def _get_session(self, req):
try:
return Session(self.env, req)
except TracError as e:
msg = "can't retrieve session: %s"
if isinstance(e, TracValueError):
self.log.warning(msg, e)
else:
self.log.error(msg, exception_to_unicode(e))
return FakeSession()
def test_new_session(self):
"""
Verify that a session cookie gets sent back to the client for a new
session.
"""
req = MockRequest(self.env, authname='anonymous')
session = Session(self.env, req)
self.assertEqual(session.sid, req.outcookie['trac_session'].value)
self.assertEqual(
0,
self.env.db_query("SELECT COUNT(*) FROM session")[0][0])
def test_anonymous_session(self):
"""
Verify that session variables are stored in the database.
"""
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='anonymous', base_path='/', incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEquals('123456', session.sid)
self.failIf(outcookie.has_key('trac_session'))
def test_new_session(self):
"""
Verify that a session cookie gets sent back to the client for a new
session.
"""
cookie = Cookie()
req = Mock(incookie=Cookie(), outcookie=cookie, authname='anonymous',
base_path='/')
session = Session(self.env, req)
self.assertEqual(session.sid, cookie['trac_session'].value)
self.assertEqual(0, self.env.db_query(
"SELECT COUNT(*) FROM session")[0][0])
def _test_authenticated_session(self, username):
"""
Verifies that a session cookie does not get used if the user is logged
in, and that Trac expires the cookie.
"""
req = MockRequest(self.env, authname=username)
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual(username, session.sid)
session['foo'] = 'bar'
session.save()
self.assertEqual(0, req.outcookie['trac_session']['expires'])
def test_newsession(self):
"""
Verify that a session cookie gets sent back to the client for a new
session.
"""
cookie = Cookie()
req = Mock(incookie=Cookie(), outcookie=cookie, authname='anonymous',
cgi_location='/')
session = Session(self.env, req, newsession=True)
self.assertEqual(session.sid, cookie['trac_session'].value)
cursor = self.db.cursor()
cursor.execute("SELECT COUNT(*) FROM session")
self.assertEqual(0, cursor.fetchone()[0])
def test_add_authenticated_session_var(self):
"""
Verify that new variables are inserted into the 'session' table in the
database for an authenticted session.
"""
req = Mock(authname='john', cgi_location='/', incookie=Cookie())
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
cursor = self.db.cursor()
cursor.execute("SELECT var_value FROM session WHERE sid='john' AND "
"authenticated=1 AND var_name='foo'")
self.assertEqual('bar', cursor.fetchone()[0])
def test_add_authenticated_session_var(self):
"""
Verify that new variables are inserted into the 'session' table in the
database for an authenticated session.
"""
req = Mock(authname='john', base_path='/', incookie=Cookie())
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
self.assertEqual('bar', self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_add_anonymous_session_var(self):
"""
Verify that new variables are inserted into the 'session' table in the
database for an anonymous session.
"""
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
self.assertEqual('bar', self.env.db_query(
"SELECT value FROM session_attribute WHERE sid='123456'")[0][0])
def _create_session(self, user, authenticated=1, name='', email=''):
args = dict(username=user, name=name, email=email)
incookie = Cookie()
incookie['trac_session'] = '123456'
self.req = Mock(authname=bool(authenticated) and user or 'anonymous',
args=args,
base_path='/',
chrome=dict(warnings=list()),
href=Mock(prefs=lambda x: None),
incookie=incookie,
outcookie=Cookie(),
redirect=lambda x: None)
self.req.session = Session(self.env, self.req)
self.req.session.save()
def test_session_change_id_with_invalid_sid(self):
req = MockRequest(self.env, authname='anonymous', base_path='/')
session = Session(self.env, req)
session.change_sid('0123456789')
self.assertEqual('0123456789', session.sid)
session.change_sid('abcxyz')
self.assertEqual('abcxyz', session.sid)
session.change_sid('abc123xyz')
self.assertEqual('abc123xyz', session.sid)
self.assertRaises(TracError, session.change_sid, 'abc 123 xyz')
self.assertRaises(TracError, session.change_sid, 'abc-123-xyz')
self.assertRaises(TracError, session.change_sid, 'abc<i>123</i>xyz')
self.assertRaises(TracError, session.change_sid, u'abc123xÿz')
self.assertRaises(TracError, session.change_sid,
u'abc¹₂³xyz') # Unicode digits
def test_authenticated_session(self):
"""
Verifies that a session cookie does not get used if the user is logged
in, and that Trac expires the cookie.
