def test_single_session_per_whistleblower(self):
"""
Asserts that the first_id is dropped from Sessions and requests
using that session id are rejected
"""
yield self.perform_full_submission_actions()
handler = self.request({'receipt': self.dummySubmission['receipt']})
handler.request.client_using_tor = True
response = yield handler.post()
first_id = response['session_id']
wbtip_handler = self.request(headers={'x-session': first_id},
handler_cls=WBTipInstance)
yield wbtip_handler.get()
response = yield handler.post()
second_id = response['session_id']
wbtip_handler = self.request(headers={'x-session': first_id},
handler_cls=WBTipInstance)
yield self.assertRaises(errors.NotAuthenticated, wbtip_handler.get)
self.assertTrue(Sessions.get(first_id) is None)
valid_session = Sessions.get(second_id)
self.assertTrue(valid_session is not None)
self.assertEqual(valid_session.user_role, 'whistleblower')
wbtip_handler = self.request(headers={'x-session': second_id},
handler_cls=WBTipInstance)
yield wbtip_handler.get()
def test_single_session_per_user(self):
handler = self.request({
'username': '******',
'password': helpers.VALID_PASSWORD1
})
r1 = yield handler.post()
r2 = yield handler.post()
self.assertTrue(Sessions.get(r1['session_id']) is None)
self.assertTrue(Sessions.get(r2['session_id']) is not None)