class BaseSessionManagerTest(unittest.TestCase):
def setUp(self):
application = Flask(__name__)
application.config['TESTING'] = True
application.secret_key = 'you will not guess'
application.permanent_session_lifetime = timedelta(seconds=1)
self.application = application
# Use an in memory database
settings.EQ_SERVER_SIDE_STORAGE_DATABASE_URL = "sqlite://"
self.session_manager = SessionStorage()
def test_has_token_empty(self):
with self.application.test_request_context():
self.assertFalse(self.session_manager.has_user_id())
def test_has_token(self):
with self.application.test_request_context():
self.session_manager.store_user_id("test")
self.assertTrue(self.session_manager.has_user_id())
def test_remove_token(self):
with self.application.test_request_context():
self.session_manager.store_user_id("test")
self.assertTrue(self.session_manager.has_user_id())
self.session_manager.clear()
self.assertFalse(self.session_manager.has_user_id())
def setUp(self):
application = Flask(__name__)
application.config['TESTING'] = True
application.secret_key = 'you will not guess'
application.permanent_session_lifetime = timedelta(seconds=1)
self.application = application
# Use an in memory database
settings.EQ_SERVER_SIDE_STORAGE_DATABASE_URL = "sqlite://"
self.session_manager = SessionStorage()
def setUp(self):
application = Flask(__name__)
application.config['TESTING'] = True
application.secret_key = 'you will not guess'
application.permanent_session_lifetime = timedelta(seconds=1)
self.application = application
# Use an in memory database
self.database = Database("sqlite://", 1, 0)
self.session_manager = SessionStorage(self.database)
def test_store_user_id_rollback():
# Given
session_storage = SessionStorage()
user_id = "1"
with patch('app.authentication.session_storage.session'), \
patch('app.authentication.session_storage.db_session', autospec=True) as db_session:
db_session.commit.side_effect = IntegrityError(
Mock(), Mock(), Mock())
# When
try:
session_storage.store_user_id(user_id)
except IntegrityError:
pass
# Then
db_session.rollback.assert_called_once_with()
def test_clear_rollback():
# Given
session_storage = SessionStorage()
with patch('app.authentication.session_storage.session') as flask_session, \
patch('app.authentication.session_storage.db_session', autospec=True) as db_session:
# Mocking flask session dict lookup
flask_session.__contains__ = Mock(return_value=True)
flask_session.__getitem__ = Mock(side_effect={EQ_SESSION_ID, '1'})
db_session.commit.side_effect = IntegrityError(
Mock(), Mock(), Mock())
# When
try:
session_storage.clear()
except IntegrityError:
pass
# Then
db_session.rollback.assert_called_once_with()
def create_app(): # noqa: C901 pylint: disable=too-complex
application = Flask(__name__,
static_url_path='/s',
static_folder='../static')
application.config.from_object(settings)
if application.config['EQ_APPLICATION_VERSION']:
logger.info('starting eq survey runner',
version=application.config['EQ_APPLICATION_VERSION'])
if application.config['EQ_NEW_RELIC_ENABLED']:
setup_newrelic()
application.eq = {}
if application.config['EQ_RABBITMQ_ENABLED']:
application.eq['submitter'] = RabbitMQSubmitter(
application.config['EQ_RABBITMQ_URL'],
application.config['EQ_RABBITMQ_URL_SECONDARY'],
)
else:
application.eq['submitter'] = LogSubmitter()
application.eq['encrypter'] = Encrypter(
application.config['EQ_SUBMISSION_SR_PRIVATE_SIGNING_KEY'],
application.config['EQ_SUBMISSION_SR_PRIVATE_SIGNING_KEY_PASSWORD'],
application.config['EQ_SUBMISSION_SDX_PUBLIC_KEY'],
)
application.eq['database'] = Database(
application.config['EQ_SERVER_SIDE_STORAGE_DATABASE_URL'],
application.
config['EQ_SERVER_SIDE_STORAGE_DATABASE_SETUP_RETRY_COUNT'],
application.
