def test_del_vars():
environ = dict(create_environ(),
REQUEST_URI='',
QUERY_STRING='foo=foo&_username=foo&_password=bar&bar=bar')
with AppContext(DummyApplication(environ, None)), \
RequestContext(htmllib.html(Request(environ))):
# First we hit the cached property so we can see that the underlying Request object
# actually got replaced later.
_ = request.args
_ = html.request.args
html.request.set_var("foo", "123")
html.del_var_from_env("_username")
html.del_var_from_env("_password")
# Make test independent of dict sorting
assert html.request.query_string in [
'foo=foo&bar=bar', 'bar=bar&foo=foo'
]
assert '_password' not in html.request.args
assert '_username' not in html.request.args
# Check the request local proxied version too.
# Make test independent of dict sorting
assert request.query_string in ['foo=foo&bar=bar', 'bar=bar&foo=foo']
assert '_password' not in request.args
assert '_username' not in request.args
assert html.request.var("foo") == "123"
def check_auth_automation():
secret = html.request.var("_secret", "").strip()
user_id = html.get_unicode_input("_username", "").strip()
html.del_var_from_env('_username')
html.del_var_from_env('_secret')
if verify_automation_secret(user_id, secret):
# Auth with automation secret succeeded - mark transid as unneeded in this case
html.transaction_manager.ignore()
set_auth_type("automation")
return user_id
raise MKAuthException(_("Invalid automation secret for user %s") % user_id)
