git a/lib/lp/services/webapp/tests/no-anonymous-session-cookies.txt b/lib/lp/services/webapp/tests/no-anonymous-session-cookies.txt
index 68477f6..dcadf49 100644
--- a/lib/lp/services/webapp/tests/no-anonymous-session-cookies.txt
+++ b/lib/lp/services/webapp/tests/no-anonymous-session-cookies.txt
@@ -51,18 +51,16 @@ The cookie will be set to expire in ten minutes when you log out.  The ten
 minute time interval (set in lp.services.webapp.login and enforced
 with an assert in lp.services.webapp.session) is intended to be fudge
 time for browsers with bad system clocks.
-    >>> # XXX 2010-05-08 bac bug=577596 This work-around for the fact
-    >>> # that loggerhead is not running needs to be replaced with
-    >>> # something more robust and clear.
-    >>> import warnings
-    >>> from urllib2 import HTTPError, URLError
-    >>> from urllib3.exceptions import InsecureRequestWarning
+
+    >>> from six.moves.urllib.error import HTTPError
+    >>> browser.mech_browser.set_handle_redirect(False)
     >>> try:
-    ...     with warnings.catch_warnings():
-    ...         warnings.simplefilter('ignore', InsecureRequestWarning)
-    ...         browser.getControl('Log Out').click()
-    ... except (HTTPError, URLError):
-    ...     pass
+    ...     browser.getControl('Log Out').click()
+    ... except HTTPError as redirection:
+    ...     print(redirection)
+    ...     print(redirection.hdrs['Location'])
+    HTTP Error 303: See Other
+    https://bazaar.launchpad.test/+logout?next_to=...
 
 After ensuring the browser has not left the launchpad.test domain, the
 single cookie is shown to have the ten minute expiration.