Exemple #1
0
def test_on_access_logout_on_idle_timeout(user_id: UserId,
                                          session_timed_out: str) -> None:
    session_info = userdb._load_session_infos(user_id)[session_timed_out]
    session_info.started_at = int(time.time()) - 10

    with pytest.raises(MKAuthException, match="login timed out"):
        userdb.on_access(user_id, session_timed_out)
Exemple #2
0
def test_on_access_update_unknown_session(user_id: UserId,
                                          session_valid: str) -> None:
    session_info = userdb._load_session_infos(user_id)[session_valid]
    session_info.started_at = 10

    with pytest.raises(MKAuthException, match="Invalid user session"):
        userdb.on_access(user_id, "xyz")
Exemple #3
0
def test_flash(user_id):
    # Execute the first request flash some message
    with application_and_request_context(), login.UserSessionContext(user_id):
        session_id = on_succeeded_login(user_id)  # Create and activate session
        assert session is not None

        flash("abc")
        assert session.session_info.flashes == ["abc"]

    # Now create the second request to get the previously flashed message
    with application_and_request_context(), login.UserSessionContext(user_id):
        on_access(user_id, session_id)
        assert session is not None
        assert session.session_info.flashes == ["abc"]

        # Get the flashed messages removes the messages from the session
        # and subsequent calls to get_flashed_messages return the messages
        # over and over.
        assert get_flashed_messages() == [HTML("abc")]
        assert get_flashed_messages() == [HTML("abc")]
        assert session.session_info.flashes == []

    # Now create the third request that should not have access to the flashed messages since the
    # second one consumed them.
    with application_and_request_context(), login.UserSessionContext(user_id):
        on_access(user_id, session_id)
        assert session is not None
        assert session.session_info.flashes == []
        assert get_flashed_messages() == []
Exemple #4
0
def test_on_access_update_unknown_session(user_id: UserId) -> None:
    now = datetime.now()
    session_valid = make_valid_session(user_id, now)
    session_info = userdb._load_session_infos(user_id)[session_valid]
    session_info.started_at = 10

    with pytest.raises(MKAuthException, match="Invalid user session"):
        userdb.on_access(user_id, "xyz", now)
Exemple #5
0
def test_access_denied_with_invalidated_session(user_id: UserId) -> None:
    session_id = userdb.on_succeeded_login(user_id)
    assert session_id in userdb._load_session_infos(user_id)

    userdb.on_access(user_id, session_id)

    userdb.on_logout(user_id, session_id)
    assert not userdb._load_session_infos(user_id)

    with pytest.raises(MKAuthException, match="Invalid user session"):
        userdb.on_access(user_id, session_id)
Exemple #6
0
def test_get_last_activity(with_user, session_valid):
    user_id = with_user[0]
    user = _load_users_uncached(lock=False)[user_id]
    assert "session_info" not in user
    assert userdb.get_last_activity(user_id, user) == 0

    userdb.on_access(user_id, session_valid)

    user = _load_users_uncached(lock=False)[user_id]
    assert "session_info" in user
    assert userdb.get_last_activity(user_id, user) == time.time()
Exemple #7
0
def test_on_access_logout_on_idle_timeout(monkeypatch: MonkeyPatch,
                                          user_id: UserId) -> None:
    now = datetime.now()
    session_timed_out = make_timed_out_session(user_id, now)
    monkeypatch.setattr(active_config, "user_idle_timeout", 8)

    session_info = userdb._load_session_infos(user_id)[session_timed_out]
    session_info.started_at = int(now.timestamp()) - 10

    with pytest.raises(MKAuthException, match="login timed out"):
        userdb.on_access(user_id, session_timed_out, now)
Exemple #8
0
def test_get_last_activity(with_user: tuple[UserId, str],
                           session_valid: str) -> None:
    user_id = with_user[0]
    user = _load_users_uncached(lock=False)[user_id]
    assert userdb.get_last_activity(user) == time.time() - 5

    userdb.on_access(user_id, session_valid)
    userdb.on_end_of_request(user_id)

    user = _load_users_uncached(lock=False)[user_id]
    assert "session_info" in user
    assert userdb.get_last_activity(user) == time.time()
Exemple #9
0
def test_on_access_update_idle_session(user_id, session_timed_out):
    old_session_infos = userdb._load_session_infos(user_id)
    old_session = old_session_infos[session_timed_out]

    userdb.on_access(user_id, session_timed_out)

    new_session_infos = userdb._load_session_infos(user_id)
    new_session = new_session_infos[session_timed_out]

    assert new_session.session_id == old_session.session_id
    assert new_session.started_at == old_session.started_at
    assert new_session.last_activity == time.time()
    assert new_session.last_activity > old_session.last_activity
Exemple #10
0
def test_get_last_activity(with_user: tuple[UserId, str]) -> None:
    now = datetime.now()
    user_id = with_user[0]
    session_valid = make_valid_session(user_id, now)
    user = _load_users_uncached(lock=False)[user_id]
    assert userdb.get_last_activity(user) == int(now.timestamp()) - 5

