How to use a test tornado server handler that authenticates a user via a secure cookie

Question

How can I write a unit test for a tornado handler that authenticates a user via a secure cookie? Here is the code (and sudo code) for a dummy test that I'd like to make pass. I'm using Tornado 3.1.

from tornado.web import  Application, RequestHandler
from tornado.escape import to_unicode, json_decode, json_encode
from tornado.testing import AsyncHTTPTestCase

class MainHandler(RequestHandler):
    """
    Base handler to authenticate user via a secure cookie.
    This is used for an API.
    """
    def get(self):

        user = self.get_secure_cookie('user')

        if user == 'user_email':
            self.write('sucess')
        else:
            self.write('fail')

class UserAPITest(AsyncHTTPTestCase):
    def get_app(self):
        self.app = Application([('/', MainHandler)],
                    cookie_secret='asdfasdf')
        return self.app

    def test_user_profile_annoymous(self):
        #SUDO CODE (what should go here?)
        #cookie = make_secure_cookie('user', 'user_email', cookie_secret)
        #headers = {'Cookie':cookie}

        response = self.fetch('/', method='GET', headers=headers)
        self.assertEqual('sucess', to_unicode(response.body) )

Answer 1

Using mock:

import mock

...

class UserAPITest(AsyncHTTPTestCase):
    def get_app(self):
        self.app = Application([('/', MainHandler)],
                    cookie_secret='asdfasdf')
        return self.app

    def test_user_profile_annoymous(self):
        with mock.patch.object(MainHandler, 'get_secure_cookie') as m:
            m.return_value = 'user_email'
            response = self.fetch('/', method='GET')
        self.assertEqual('sucess', to_unicode(response.body) )

Answer 2

It seems you may try to use a create_signed_value function from tornado.web module:

from tornado.web import create_signed_value

class UserAPITest(AsyncHTTPTestCase):

    def get_app(self):
         self.app = Application([('/', MainHandler)],
                                cookie_secret='asdfasdf')
         return self.app

    def test_user_profile_annoymous(self):
        cookie_name, cookie_value = 'Cookie', 'value'
        secure_cookie = create_signed_value(
            self.app.settings["cookie_secret"],
            cookie_name,
            cookie_value)
        headers = {'Cookie': '='.join((cookie_name, secure_cookie))}

        response = self.fetch('/', method='GET', headers=headers)
        self.assertEqual('success', response.body)