"""
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='john', base_path='/', incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual('john', session.sid)
session['foo'] = 'bar'
session.save()
self.assertEquals(0, outcookie['trac_session']['expires'])
def test_as_bool(self):
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 1, 0)")
db.executemany("""
INSERT INTO session_attribute VALUES (%s,%s,%s,%s)
""", (('123456', 1, 'foo', 'bar'), ('123456', 1, 'baz', 1)))
req = MockRequest(self.env, authname='123456')
session = Session(self.env, req)
self.assertEqual('bar', session.get('foo'))
self.assertIsNone(session.as_bool('foo', None))
self.assertTrue(session.as_int('baz'))
self.assertTrue(session.as_int('baz', False))
self.assertIsNone(session.as_bool('bat'))
def _test_session_promotion(self, username):
"""
Verifies that an existing anonymous session gets promoted to an
authenticated session when the user logs in.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
req = MockRequest(self.env, authname=username)
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual(username, session.sid)
session.save()
self.assertEqual([(username, 1)],
self.env.db_query("""SELECT sid, authenticated FROM session
WHERE sid=%s""", (username,)))
def test_delete_authenticated_session_var(self):
"""
Verify that modifying a variable updates the 'session' table accordingly
for an authenticated session.
"""
cursor = self.db.cursor()
cursor.execute("INSERT INTO session VALUES ('john', 1, 'foo', 'bar')")
req = Mock(authname='john', cgi_location='/', incookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
cursor.execute("SELECT COUNT(*) FROM session WHERE sid='john' AND "
"authenticated=1 AND var_name='foo'")
self.assertEqual(0, cursor.fetchone()[0])
def test_as_float(self):
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 1, 0)")
db.executemany("""
INSERT INTO session_attribute VALUES (%s,%s,%s,%s)
""", (('123456', 1, 'foo', 'bar'), ('123456', 1, 'baz', 3.3)))
req = MockRequest(self.env, authname='123456')
session = Session(self.env, req)
self.assertEqual('bar', session.get('foo'))
self.assertEqual(2, session.as_float('foo', 2))
self.assertEqual(3.3, session.as_float('baz', 1))
self.assertEqual(2.2, session.as_float('baz', 1, max=2.2))
self.assertEqual(4.4, session.as_float('baz', 1, min=4.4))
self.assertIsNone(session.as_float('bat'))
def _test_new_session_promotion(self, username):
"""
Verifies that even without a preexisting anonymous session,
an authenticated session will be created when the user logs in.
(same test as above without the initial INSERT)
"""
with self.env.db_transaction:
req = MockRequest(self.env, authname=username)
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual(username, session.sid)
session.save()
self.assertEqual([(username, 1)],
self.env.db_query("""SELECT sid, authenticated FROM session
WHERE sid=%s""", (username,)))
def dispatch(self, req):
"""Find a registered handler that matches the request and let it process
it.
In addition, this method initializes the HDF data set and adds the web
site chrome.
"""
req.authname = self.authenticate(req)
req.perm = PermissionCache(self.env, req.authname)
chrome = Chrome(self.env)
req.hdf = HDFWrapper(loadpaths=chrome.get_all_templates_dirs())
populate_hdf(req.hdf, self.env, req)
newsession = req.args.has_key('newsession')
req.session = Session(self.env, req, newsession)
# Select the component that should handle the request
chosen_handler = None
default_handler = None
if not req.path_info or req.path_info == '/':
default_handler = self.config.get('trac', 'default_handler')
for handler in self.handlers:
if handler.match_request(req) or \
handler.__class__.__name__ == default_handler:
chosen_handler = handler
break
chrome.populate_hdf(req, chosen_handler)
if not chosen_handler:
# FIXME: Should return '404 Not Found' to the client
raise TracError, 'No handler matched request to %s' % req.path_info
try:
resp = chosen_handler.process_request(req)
if resp:
template, content_type = resp
if not content_type:
content_type = 'text/html'
req.display(template, content_type or 'text/html')
finally:
# Give the session a chance to persist changes
req.session.save()
def test_add_anonymous_session_var(self):
"""
Verify that new variables are inserted into the 'session' table in the
database for an anonymous session.
"""
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous',
base_path='/',
incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
cursor = self.db.cursor()
cursor.execute(
"SELECT value FROM session_attribute WHERE sid='123456'")
self.assertEqual('bar', cursor.fetchone()[0])
def test_modify_authenticated_session_var(self):
"""
Verify that modifying an existing variable updates the 'session' table
accordingly for an authenticated session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john',1,'foo','bar')")
req = Mock(authname='john', base_path='/', incookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual('baz', self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_new_session_promotion(self):
"""
Verifies that even without a preexisting anonymous session,
an authenticated session will be created when the user logs in.
