It's a security problem that runUnitTest starts a webserver without password for manager user.
The general idea:
- ERP5TypeTestCase user gets a random password.
- every time test create user we give them a random password.
- by default there's a manager user whose login and password are set as
manager_usernameandmanager_passwordclass attributes. Many tests where creating a new manager user, but they should be able to use this existing user. - maybe we don't need this patch to allow empty passwords in
publishmethod anymore. - Zelenium is more complex, the tests start logged in as manager for most tests it's enough, but some tests needs to login again as manager. For these, the username and password is set in cookies before starting tests.