def test_session_store_stores_none_for_trading_as_if_not_present(self):
session_data = SessionData(
tx_id="tx_id",
schema_name="some_schema_name",
period_str="period_str",
language_code=None,
launch_language_code=None,
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
response_id="response_id",
questionnaire_id="questionnaire_id",
case_id="case_id",
)
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=session_data,
expires_at=self.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.assertIsNone(session_store.session_data.trad_as)
def app_session_store(app, mocker, session_data):
app.permanent_session_lifetime = timedelta(seconds=1)
store = mocker.MagicMock()
store.session_store = SessionStore("user_ik", "pepper")
store.expires_at = datetime.now(tz=timezone.utc) + timedelta(seconds=3)
store.session_data = session_data
return store
def test_session_store_ignores_new_values_in_session_data(self):
session_data = SessionData(
tx_id="tx_id",
schema_name="some_schema_name",
period_str="period_str",
language_code=None,
launch_language_code=None,
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
response_id="response_id",
questionnaire_id="questionnaire_id",
case_id="case_id",
)
session_data.additional_value = "some cool new value you do not know about yet"
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=self.session_data,
expires_at=self.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.assertFalse(
hasattr(session_store.session_data, "additional_value"))
class TestSubmissionPayload(AppContextTestCase):
def setUp(self):
super().setUp()
self.session_data = SessionData(
tx_id="tx_id",
schema_name="schema_name",
response_id="response_id",
period_str="period_str",
language_code="cy",
launch_language_code="en",
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
case_id="0123456789000000",
)
self.session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.expires_at = datetime.now(tzutc()) + timedelta(seconds=5)
def test_submission_language_code_in_payload(self):
session_store = self.session_store.create("eq_session_id", "user_id",
self.session_data,
self.expires_at)
storage = Mock()
storage.get_user_data = Mock(return_value=("{}", 1))
with patch(
"app.views.handlers.submission.get_session_store",
return_value=session_store,
):
with patch("app.views.handlers.submission.convert_answers",
return_value={}):
submission_handler = SubmissionHandler(
QuestionnaireSchema({}), QuestionnaireStore(storage), {})
assert (submission_handler.get_payload()
["submission_language_code"] == "cy")
def setUp(self):
super().setUp()
self.session_data = SessionData(
tx_id="tx_id",
schema_name="schema_name",
response_id="response_id",
period_str="period_str",
language_code="cy",
launch_language_code="en",
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
case_id="0123456789000000",
)
self.session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.expires_at = datetime.now(tzutc()) + timedelta(seconds=5)
def setUp(self):
super().setUp()
self._app.permanent_session_lifetime = timedelta(seconds=1)
self.session_store = SessionStore("user_ik", "pepper")
self.expires_at = datetime.utcnow() + timedelta(seconds=3)
self.session_data = SessionData(
tx_id="tx_id",
schema_name="some_schema_name",
period_str="period_str",
language_code=None,
launch_language_code=None,
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
response_id="response_id",
case_id="case_id",
)
def _extend_session_expiry(session_store: SessionStore) -> None:
"""
Extends the expiration time of the session
:param session_store:
"""
session_timeout = cookie_session.get("expires_in")
if session_timeout:
new_expiration_time = datetime.now(tz=timezone.utc) + timedelta(
seconds=session_timeout)
# Only update expiry time if its greater than 60s different to what is currently set
if (not session_store.expiration_time
or (new_expiration_time -
session_store.expiration_time).total_seconds() > 60):
session_store.expiration_time = new_expiration_time
session_store.save()
logger.debug("session expiry extended")
def test_legacy_load(self):
self._save_session(self.session_id,
self.user_id,
self.session_data,
legacy=True)
session_store = SessionStore(self.user_ik, self.pepper,
self.session_id)
self.assertEqual(session_store.session_data.tx_id,
self.session_data.tx_id)
def test_save(self):
