def test_on_succeeded_login(user_id: UserId, zero_uuid: None) -> None: now = datetime.now() assert active_config.single_user_session is None # Never logged in before assert not userdb._load_session_infos(user_id) assert userdb._load_failed_logins(user_id) == 0 session_id = userdb.on_succeeded_login(user_id, now) assert session_id != "" # Verify the session was initialized session_infos = userdb._load_session_infos(user_id) assert session_infos == { session_id: userdb.SessionInfo( session_id=session_id, started_at=int(now.timestamp()), last_activity=int(now.timestamp()), flashes=[], csrf_token="00000000-0000-0000-0000-000000000000", ) } # Ensure the failed login count is 0 assert userdb._load_failed_logins(user_id) == 0
def test_access_denied_with_invalidated_session(user_id: UserId) -> None: session_id = userdb.on_succeeded_login(user_id) assert session_id in userdb._load_session_infos(user_id) userdb.on_access(user_id, session_id) userdb.on_logout(user_id, session_id) assert not userdb._load_session_infos(user_id) with pytest.raises(MKAuthException, match="Invalid user session"): userdb.on_access(user_id, session_id)
def test_refresh_session_success(user_id, session_valid): session_infos = userdb._load_session_infos(user_id) assert session_infos old_session = session_infos[session_valid] with on_time("2019-09-05 00:00:30", "UTC"): userdb._refresh_session(user_id, session_valid) new_session_infos = userdb._load_session_infos(user_id) new_session = new_session_infos[session_valid] assert old_session.session_id == new_session.session_id assert new_session.last_activity > old_session.last_activity
def test_on_access_update_idle_session(user_id, session_timed_out): old_session_infos = userdb._load_session_infos(user_id) old_session = old_session_infos[session_timed_out] userdb.on_access(user_id, session_timed_out) new_session_infos = userdb._load_session_infos(user_id) new_session = new_session_infos[session_timed_out] assert new_session.session_id == old_session.session_id assert new_session.started_at == old_session.started_at assert new_session.last_activity == time.time() assert new_session.last_activity > old_session.last_activity
def test_on_access_update_valid_session(user_id, session_valid): old_session_infos = userdb._load_session_infos(user_id) old_session = old_session_infos[session_valid] userdb.on_access(user_id, session_valid) userdb.on_end_of_request(user_id) new_session_infos = userdb._load_session_infos(user_id) new_session = new_session_infos[session_valid] assert new_session.session_id == old_session.session_id assert new_session.started_at == old_session.started_at assert new_session.last_activity == time.time() assert new_session.last_activity > old_session.last_activity
def test_refresh_session_success(user_id: UserId, session_valid: str) -> None: session_infos = userdb._load_session_infos(user_id) assert session_infos old_session = userdb.SessionInfo(**asdict(session_infos[session_valid])) with on_time("2019-09-05 00:00:30", "UTC"): userdb._set_session(user_id, session_infos[session_valid]) userdb._refresh_session(user_id, session_infos[session_valid]) userdb.on_end_of_request(user_id) new_session_infos = userdb._load_session_infos(user_id) new_session = new_session_infos[session_valid] assert old_session.session_id == new_session.session_id assert new_session.last_activity > old_session.last_activity
def test_on_access_update_idle_session(user_id: UserId, session_timed_out: str) -> None: old_session_infos = userdb._load_session_infos(user_id) old_session = old_session_infos[session_timed_out] userdb.on_access(user_id, session_timed_out) userdb.on_end_of_request(user_id) new_session_infos = userdb._load_session_infos(user_id) new_session = new_session_infos[session_timed_out] assert new_session.session_id == old_session.session_id assert new_session.started_at == old_session.started_at assert new_session.last_activity == time.time() assert new_session.last_activity > old_session.last_activity
def test_load_pre_20_session(user_id: UserId) -> None: timestamp = 1234567890 userdb.save_custom_attr(user_id, "session_info", f"sess2|{timestamp}") old_session = userdb._load_session_infos(user_id) assert isinstance(old_session, dict) assert old_session["sess2"].started_at == timestamp assert old_session["sess2"].last_activity == timestamp
def test_on_access_update_unknown_session(user_id: UserId, session_valid: str) -> None: session_info = userdb._load_session_infos(user_id)[session_valid] session_info.started_at = 10 with pytest.raises(MKAuthException, match="Invalid user session"): userdb.on_access(user_id, "xyz")
def test_on_access_logout_on_idle_timeout(user_id: UserId, session_timed_out: str) -> None: session_info = userdb._load_session_infos(user_id)[session_timed_out] session_info.started_at = int(time.time()) - 10 with pytest.raises(MKAuthException, match="login timed out"): userdb.on_access(user_id, session_timed_out)
def test_on_access_update_idle_session(user_id: UserId) -> None: now = datetime.now() session_timed_out = make_timed_out_session(user_id, now) old_session_infos = userdb._load_session_infos(user_id) old_session = old_session_infos[session_timed_out] userdb.on_access(user_id, session_timed_out, now) userdb.on_end_of_request(user_id, now) new_session_infos = userdb._load_session_infos(user_id) new_session = new_session_infos[session_timed_out] assert new_session.session_id == old_session.session_id assert new_session.started_at == old_session.started_at assert new_session.last_activity == int(now.timestamp()) assert new_session.last_activity > old_session.last_activity