config['EQ_SERVER_SIDE_STORAGE_DATABASE_SETUP_RETRY_DELAY_SECONDS'],
)
application.eq['session_storage'] = SessionStorage(
application.eq['database'], )
setup_secure_cookies(application)
setup_babel(application)
application.wsgi_app = AWSReverseProxied(application.wsgi_app)
add_blueprints(application)
configure_flask_logging(application)
login_manager.init_app(application)
add_safe_health_check(application)
if application.config['EQ_DEV_MODE']:
start_dev_mode(application)
if application.config['EQ_ENABLE_CACHE']:
cache.init_app(application, config={'CACHE_TYPE': 'simple'})
else:
cache.init_app(application) # Doesnt cache
# Add theme manager
application.config['THEME_PATHS'] = os.path.dirname(
os.path.abspath(__file__))
Themes(application, app_identifier="surveyrunner")
@application.before_request
def before_request(): # pylint: disable=unused-variable
request_id = str(uuid4())
logger.new(request_id=request_id)
@application.after_request
def apply_caching(response): # pylint: disable=unused-variable
for k, v in SECURE_HEADERS.items():
response.headers[k] = v
return response
@application.context_processor
def override_url_for(): # pylint: disable=unused-variable
return dict(url_for=versioned_url_for)
@application.teardown_appcontext
def shutdown_session(exception=None): # pylint: disable=unused-variable,unused-argument
application.eq['database'].remove()
return application
def setUp(self):
super().setUp()
self.database = Mock(Database("sqlite://", 1, 0))
self.session_storage = SessionStorage(self.database)
class TestSessionManager(AppContextTestCase):
def setUp(self):
super().setUp()
self.database = Mock(Database("sqlite://", 1, 0))
self.session_storage = SessionStorage(self.database)
# Note each test will need to create a test_request_context
# in order to access the Flask session object
def test_store_new_user_id_then_replace(self):
with self.test_request_context('/status'):
# Store a user id for the first time
self.session_storage.store_user_id('1')
# When we store the user_id we generate a GUID and use that
# as the session_id mapped to the user_id in the database
self.assertTrue(EQ_SESSION_ID in flask.session)
self.assertIsNotNone(flask.session[EQ_SESSION_ID])
self.assertEqual(self.database.add.call_count, 1)
# Store the GUID so we can check it changes
eq_session_id = flask.session[EQ_SESSION_ID]
# Try replacing the session with a new one
self.session_storage.store_user_id('2')
# Session GUID should have changed
self.assertEqual(self.database.add.call_count, 2)
self.assertNotEqual(eq_session_id, flask.session[EQ_SESSION_ID])
def test_should_not_clear_with_no_session_data(self):
with self.test_request_context('/status'):
# Calling clear with no session should be safe to do
self.session_storage.delete_session_from_db()
# No database calls should have been made
self.assertFalse(self.database.delete.called)
def test_should_not_clear_with_no_session_in_database(self):
with self.test_request_context('/status'):
user_id = 'test_clear_user_id'
# Store a user_id
self.session_storage.store_user_id(user_id)
# Mocking database session lookup, return None from database
self.session_storage._get_user_session = lambda eq_session_id: None
# Call clear with a valid user_id but no session in database
self.session_storage.delete_session_from_db()
# No database calls should have been made
self.assertFalse(self.database.delete.called)
def test_should_clear_with_session_and_data(self):
with self.test_request_context('/status'):
user_id = 'test_clear_user_id'
# Store a user id
self.session_storage.store_user_id(user_id)
# Mocking database session lookup, to return a valid result
eq_session = EQSession(flask.session[EQ_SESSION_ID], user_id)
self.session_storage._get_user_session = lambda eq_session_id: eq_session
# Call clear with a valid user_id and valid session in database
self.session_storage.delete_session_from_db()
# Should have attempted to remove it from the database
self.assertEqual(self.database.delete.call_count, 1)
self.database.delete.assert_called_once_with(eq_session)
class BaseSessionManagerTest(unittest.TestCase):
def setUp(self):
application = Flask(__name__)
application.config['TESTING'] = True
application.secret_key = 'you will not guess'
application.permanent_session_lifetime = timedelta(seconds=1)
self.application = application
# Use an in memory database
self.database = Database("sqlite://", 1, 0)
self.session_manager = SessionStorage(self.database)
def test_has_token_empty(self):
with self.application.test_request_context():
self.assertIsNone(self.session_manager.get_user_id())
def test_has_token(self):
with self.application.test_request_context():
self.session_manager.store_user_id("test")
self.assertIsNotNone(self.session_manager.get_user_id())
def test_remove_token(self):
with self.application.test_request_context():
self.session_manager.store_user_id("test")
self.assertIsNotNone(self.session_manager.get_user_id())
self.session_manager.delete_session_from_db()
self.assertIsNone(self.session_manager.get_user_id())
def test_remove_user_ik(self):
with self.application.test_request_context():
self.session_manager.remove_user_ik()
self.assertIsNone(self.session_manager.get_user_ik())