class BaseSessionManagerTest(unittest.TestCase): def setUp(self): application = Flask(__name__) application.config['TESTING'] = True application.secret_key = 'you will not guess' application.permanent_session_lifetime = timedelta(seconds=1) self.application = application # Use an in memory database settings.EQ_SERVER_SIDE_STORAGE_DATABASE_URL = "sqlite://" self.session_manager = SessionStorage() def test_has_token_empty(self): with self.application.test_request_context(): self.assertFalse(self.session_manager.has_user_id()) def test_has_token(self): with self.application.test_request_context(): self.session_manager.store_user_id("test") self.assertTrue(self.session_manager.has_user_id()) def test_remove_token(self): with self.application.test_request_context(): self.session_manager.store_user_id("test") self.assertTrue(self.session_manager.has_user_id()) self.session_manager.clear() self.assertFalse(self.session_manager.has_user_id())
def setUp(self): application = Flask(__name__) application.config['TESTING'] = True application.secret_key = 'you will not guess' application.permanent_session_lifetime = timedelta(seconds=1) self.application = application # Use an in memory database settings.EQ_SERVER_SIDE_STORAGE_DATABASE_URL = "sqlite://" self.session_manager = SessionStorage()
def setUp(self): application = Flask(__name__) application.config['TESTING'] = True application.secret_key = 'you will not guess' application.permanent_session_lifetime = timedelta(seconds=1) self.application = application # Use an in memory database self.database = Database("sqlite://", 1, 0) self.session_manager = SessionStorage(self.database)
def test_store_user_id_rollback(): # Given session_storage = SessionStorage() user_id = "1" with patch('app.authentication.session_storage.session'), \ patch('app.authentication.session_storage.db_session', autospec=True) as db_session: db_session.commit.side_effect = IntegrityError( Mock(), Mock(), Mock()) # When try: session_storage.store_user_id(user_id) except IntegrityError: pass # Then db_session.rollback.assert_called_once_with()
def test_clear_rollback(): # Given session_storage = SessionStorage() with patch('app.authentication.session_storage.session') as flask_session, \ patch('app.authentication.session_storage.db_session', autospec=True) as db_session: # Mocking flask session dict lookup flask_session.__contains__ = Mock(return_value=True) flask_session.__getitem__ = Mock(side_effect={EQ_SESSION_ID, '1'}) db_session.commit.side_effect = IntegrityError( Mock(), Mock(), Mock()) # When try: session_storage.clear() except IntegrityError: pass # Then db_session.rollback.assert_called_once_with()
def create_app(): # noqa: C901 pylint: disable=too-complex application = Flask(__name__, static_url_path='/s', static_folder='../static') application.config.from_object(settings) if application.config['EQ_APPLICATION_VERSION']: logger.info('starting eq survey runner', version=application.config['EQ_APPLICATION_VERSION']) if application.config['EQ_NEW_RELIC_ENABLED']: setup_newrelic() application.eq = {} if application.config['EQ_RABBITMQ_ENABLED']: application.eq['submitter'] = RabbitMQSubmitter( application.config['EQ_RABBITMQ_URL'], application.config['EQ_RABBITMQ_URL_SECONDARY'], ) else: application.eq['submitter'] = LogSubmitter() application.eq['encrypter'] = Encrypter( application.config['EQ_SUBMISSION_SR_PRIVATE_SIGNING_KEY'], application.config['EQ_SUBMISSION_SR_PRIVATE_SIGNING_KEY_PASSWORD'], application.config['EQ_SUBMISSION_SDX_PUBLIC_KEY'], ) application.eq['database'] = Database( application.config['EQ_SERVER_SIDE_STORAGE_DATABASE_URL'], application. config['EQ_SERVER_SIDE_STORAGE_DATABASE_SETUP_RETRY_COUNT'], application. config['EQ_SERVER_SIDE_STORAGE_DATABASE_SETUP_RETRY_DELAY_SECONDS'], ) application.eq['session_storage'] = SessionStorage( application.eq['database'], ) setup_secure_cookies(application) setup_babel(application) application.wsgi_app = AWSReverseProxied(application.wsgi_app) add_blueprints(application) configure_flask_logging(application) login_manager.init_app(application) add_safe_health_check(application) if application.config['EQ_DEV_MODE']: start_dev_mode(application) if application.config['EQ_ENABLE_CACHE']: cache.init_app(application, config={'CACHE_TYPE': 'simple'}) else: cache.init_app(application) # Doesnt cache # Add theme manager application.config['THEME_PATHS'] = os.path.dirname( os.path.abspath(__file__)) Themes(application, app_identifier="surveyrunner") @application.before_request def before_request(): # pylint: disable=unused-variable request_id = str(uuid4()) logger.new(request_id=request_id) @application.after_request def apply_caching(response): # pylint: disable=unused-variable for k, v in SECURE_HEADERS.items(): response.headers[k] = v return response @application.context_processor def override_url_for(): # pylint: disable=unused-variable return dict(url_for=versioned_url_for) @application.teardown_appcontext def shutdown_session(exception=None): # pylint: disable=unused-variable,unused-argument application.eq['database'].remove() return application
