From c0e4479d5f609d272828968b6fd02a32ae2e830d Mon Sep 17 00:00:00 2001
From: Kazuhiko Shiozaki <kazuhiko@nexedi.com>
Date: Fri, 25 Feb 2011 20:20:31 +0000
Subject: [PATCH] check if key authentication works for non front page and web
 mode. # this test fails for now.

git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@43785 20353a03-c40f-0410-a6d1-a30d3c3de9de
---
 .../ERP5Security/tests/testERP5Security.py    | 24 ++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/product/ERP5Security/tests/testERP5Security.py b/product/ERP5Security/tests/testERP5Security.py
index 5640729613..307d3c8749 100644
--- a/product/ERP5Security/tests/testERP5Security.py
+++ b/product/ERP5Security/tests/testERP5Security.py
@@ -51,7 +51,7 @@ class TestUserManagement(ERP5TypeTestCase):
 
   def getBusinessTemplateList(self):
     """List of BT to install. """
-    return ('erp5_base',)
+    return ('erp5_base', 'erp5_web',)
 
   def beforeTearDown(self):
     """Clears person module and invalidate caches when tests are finished."""
@@ -721,6 +721,28 @@ class TestLocalRoleManagement(ERP5TypeTestCase):
     self.assertEqual(response.getStatus(), 200)
     self.assertTrue(reference in response.getBody())
 
+    # check if key authentication works other page than front page
+    person_module = portal.person_module
+    base_url = person_module.absolute_url(relative=1)
+    response = self.publish(base_url)
+    self.assertEqual(response.getStatus(), 302)
+    self.assertTrue('location' in response.headers.keys())
+    self.assertTrue('%s/login_form?came_from=' % portal.getId(), response.headers['location'])
+    response = self.publish('%s?__ac_key=%s' %(base_url, key))
+    self.assertEqual(response.getStatus(), 200)
+    self.assertTrue(reference in response.getBody())
+
+    # check if key authentication works with web_mode too
+    web_site = portal.web_site_module.newContent(portal_type='Web Site')
+    base_url = web_site.absolute_url(relative=1)
+    response = self.publish(base_url)
+    self.assertEqual(response.getStatus(), 302)
+    self.assertTrue('location' in response.headers.keys())
+    self.assertTrue('%s/login_form?came_from=' % portal.getId(), response.headers['location'])
+    response = self.publish('%s?__ac_key=%s' %(base_url, key))
+    self.assertEqual(response.getStatus(), 200)
+    self.assertTrue(reference in response.getBody())
+
   def testERP5ExternalAuthenticationPlugin(self):
     """
      Make sure that we can grant security using a ERP5 External Authentication Plugin.
-- 
2.30.9