Django 1.6 compatibility

  + Added installation notes about the SESSION_SERIALIZER setting.
  + Included tox.ini section for Python 2.7 + Django 1.6.
  + New decorator override_session_serializer enforces pickle session
    serialization in tests.
  + Added test checking Django version defaults for
    SESSION_SERIALIZER.

5 files changed, 50 insertions, 3 deletions

diff --git a/django_openid_auth/tests/__init__.py b/django_openid_auth/tests/__init__.py
index 5b3964a..70bcb36 100644
--- a/django_openid_auth/tests/__init__.py
+++ b/django_openid_auth/tests/__init__.py
@@ -28,6 +28,7 @@
 
 import unittest
 from test_views import *
+from test_settings import *
 from test_store import *
 from test_auth import *
 from test_admin import *
@@ -35,8 +36,8 @@ from test_admin import *
 
 def suite():
     suite = unittest.TestSuite()
-    for name in ['test_auth', 'test_models', 'test_store', 'test_views',
-                 'test_admin']:
+    for name in ['test_auth', 'test_models', 'test_settings', 'test_store',
+                 'test_views', 'test_admin']:
         mod = __import__('%s.%s' % (__name__, name), {}, {}, ['suite'])
         suite.addTest(mod.suite())
     return suite
diff --git a/django_openid_auth/tests/helpers.py b/django_openid_auth/tests/helpers.py
new file mode 100644
index 0000000..b663c5b
--- /dev/null
+++ b/django_openid_auth/tests/helpers.py
@@ -0,0 +1,5 @@
+from django.test.utils import override_settings
+
+
+override_session_serializer = override_settings(
+    SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer')
diff --git a/django_openid_auth/tests/test_auth.py b/django_openid_auth/tests/test_auth.py
index 87536d1..ef70a7d 100644
--- a/django_openid_auth/tests/test_auth.py
+++ b/django_openid_auth/tests/test_auth.py
@@ -39,6 +39,7 @@ from django.test import TestCase
 from django_openid_auth.auth import OpenIDBackend
 from django_openid_auth.models import UserOpenID
 from django_openid_auth.teams import ns_uri as TEAMS_NS
+from django_openid_auth.tests.helpers import override_session_serializer
 from openid.consumer.consumer import SuccessResponse
 from openid.consumer.discover import OpenIDServiceEndpoint
 from openid.message import Message, OPENID2_NS
@@ -47,6 +48,8 @@ from openid.message import Message, OPENID2_NS
 SREG_NS = "http://openid.net/sreg/1.0"
 AX_NS = "http://openid.net/srv/ax/1.0"
 
+
+@override_session_serializer
 class OpenIDBackendTests(TestCase):
 
     def setUp(self):
diff --git a/django_openid_auth/tests/test_settings.py b/django_openid_auth/tests/test_settings.py
new file mode 100644
index 0000000..5704ffa
--- /dev/null
+++ b/django_openid_auth/tests/test_settings.py
@@ -0,0 +1,35 @@
+from unittest import skipIf, TestLoader
+
+from django import VERSION
+from django.conf import settings
+from django.test import TestCase
+
+
+class SessionSerializerTest(TestCase):
+    """Django 1.6 changed the default session serializer to use JSON
+    instead of pickle for security reasons[0]. Unfortunately the
+    openid module on which we rely stores objects which are not JSON
+    serializable[1], so until this is fixed upstream (or we decide to
+    create a wrapper serializer) we are recommending Django 1.6 users
+    to fallback to the PickleSerializer.
+
+    [0] https://bit.ly/1myzetd
+    [1] https://github.com/openid/python-openid/issues/17
+    """
+    @skipIf(VERSION >= (1, 6, 0), "Old versions used the pickle serializer.")
+    def test_not_using_json_session_serializer(self):
+        # We use getattr because this setting did not exist in Django
+        # 1.4 (pickle serialization was hard coded)
+        serializer = getattr(settings, 'SESSION_SERIALIZER', '')
+        self.assertNotEqual(
+            serializer, 'django.contrib.sessions.serializers.JSONSerializer')
+
+    @skipIf(VERSION < (1, 6, 0), "Newer versions use JSON by default.")
+    def test_using_json_session_serializer(self):
+        serializer = getattr(settings, 'SESSION_SERIALIZER', '')
+        self.assertEqual(
+            serializer, 'django.contrib.sessions.serializers.JSONSerializer')
+
+
+def suite():
+    return TestLoader().loadTestsFromName(__name__)
diff --git a/django_openid_auth/tests/test_views.py b/django_openid_auth/tests/test_views.py
index 47187b2..239e08e 100644
--- a/django_openid_auth/tests/test_views.py
+++ b/django_openid_auth/tests/test_views.py
@@ -47,6 +47,7 @@ from openid.message import IDENTIFIER_SELECT
 
 from django_openid_auth import teams
 from django_openid_auth.models import UserOpenID
+from django_openid_auth.tests.helpers import override_session_serializer
 from django_openid_auth.views import (
     sanitise_redirect_url,
     make_consumer,
@@ -161,6 +162,8 @@ class DummyDjangoRequest(object):
         return request
     REQUEST = property(_combined_request)
 
+
+@override_session_serializer
 class RelyingPartyTests(TestCase):
     urls = 'django_openid_auth.tests.urls'
 
@@ -1354,7 +1357,6 @@ class RelyingPartyTests(TestCase):
         self.assertTrue(group3 not in user.groups.all())
 
     def test_login_teams_staff_not_defined(self):
-        delattr(settings, 'OPENID_LAUNCHPAD_STAFF_TEAMS')
         user = User.objects.create_user('testuser', 'someone@example.com')
         user.is_staff = True
         user.save()
@@ -1433,6 +1435,7 @@ class RelyingPartyTests(TestCase):
         openid_login_complete.disconnect(login_callback)
 
 
+@override_session_serializer
 class HelperFunctionsTest(TestCase):
     def test_sanitise_redirect_url(self):
         settings.ALLOWED_EXTERNAL_OPENID_REDIRECT_DOMAINS = [