def setUp(self): super().setUp() self.database = Mock(Database("sqlite://", 1, 0)) self.session_storage = SessionStorage(self.database)
class TestSessionManager(AppContextTestCase): def setUp(self): super().setUp() self.database = Mock(Database("sqlite://", 1, 0)) self.session_storage = SessionStorage(self.database) # Note each test will need to create a test_request_context # in order to access the Flask session object def test_store_new_user_id_then_replace(self): with self.test_request_context('/status'): # Store a user id for the first time self.session_storage.store_user_id('1') # When we store the user_id we generate a GUID and use that # as the session_id mapped to the user_id in the database self.assertTrue(EQ_SESSION_ID in flask.session) self.assertIsNotNone(flask.session[EQ_SESSION_ID]) self.assertEqual(self.database.add.call_count, 1) # Store the GUID so we can check it changes eq_session_id = flask.session[EQ_SESSION_ID] # Try replacing the session with a new one self.session_storage.store_user_id('2') # Session GUID should have changed self.assertEqual(self.database.add.call_count, 2) self.assertNotEqual(eq_session_id, flask.session[EQ_SESSION_ID]) def test_should_not_clear_with_no_session_data(self): with self.test_request_context('/status'): # Calling clear with no session should be safe to do self.session_storage.delete_session_from_db() # No database calls should have been made self.assertFalse(self.database.delete.called) def test_should_not_clear_with_no_session_in_database(self): with self.test_request_context('/status'): user_id = 'test_clear_user_id' # Store a user_id self.session_storage.store_user_id(user_id) # Mocking database session lookup, return None from database self.session_storage._get_user_session = lambda eq_session_id: None # Call clear with a valid user_id but no session in database self.session_storage.delete_session_from_db() # No database calls should have been made self.assertFalse(self.database.delete.called) def test_should_clear_with_session_and_data(self): with self.test_request_context('/status'): user_id = 'test_clear_user_id' # Store a user id self.session_storage.store_user_id(user_id) # Mocking database session lookup, to return a valid result eq_session = EQSession(flask.session[EQ_SESSION_ID], user_id) self.session_storage._get_user_session = lambda eq_session_id: eq_session # Call clear with a valid user_id and valid session in database self.session_storage.delete_session_from_db() # Should have attempted to remove it from the database self.assertEqual(self.database.delete.call_count, 1) self.database.delete.assert_called_once_with(eq_session)
class BaseSessionManagerTest(unittest.TestCase): def setUp(self): application = Flask(__name__) application.config['TESTING'] = True application.secret_key = 'you will not guess' application.permanent_session_lifetime = timedelta(seconds=1) self.application = application # Use an in memory database self.database = Database("sqlite://", 1, 0) self.session_manager = SessionStorage(self.database) def test_has_token_empty(self): with self.application.test_request_context(): self.assertIsNone(self.session_manager.get_user_id()) def test_has_token(self): with self.application.test_request_context(): self.session_manager.store_user_id("test") self.assertIsNotNone(self.session_manager.get_user_id()) def test_remove_token(self): with self.application.test_request_context(): self.session_manager.store_user_id("test") self.assertIsNotNone(self.session_manager.get_user_id()) self.session_manager.delete_session_from_db() self.assertIsNone(self.session_manager.get_user_id()) def test_remove_user_ik(self): with self.application.test_request_context(): self.session_manager.remove_user_ik() self.assertIsNone(self.session_manager.get_user_ik())