(same test as above without the initial INSERT)
"""
with self.env.db_transaction as db:
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='john', base_path='/', incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual('john', session.sid)
session.save()
self.assertEqual([('john', 1)], self.env.db_query(
"SELECT sid, authenticated FROM session"))
def test_session_promotion(self):
"""
Verifies that an existing anonymous session gets promoted to an
authenticated session when the user logs in.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='john', base_path='/', incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual('john', session.sid)
session.save()
self.assertEqual([('john', 1)], self.env.db_query(
"SELECT sid, authenticated FROM session"))
def test_modify_authenticated_session_var(self):
"""
Verify that modifying an existing variable updates the 'session' table
accordingly for an authenticated session.
"""
cursor = self.db.cursor()
cursor.execute("INSERT INTO session VALUES ('john', 1, 0)")
cursor.execute("INSERT INTO session_attribute VALUES "
"('john', 1, 'foo', 'bar')")
req = Mock(authname='john', base_path='/', incookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
cursor.execute("SELECT value FROM session_attribute "
"WHERE sid='john' AND name='foo'")
self.assertEqual('baz', cursor.fetchone()[0])
def test_delete_authenticated_session_var(self):
"""
Verify that deleting a variable updates the 'session' table accordingly
for an authenticated session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')")
req = MockRequest(self.env, authname='john')
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
self.assertEqual(0, self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
def test_approval_user_strip_perm(self):
# Some elevated permission action.
action = 'USER_VIEW'
self.assertFalse(action in PermissionCache(self.env))
self.perm.grant_permission('user', action)
req = self.req
req.perm = PermissionCache(self.env, 'user')
req.session = Session(self.env, req)
req.session.save()
self.mgr.pre_process_request(req, None)
self.assertTrue(action in req.perm)
# Mock an authenticated request with account approval pending.
req.session['approval'] = 'pending'
req.session.save()
# Remove elevated permission, if account approval is pending.
self.mgr.pre_process_request(req, None)
self.assertFalse(action in req.perm)
def test_modify_anonymous_session_var(self):
"""
Verify that modifying an existing variable updates the 'session' table
accordingly for an anonymous session.
"""
cursor = self.db.cursor()
cursor.execute("INSERT INTO session VALUES ('123456', 0, 'foo', 'bar')")
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous', cgi_location='/', incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
cursor.execute("SELECT var_value FROM session WHERE sid='123456' AND "
"authenticated=0 AND var_name='foo'")
self.assertEqual('baz', cursor.fetchone()[0])
def test_session_get_session_with_invalid_sid(self):
cookie = Cookie()
req = Mock(incookie=Cookie(),
outcookie=cookie,
authname='anonymous',
base_path='/')
session = Session(self.env, req)
session.get_session('0123456789')
self.assertEqual('0123456789', session.sid)
session.get_session('abcxyz')
self.assertEqual('abcxyz', session.sid)
session.get_session('abc123xyz')
self.assertEqual('abc123xyz', session.sid)
self.assertRaises(TracError, session.get_session, 'abc 123 xyz')
self.assertRaises(TracError, session.get_session, 'abc-123-xyz')
self.assertRaises(TracError, session.get_session, 'abc<i>123</i>xyz')
self.assertRaises(TracError, session.get_session, u'abc123xÿz')
self.assertRaises(TracError, session.get_session,
u'abc¹₂³xyz') # Unicode digits
def test_modify_anonymous_session_var(self):
"""
Verify that modifying an existing variable updates the 'session' table
accordingly for an anonymous session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
db("""
INSERT INTO session_attribute VALUES
('123456', 0, 'foo', 'bar')
""")
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual('baz', self.env.db_query(
"SELECT value FROM session_attribute WHERE sid='123456'")[0][0])
def test_approval_admin_keep_perm(self):
self.perm.grant_permission('admin', 'ACCTMGR_ADMIN')
# Some elevated permission action.
action = 'USER_VIEW'
self.assertFalse(action in PermissionCache(self.env))
req = self.req
req.perm = PermissionCache(self.env, 'admin')
req.session = Session(self.env, req)
req.session.save()
self.mgr.pre_process_request(req, None)
self.assertTrue(action in req.perm)
# Mock an authenticated request with account approval pending.
req.session['approval'] = 'pending'
req.session.save()
# Don't touch admin user requests.
self.mgr.pre_process_request(req, None)
self.assertTrue(action in req.perm)
def test_new_session_promotion(self):
"""
Verifies that even without a preexisting anonymous session,
an authenticated session will be created when the user logs in.
(same test as above without the initial INSERT)
"""
cursor = self.db.cursor()
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='john',
base_path='/',
incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual('john', session.sid)
session.save()
cursor.execute("SELECT sid,authenticated FROM session")
self.assertEqual(('john', 1), cursor.fetchone())
self.assertEqual(None, cursor.fetchone())