Ejemplo n.º 1
0
def test_repeated_login_session_population(app):
    """Verify that the number of SessionActivity entries match the number of
    sessions in the kv-store, when logging in with one user."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)

    user = testutils.create_test_user()
    query = _datastore.db.session.query(SessionActivity)
    assert query.count() == len(testutils.get_kvsession_keys())

    with app.test_client() as client:
        # After logging in, there should be one session in the kv-store and
        # one SessionActivity
        testutils.login_user_via_view(client, user=user)
        assert testutils.client_authenticated(client)
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == 1
        assert query.count() == len(testutils.get_kvsession_keys())

        # Sessions are not deleted upon logout
        client.get(flask_security.url_for_security('logout'))
        assert len(testutils.get_kvsession_keys()) == 1
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == len(testutils.get_kvsession_keys())

        # After logging out and back in, the number of sessions correspond to
        # the number of SessionActivity entries.
        testutils.login_user_via_view(client, user=user)
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == len(testutils.get_kvsession_keys())
Ejemplo n.º 2
0
def test_session_ttl(app):
    """Test actual/working session expiration/TTL settings."""
    ttl_seconds = 1
    # Set ttl to "0 days, 1 seconds"
    ttl_delta = datetime.timedelta(0, ttl_seconds)

    ext = InvenioAccounts(app)
    app.register_blueprint(blueprint)

    assert ext.sessionstore.ttl_support

    # _THIS_ is what flask_kvsession uses to determine default ttl
    # sets default ttl to `ttl_seconds` seconds
    app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta
    assert app.permanent_session_lifetime.total_seconds() == ttl_seconds

    user = testutils.create_test_user()
    with app.test_client() as client:
        testutils.login_user_via_view(client, user=user)
        assert len(testutils.get_kvsession_keys()) == 1

        sid = testutils.unserialize_session(flask.session.sid_s)
        testutils.let_session_expire()

        assert sid.has_expired(ttl_delta)
        assert not testutils.client_authenticated(client)

        # Expired sessions are automagically removed from the sessionstore
        # Although not _instantly_.
        while len(testutils.get_kvsession_keys()) > 0:
            pass
        assert len(testutils.get_kvsession_keys()) == 0
Ejemplo n.º 3
0
def test_session_deletion(app):
    """Test that a user/client is no longer authenticated when its session is
    deleted via `delete_session`."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)
    user = testutils.create_test_user()

    with app.test_client() as client:
        testutils.login_user_via_view(client, user=user)
        assert testutils.client_authenticated(client)
        assert len(user.active_sessions) == 1
        saved_sid_s = flask.session.sid_s

        delete_session(saved_sid_s)
        # The user now has no active sessions
        assert len(testutils.get_kvsession_keys()) == 0
        assert len(user.active_sessions) == 0
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == 0

        # After deleting the session, the client is not authenticated
        assert not testutils.client_authenticated(client)

        # A new session is created in the kv-sessionstore, but its
        # sid_s is different and the user is not authenticated with it.
        assert len(testutils.get_kvsession_keys()) == 1
        assert not flask.session.sid_s == saved_sid_s
        assert not testutils.client_authenticated(client)
Ejemplo n.º 4
0
def test_repeated_login_session_population(app):
    """Verify that the number of SessionActivity entries match the number of
    sessions in the kv-store, when logging in with one user."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)

    user = testutils.create_test_user()
    query = _datastore.db.session.query(SessionActivity)
    assert query.count() == len(testutils.get_kvsession_keys())

    with app.test_client() as client:
        # After logging in, there should be one session in the kv-store and
        # one SessionActivity
        testutils.login_user_via_view(client, user=user)
        assert testutils.client_authenticated(client)
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == 1
        assert query.count() == len(testutils.get_kvsession_keys())

        # Sessions are not deleted upon logout
        client.get(flask_security.url_for_security('logout'))
        assert len(testutils.get_kvsession_keys()) == 1
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == len(testutils.get_kvsession_keys())