def test_on_access_update_unknown_session(user_id: UserId) -> None: now = datetime.now() session_valid = make_valid_session(user_id, now) session_info = userdb._load_session_infos(user_id)[session_valid] session_info.started_at = 10 with pytest.raises(MKAuthException, match="Invalid user session"): userdb.on_access(user_id, "xyz", now)
def test_refresh_session_success(user_id: UserId) -> None: now = datetime.now() session_valid = make_valid_session(user_id, now) session_infos = userdb._load_session_infos(user_id) assert session_infos old_session = userdb.SessionInfo(**asdict(session_infos[session_valid])) now += timedelta(minutes=30) userdb._set_session(user_id, session_infos[session_valid]) userdb._refresh_session(session_infos[session_valid], now) userdb.on_end_of_request(user_id, now) new_session_infos = userdb._load_session_infos(user_id) new_session = new_session_infos[session_valid] assert old_session.session_id == new_session.session_id assert new_session.last_activity > old_session.last_activity
def test_initialize_session_single_user_session(user_id): session_id = userdb._initialize_session(user_id) assert session_id != "" session_infos = userdb._load_session_infos(user_id) assert session_infos[session_id] == userdb.SessionInfo( session_id=session_id, started_at=int(time.time()), last_activity=int(time.time()), )
def test_on_access_logout_on_idle_timeout(monkeypatch: MonkeyPatch, user_id: UserId) -> None: now = datetime.now() session_timed_out = make_timed_out_session(user_id, now) monkeypatch.setattr(active_config, "user_idle_timeout", 8) session_info = userdb._load_session_infos(user_id)[session_timed_out] session_info.started_at = int(now.timestamp()) - 10 with pytest.raises(MKAuthException, match="login timed out"): userdb.on_access(user_id, session_timed_out, now)
def test_initialize_session_single_user_session(user_id: UserId, zero_uuid: None) -> None: now = datetime.now() session_id = userdb._initialize_session(user_id, now) assert session_id != "" session_infos = userdb._load_session_infos(user_id) assert session_infos[session_id] == userdb.SessionInfo( session_id=session_id, started_at=int(now.timestamp()), last_activity=int(now.timestamp()), flashes=[], csrf_token="00000000-0000-0000-0000-000000000000", )
def test_on_succeeded_login(user_id): assert config.single_user_session is None # Never logged in before assert not userdb._load_session_infos(user_id) assert userdb._load_failed_logins(user_id) == 0 session_id = userdb.on_succeeded_login(user_id) assert session_id != "" # Verify the session was initialized session_infos = userdb._load_session_infos(user_id) assert session_infos == { session_id: userdb.SessionInfo( session_id=session_id, started_at=int(time.time()), last_activity=int(time.time()), ) } # Ensure the failed login count is 0 assert userdb._load_failed_logins(user_id) == 0
def test_is_valid_user_session_valid(user_id: UserId, session_valid: str) -> None: assert (userdb._is_valid_user_session( user_id, userdb._load_session_infos(user_id), session_valid) is True)
def test_is_valid_user_session_still_valid_when_last_activity_extends_timeout( user_id: UserId, session_timed_out: str) -> None: assert (userdb._is_valid_user_session(user_id, userdb._load_session_infos(user_id), session_timed_out) is True)
def test_is_valid_user_session_not_existing(user_id: UserId) -> None: assert (userdb._is_valid_user_session(user_id, userdb._load_session_infos(user_id), "not-existing-session") is False)
def test_is_valid_user_session_single_user_session_disabled( user_id: UserId) -> None: assert config.single_user_session is None assert (userdb._is_valid_user_session( user_id, userdb._load_session_infos(user_id), "session1") is False)
def test_is_valid_user_session_valid(user_id: UserId) -> None: session_valid = make_valid_session(user_id, datetime.now()) assert userdb._is_valid_user_session(user_id, userdb._load_session_infos(user_id), session_valid)
def test_invalidate_session(user_id: UserId) -> None: session_valid = make_valid_session(user_id, datetime.now()) assert session_valid in userdb._load_session_infos(user_id) userdb._invalidate_session(user_id, session_valid) assert not userdb._load_session_infos(user_id)
def test_is_valid_user_session_valid(user_id, session_valid): assert (userdb._is_valid_user_session( user_id, userdb._load_session_infos(user_id), session_valid) is True)
def test_on_logout_invalidate_session(user_id: UserId) -> None: session_id = userdb.on_succeeded_login(user_id) assert session_id in userdb._load_session_infos(user_id) userdb.on_logout(user_id, session_id) assert not userdb._load_session_infos(user_id)
def test_on_logout_no_session(user_id: UserId) -> None: assert userdb.on_succeeded_login(user_id) assert userdb._load_session_infos(user_id) userdb.on_logout(user_id, session_id="") assert userdb._load_session_infos(user_id)
def test_load_pre_20_session(user_id: UserId, session_pre_20: str) -> None: old_session = userdb._load_session_infos(user_id) assert isinstance(old_session, dict) assert old_session["sess2"].started_at == int(time.time()) - 5 assert old_session["sess2"].last_activity == int(time.time()) - 5
def test_is_valid_user_session_still_valid_when_last_activity_extends_timeout( user_id: UserId, ) -> None: session_timed_out = make_timed_out_session(user_id, datetime.now()) assert userdb._is_valid_user_session(user_id, userdb._load_session_infos(user_id), session_timed_out)
def test_invalidate_session(user_id: UserId, session_valid: str) -> None: assert session_valid in userdb._load_session_infos(user_id) userdb._invalidate_session(user_id, session_valid) assert not userdb._load_session_infos(user_id)
def test_invalidate_session(user_id, session_valid): assert session_valid in userdb._load_session_infos(user_id) userdb._invalidate_session(user_id, session_valid) assert not userdb._load_session_infos(user_id)