Index: openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/test/Attic/security-procs.tcl,v diff -u -N -r1.1.2.1 -r1.1.2.2 --- openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl 12 Jan 2021 17:32:47 -0000 1.1.2.1 +++ openacs-4/packages/acs-tcl/tcl/test/security-procs.tcl 25 Jan 2021 16:43:33 -0000 1.1.2.2 @@ -42,8 +42,34 @@ set url [ns_conn location] } set url "$url/$test_url" - set headers [ns_conn headers] + # This test strictly requires a cookie-based + # authentication, and not e.g. a test authentication + # such as that we obtain via acs::test::login. A user + # agent relying on such test authentication (e.g. in a + # continuous integration pipeline) would fail this + # test. Let's forge one: login the current user so + # that cookies are set, retrieve such cookies and set + # them as headers of the next HTTP request. + # set headers [ns_conn headers] + set headers [ns_set create] + ad_user_login $user_id + set cookies [list] + foreach cookie { + ad_session_id + ad_user_login + ad_user_login_secure + ad_secure_token + } { + set cookie_value [ns_getcookie -include_set_cookies true -- $cookie ""] + if {$cookie_value ne ""} { + lappend cookies $cookie=\"${cookie_value}\" + } + } + if {[llength $cookies] > 0} { + ns_set put $headers cookie [join $cookies "; "] + } + aa_section "Request the page as myself" set r [ns_http run -headers $headers -method GET $url] aa_equals "I should now be authenticated" [dict get $r status] 200 @@ -61,4 +87,3 @@ ns_unregister_op GET $test_url } } -