        # After logging out and back in, the number of sessions correspond to
        # the number of SessionActivity entries.
        testutils.login_user_via_view(client, user=user)
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == len(testutils.get_kvsession_keys())
Ejemplo n.º 5
0
def test_session_deletion(app):
    """Test that a user/client is no longer authenticated when its session is
    deleted via `delete_session`."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)
    user = testutils.create_test_user()

    with app.test_client() as client:
        testutils.login_user_via_view(client, user=user)
        assert testutils.client_authenticated(client)
        assert len(user.active_sessions) == 1
        saved_sid_s = flask.session.sid_s

        delete_session(saved_sid_s)
        # The user now has no active sessions
        assert len(testutils.get_kvsession_keys()) == 0
        assert len(user.active_sessions) == 0
        query = _datastore.db.session.query(SessionActivity)
        assert query.count() == 0

        # After deleting the session, the client is not authenticated
        assert not testutils.client_authenticated(client)

        # A new session is created in the kv-sessionstore, but its
        # sid_s is different and the user is not authenticated with it.
        assert len(testutils.get_kvsession_keys()) == 1
        assert not flask.session.sid_s == saved_sid_s
        assert not testutils.client_authenticated(client)
Ejemplo n.º 6
0
def test_session_ttl(app):
    """Test actual/working session expiration/TTL settings."""
    ttl_seconds = 1
    # Set ttl to "0 days, 1 seconds"
    ttl_delta = datetime.timedelta(0, ttl_seconds)

    ext = InvenioAccounts(app)
    app.register_blueprint(blueprint)

    assert ext.sessionstore.ttl_support

    # _THIS_ is what flask_kvsession uses to determine default ttl
    # sets default ttl to `ttl_seconds` seconds
    app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta
    assert app.permanent_session_lifetime.total_seconds() == ttl_seconds

    user = testutils.create_test_user()
    with app.test_client() as client:
        testutils.login_user_via_view(client, user=user)
        assert len(testutils.get_kvsession_keys()) == 1

        sid = testutils.unserialize_session(flask.session.sid_s)
        testutils.let_session_expire()

        assert sid.has_expired(ttl_delta)
        assert not testutils.client_authenticated(client)

        # Expired sessions are automagically removed from the sessionstore
        # Although not _instantly_.
        while len(testutils.get_kvsession_keys()) > 0:
            pass
        assert len(testutils.get_kvsession_keys()) == 0
Ejemplo n.º 7
0
def test_login_multiple_clients_single_user_session_population(app):
    """Test session population/creation when logging in as the same user from
    multiple clients."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)

    user = testutils.create_test_user()
    client_count = 3
    clients = [app.test_client() for _ in range(client_count)]
    sid_s_list = []
    for c in clients:
        with c as client:
            testutils.login_user_via_view(client, user=user)
            assert testutils.client_authenticated(client)
            sid_s_list.append(flask.session.sid_s)
            response = client.get(flask_security.url_for_security('logout'))
            assert not testutils.client_authenticated(client)
    # There is now `client_count` existing sessions and SessionActivity
    # entries
    assert len(testutils.get_kvsession_keys()) == client_count
    query = _datastore.db.session.query(SessionActivity)
    assert query.count() == client_count
    assert len(user.active_sessions) == client_count
Ejemplo n.º 8
0
def test_login_multiple_clients_single_user_session_population(app):
    """Test session population/creation when logging in as the same user from
    multiple clients."""
    InvenioAccounts(app)
    app.register_blueprint(blueprint)

    user = testutils.create_test_user()
    client_count = 3
    clients = [app.test_client() for _ in range(client_count)]
    sid_s_list = []
    for c in clients:
        with c as client:
            testutils.login_user_via_view(client, user=user)
            assert testutils.client_authenticated(client)
            sid_s_list.append(flask.session.sid_s)
            response = client.get(flask_security.url_for_security('logout'))
            assert not testutils.client_authenticated(client)
    # There is now `client_count` existing sessions and SessionActivity
    # entries
    assert len(testutils.get_kvsession_keys()) == client_count
    query = _datastore.db.session.query(SessionActivity)
    assert query.count() == client_count
    assert len(user.active_sessions) == client_count