_acs-tcl__logout_from_everywhere (private)
_acs-tcl__logout_from_everywhere
Defined in packages/acs-tcl/tcl/test/security-procs.tcl
- Partial Call Graph (max 5 caller/called nodes):
- Testcases:
- No testcase defined.
Source code: set _aa_export {} set body_count 1 foreach testcase_body {{ set user_id [ad_conn user_id] aa_run_with_teardown -test_code { set test_url acs-tcl-test-security-procs-logout-from-everywhere ns_register_proc GET $test_url { if {[ad_conn user_id] == 0} { ns_return 403 text/plain Forbidden } else { ns_return 200 text/plain OK } } set url [acs::test::url]/${test_url} # This test strictly requires a cookie-based # authentication, and not e.g. a test authentication # such as that we obtain via acs::test::login. A user # agent relying on such test authentication (e.g. in a # continuous integration pipeline) would fail this # test. Let's forge one: login the current user so # that cookies are set, retrieve such cookies and set # them as headers of the next HTTP request. # set headers [ns_conn headers] set headers [ns_set create] ad_user_login $user_id set cookies [list] foreach cookie { ad_session_id ad_user_login ad_user_login_secure ad_secure_token } { set cookie_value [ns_getcookie -include_set_cookies true -- $cookie ""] if {$cookie_value ne ""} { lappend cookies $cookie=\"${cookie_value}\" } } if {[llength $cookies] > 0} { ns_set put $headers cookie [join $cookies "; "] } aa_section "Request the page as myself" set r [ns_http run -headers $headers -method GET $url] aa_equals "I should now be authenticated" [dict get $r status] 200 aa_section "Change the authentication token" sec_change_user_auth_token $user_id aa_section "Check again if my login works" aa_silence_log_entries -severities warning { # Warning: downgrade login_level of user ... since there is no login cookie provided set r [ns_http run -headers $headers -method GET $url] } aa_equals "I should now NOT be authenticated" [dict get $r status] 403 } -teardown_code { # Fix my login ad_user_login $user_id ns_unregister_op GET $test_url } }} { aa_log "Running testcase body $body_count" set ::__aa_test_indent [info level] set catch_val [catch $testcase_body msg] if {$catch_val != 0 && $catch_val != 2} { aa_log_result "fail" "logout_from_everywhere (body $body_count): Error during execution: $msg, stack trace: \n$::errorInfo" } incr body_count }XQL Not present: Generic, PostgreSQL, Oracle