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=self.session_data,
expires_at=self.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.assertEqual(session_store.session_data.tx_id, "tx_id")
def test_save(app, app_session_store):
with app.test_request_context():
app_session_store.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=app_session_store.session_data,
expires_at=app_session_store.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
assert session_store.session_data.tx_id == "tx_id"
def test_session_store_stores_trading_as_value_if_present(
app, app_session_store, session_data):
with app.test_request_context():
app_session_store.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=session_data,
expires_at=app_session_store.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
assert hasattr(session_store.session_data, "trad_as") is True
def create_session_store(eq_session_id: str, user_id: str, user_ik: str,
session_data: str) -> None:
pepper = current_app.eq["secret_store"].get_secret_by_name(
"EQ_SERVER_SIDE_STORAGE_ENCRYPTION_USER_PEPPER")
session_timeout_in_seconds = get_session_timeout_in_seconds(g.schema)
expires_at = datetime.now(tz=tzutc()) + timedelta(
seconds=session_timeout_in_seconds)
# pylint: disable=W0212
g._session_store = (SessionStore(user_ik,
pepper).create(eq_session_id, user_id,
session_data,
expires_at).save())
def test_add_data_to_session(self):
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=self.session_data,
expires_at=self.expires_at,
).save()
current_time = datetime.utcnow().isoformat()
self.session_store.session_data.submitted_time = current_time
self.session_store.save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.assertEqual(session_store.session_data.submitted_time, current_time)
def test_add_data_to_session(app, app_session_store):
with app.test_request_context():
app_session_store.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=app_session_store.session_data,
expires_at=app_session_store.expires_at,
).save()
display_address = "68 Abingdon Road, Goathill"
app_session_store.session_store.session_data.display_address = display_address
app_session_store.session_store.save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
assert session_store.session_data.display_address == display_address
def test_load(app_session_store_encoded):
_save_session(
app_session_store_encoded,
app_session_store_encoded.session_id,
app_session_store_encoded.user_id,
app_session_store_encoded.session_data,
)
session_store = SessionStore(
app_session_store_encoded.user_ik,
app_session_store_encoded.pepper,
app_session_store_encoded.session_id,
)
assert (session_store.session_data.tx_id ==
app_session_store_encoded.session_data.tx_id)
def test_session_store_stores_none_for_trading_as_if_not_present(
app, app_session_store, session_data):
session_data.trad_as = None
with app.test_request_context():
app_session_store.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=session_data,
expires_at=app_session_store.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
assert session_store.session_data.trad_as is None
def create_session_store(eq_session_id: str, user_id: str, user_ik: str,
session_data: SessionData) -> None:
secret_store = current_app.eq["secret_store"] # type: ignore
pepper = secret_store.get_secret_by_name(
"EQ_SERVER_SIDE_STORAGE_ENCRYPTION_USER_PEPPER")
session_timeout_in_seconds = get_session_timeout_in_seconds(g.schema)
expires_at = datetime.now(tz=tzutc()) + timedelta(
seconds=session_timeout_in_seconds)
# pylint: disable=protected-access, assigning-non-slot
g._session_store = (SessionStore(user_ik,
pepper).create(eq_session_id, user_id,
session_data,
expires_at).save())
def test_session_store_ignores_new_values_in_session_data(
app, app_session_store, session_data):
session_data.additional_value = "some cool new value you do not know about yet"
with app.test_request_context():
app_session_store.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=app_session_store.session_data,
expires_at=app_session_store.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
assert hasattr(session_store.session_data, "additional_value") is False
def get_session_store() -> Union[SessionStore, None]:
if USER_IK not in cookie_session or EQ_SESSION_ID not in cookie_session:
return None
# Sets up a single SessionStore instance per request context.
store = g.get("_session_store")
if store is None:
pepper = current_app.eq["secret_store"].get_secret_by_name(
"EQ_SERVER_SIDE_STORAGE_ENCRYPTION_USER_PEPPER")
store = g._session_store = SessionStore(cookie_session[USER_IK],
pepper,
cookie_session[EQ_SESSION_ID])
return store if store.session_data else None
def test_submission_language_code_uses_default_language_if_session_data_language_none(
self, ):
self.session_data.language_code = None
self.session_data.launch_language_code = None
session_store = SessionStore("user_ik", "pepper",
"eq_session_id").create(
"eq_session_id", "user_id",
self.session_data, self.expires_at)
with patch(
"app.views.handlers.submission.get_session_store",
return_value=session_store,
):
submission_handler = SubmissionHandler(
QuestionnaireSchema({}), self.questionnaire_store_mock(), {})
assert submission_handler.get_payload(
)["submission_language_code"] == "en"
class TestAuthenticator(AppContextTestCase): # pylint: disable=too-many-public-methods
def setUp(self):
super().setUp()
self.session_data = SessionData(
tx_id="tx_id",
schema_name="some_schema_name",
response_id="response_id",
period_str="period_str",
language_code=None,
launch_language_code=None,
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
case_id="case_id",
)
self.session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.expires_at = datetime.now(tzutc()) + timedelta(seconds=5)
def test_check_session_with_user_id_in_session(self):
with self.app_request_context("/status"):
with patch(
"app.authentication.authenticator.get_session_store",
return_value=self.session_store,
):
# Given
self.session_store.create("eq_session_id", "user_id",
self.session_data, self.expires_at)
cookie_session[USER_IK] = "user_ik"
# When
user = load_user()
# Then
self.assertEqual(user.user_id, "user_id")
self.assertEqual(user.user_ik, "user_ik")
def test_check_session_with_no_user_id_in_session(self):
with self.app_request_context("/status"):
with patch("app.authentication.authenticator.get_session_store",
return_value=None):
# When
user = load_user()
# Then
self.assertIsNone(user)
def test_load_user(self):
with self.app_request_context("/status"):
with patch(
"app.authentication.authenticator.get_session_store",
return_value=self.session_store,
):
# Given
self.session_store.create("eq_session_id", "user_id",
self.session_data, self.expires_at)
cookie_session[USER_IK] = "user_ik"
# When
user = user_loader(None)
# Then
self.assertEqual(user.user_id, "user_id")
self.assertEqual(user.user_ik, "user_ik")
def test_request_load_user(self):
with self.app_request_context("/status"):
with patch(
"app.authentication.authenticator.get_session_store",
return_value=self.session_store,
):
# Given
self.session_store.create("eq_session_id", "user_id",
self.session_data, self.expires_at)
cookie_session[USER_IK] = "user_ik"
# When
user = request_load_user(None)
# Then
self.assertEqual(user.user_id, "user_id")
self.assertEqual(user.user_ik, "user_ik")
def test_no_user_when_session_has_expired(self):
with self.app_request_context("/status"):
with patch(
"app.authentication.authenticator.get_session_store",
return_value=self.session_store,
):
# Given
self.session_store.create(
"eq_session_id",
"user_id",
self.session_data,
expires_at=datetime.now(tzutc()),
)
cookie_session[USER_IK] = "user_ik"
# When
user = user_loader(None)
# Then
self.assertIsNone(user)
self.assertIsNone(cookie_session.get(USER_IK))
def test_valid_user_does_not_extend_session_expiry_when_expiry_less_than_60_seconds_different(
self, ):
with self.app_request_context("/status"):
with patch(
"app.authentication.authenticator.get_session_store",
return_value=self.session_store,
):
# Given
self.session_store.create("eq_session_id", "user_id",
self.session_data, self.expires_at)
cookie_session[USER_IK] = "user_ik"
cookie_session["expires_in"] = 5
# When
user = user_loader(None)
# Then
self.assertEqual(user.user_id, "user_id")
self.assertEqual(user.user_ik, "user_ik")
self.assertEqual(user.is_authenticated, True)
self.assertEqual(self.session_store.expiration_time,
self.expires_at)
def test_valid_user_extends_session_expiry_when_expiry_greater_than_60_seconds_different(
self, ):
with self.app_request_context("/status"):
with patch(
"app.authentication.authenticator.get_session_store",
return_value=self.session_store,
):
# Given
self.session_store.create("eq_session_id", "user_id",
self.session_data, self.expires_at)
cookie_session[USER_IK] = "user_ik"
cookie_session["expires_in"] = 600
# When
user = user_loader(None)
# Then
self.assertEqual(user.user_id, "user_id")
self.assertEqual(user.user_ik, "user_ik")
self.assertEqual(user.is_authenticated, True)
self.assertGreater(self.session_store.expiration_time,
self.expires_at)
def fixture_session_store():
return SessionStore("user_ik", "pepper", "eq_session_id")
