def test_del_vars(): environ = dict(create_environ(), REQUEST_URI='', QUERY_STRING='foo=foo&_username=foo&_password=bar&bar=bar') with AppContext(DummyApplication(environ, None)), \ RequestContext(htmllib.html(Request(environ))): # First we hit the cached property so we can see that the underlying Request object # actually got replaced later. _ = request.args _ = html.request.args html.request.set_var("foo", "123") html.del_var_from_env("_username") html.del_var_from_env("_password") # Make test independent of dict sorting assert html.request.query_string in [ 'foo=foo&bar=bar', 'bar=bar&foo=foo' ] assert '_password' not in html.request.args assert '_username' not in html.request.args # Check the request local proxied version too. # Make test independent of dict sorting assert request.query_string in ['foo=foo&bar=bar', 'bar=bar&foo=foo'] assert '_password' not in request.args assert '_username' not in request.args assert html.request.var("foo") == "123"
def check_auth_automation(): secret = html.request.var("_secret", "").strip() user_id = html.get_unicode_input("_username", "").strip() html.del_var_from_env('_username') html.del_var_from_env('_secret') if verify_automation_secret(user_id, secret): # Auth with automation secret succeeded - mark transid as unneeded in this case html.transaction_manager.ignore() set_auth_type("automation") return user_id raise MKAuthException(_("Invalid automation secret for user %s") % user_id)