class SessionStoreTest(AppContextTestCase):
def setUp(self):
super().setUp()
self._app.permanent_session_lifetime = timedelta(seconds=1)
self.session_store = SessionStore("user_ik", "pepper")
self.expires_at = datetime.utcnow() + timedelta(seconds=3)
self.session_data = SessionData(
tx_id="tx_id",
schema_name="some_schema_name",
period_str="period_str",
language_code=None,
launch_language_code=None,
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
questionnaire_id="questionnaire_id",
response_id="response_id",
case_id="case_id",
)
def test_no_session(self):
with self._app.test_request_context():
self.assertIsNone(self.session_store.user_id)
self.assertIsNone(self.session_store.session_data)
def test_create(self):
with self._app.test_request_context():
self.session_store.create("eq_session_id", "test",
self.session_data, self.expires_at)
self.assertEqual("eq_session_id", self.session_store.eq_session_id)
self.assertEqual("test", self.session_store.user_id)
self.assertEqual(self.session_data,
self.session_store.session_data)
def test_save(self):
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=self.session_data,
expires_at=self.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.assertEqual(session_store.session_data.tx_id, "tx_id")
def test_delete(self):
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=self.session_data,
expires_at=self.expires_at,
).save()
self.assertEqual("test", self.session_store.user_id)
self.session_store.delete()
self.assertEqual(self.session_store.user_id, None)
def test_add_data_to_session(self):
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=self.session_data,
expires_at=self.expires_at,
).save()
current_time = datetime.utcnow().isoformat()
self.session_store.session_data.submitted_time = current_time
self.session_store.save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.assertEqual(session_store.session_data.submitted_time,
current_time)
def test_should_not_delete_when_no_session(self):
with self.app_request_context("/status") as context:
# Call clear with a valid user_id but no session in database
self.session_store.delete()
# No database calls should have been made
self.assertEqual(
context.app.eq["storage"].client.delete_call_count, 0)
def test_session_store_ignores_new_values_in_session_data(self):
session_data = SessionData(
tx_id="tx_id",
schema_name="some_schema_name",
period_str="period_str",
language_code=None,
launch_language_code=None,
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
response_id="response_id",
questionnaire_id="questionnaire_id",
case_id="case_id",
)
session_data.additional_value = "some cool new value you do not know about yet"
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=self.session_data,
expires_at=self.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.assertFalse(
hasattr(session_store.session_data, "additional_value"))
def test_session_store_ignores_multiple_new_values_in_session_data(self):
session_data = SessionData(
tx_id="tx_id",
schema_name="some_schema_name",
period_str="period_str",
language_code=None,
launch_language_code=None,
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
response_id="response_id",
questionnaire_id="questionnaire_id",
case_id="case_id",
)
session_data.additional_value = "some cool new value you do not know about yet"
session_data.second_additional_value = "some other not so cool value"
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=session_data,
expires_at=self.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.assertFalse(
hasattr(session_store.session_data, "additional_value"))
self.assertFalse(
hasattr(session_store.session_data, "second_additional_value"))
def test_session_store_stores_trading_as_value_if_present(self):
session_data = SessionData(
tx_id="tx_id",
schema_name="some_schema_name",
period_str="period_str",
language_code=None,
launch_language_code=None,
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
response_id="response_id",
questionnaire_id="questionnaire_id",
trad_as="trading_as",
case_id="case_id",
)
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=session_data,
expires_at=self.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.assertTrue(hasattr(session_store.session_data, "trad_as"))
def test_session_store_stores_none_for_trading_as_if_not_present(self):
session_data = SessionData(
tx_id="tx_id",
schema_name="some_schema_name",
period_str="period_str",
language_code=None,
launch_language_code=None,
survey_url=None,
ru_name="ru_name",
ru_ref="ru_ref",
response_id="response_id",
questionnaire_id="questionnaire_id",
case_id="case_id",
)
with self._app.test_request_context():
self.session_store.create(
eq_session_id="eq_session_id",
user_id="test",
session_data=session_data,
expires_at=self.expires_at,
).save()
session_store = SessionStore("user_ik", "pepper", "eq_session_id")
self.assertIsNone(session_store.session_data.trad_as)