    userdb.on_access(user_id, session_valid, now)
    userdb.on_end_of_request(user_id, now)

    user = _load_users_uncached(lock=False)[user_id]
    assert "session_info" in user
    assert userdb.get_last_activity(user) == int(now.timestamp())
Exemple #11
0
def test_on_access_update_valid_session(user_id, session_valid):
    old_session_infos = userdb._load_session_infos(user_id)
    old_session = old_session_infos[session_valid]

    userdb.on_access(user_id, session_valid)
    userdb.on_end_of_request(user_id)

    new_session_infos = userdb._load_session_infos(user_id)
    new_session = new_session_infos[session_valid]

    assert new_session.session_id == old_session.session_id
    assert new_session.started_at == old_session.started_at
    assert new_session.last_activity == time.time()
    assert new_session.last_activity > old_session.last_activity
Exemple #12
0
def test_on_access_update_idle_session(user_id: UserId,
                                       session_timed_out: str) -> None:
    old_session_infos = userdb._load_session_infos(user_id)
    old_session = old_session_infos[session_timed_out]

    userdb.on_access(user_id, session_timed_out)
    userdb.on_end_of_request(user_id)

    new_session_infos = userdb._load_session_infos(user_id)
    new_session = new_session_infos[session_timed_out]

    assert new_session.session_id == old_session.session_id
    assert new_session.started_at == old_session.started_at
    assert new_session.last_activity == time.time()
    assert new_session.last_activity > old_session.last_activity
Exemple #13
0
def test_on_access_update_idle_session(user_id: UserId) -> None:
    now = datetime.now()
    session_timed_out = make_timed_out_session(user_id, now)
    old_session_infos = userdb._load_session_infos(user_id)
    old_session = old_session_infos[session_timed_out]

    userdb.on_access(user_id, session_timed_out, now)
    userdb.on_end_of_request(user_id, now)

    new_session_infos = userdb._load_session_infos(user_id)
    new_session = new_session_infos[session_timed_out]

    assert new_session.session_id == old_session.session_id
    assert new_session.started_at == old_session.started_at
    assert new_session.last_activity == int(now.timestamp())
    assert new_session.last_activity > old_session.last_activity
Exemple #14
0
def _check_auth_cookie(cookie_name: str) -> Optional[UserId]:
    username, session_id, cookie_hash = user_from_cookie(
        _fetch_cookie(cookie_name))
    check_parsed_auth_cookie(username, session_id, cookie_hash)

    try:
        userdb.on_access(username, session_id)
    except MKAuthException:
        del_auth_cookie()
        raise

    # Once reached this the cookie is a good one. Renew it!
    _renew_cookie(cookie_name, username, session_id)

    _redirect_for_password_change(username)
    _redirect_for_two_factor_authentication(username)

    # Return the authenticated username
    return username
Exemple #15
0
def _check_auth_cookie(cookie_name: str) -> Optional[UserId]:
    username, session_id, cookie_hash = _parse_auth_cookie(cookie_name)
    _check_parsed_auth_cookie(username, session_id, cookie_hash)

    try:
        userdb.on_access(username, session_id)
    except MKAuthException:
        del_auth_cookie()
        raise

    # Once reached this the cookie is a good one. Renew it!
    _renew_cookie(cookie_name, username, session_id)

    if html.myfile != 'user_change_pw':
        result = userdb.need_to_change_pw(username)
        if result:
            raise HTTPRedirect('user_change_pw.py?_origtarget=%s&reason=%s' %
                               (html.urlencode(html.makeuri([])), result))

    # Return the authenticated username
    return username
Exemple #16
0
def _check_auth_cookie(cookie_name: str) -> Optional[UserId]:
    username, session_id, cookie_hash = user_from_cookie(
        _fetch_cookie(cookie_name))
    check_parsed_auth_cookie(username, session_id, cookie_hash)

    try:
        userdb.on_access(username, session_id)
    except MKAuthException:
        del_auth_cookie()
        raise

    # Once reached this the cookie is a good one. Renew it!
    _renew_cookie(cookie_name, username, session_id)

    if requested_file_name(request) != "user_change_pw":
        result = userdb.need_to_change_pw(username)
        if result:
            raise HTTPRedirect("user_change_pw.py?_origtarget=%s&reason=%s" %
                               (urlencode(makeuri(request, [])), result))

    # Return the authenticated username
    return username
Exemple #17
0
def test_flash(user_id):
    environ = create_environ()
    # Execute the first request flash some message
    with AppContext(DummyApplication(environ, None)), \
            RequestContext(htmllib.html(http.Request(environ))) as request, \
            login.UserContext(user_id):
        session_id = on_succeeded_login(user_id)  # Create and activate session
        assert request.session is not None

        flash("abc")
        assert session.session_info.flashes == ["abc"]

    # Now create the second request to get the previously flashed message
    with AppContext(DummyApplication(environ, None)), \
            RequestContext(htmllib.html(http.Request(environ))), \
            login.UserContext(user_id):
        on_access(user_id, session_id)
        assert request.session is not None
        assert session.session_info.flashes == ["abc"]

        # Get the flashed messages removes the messages from the session
        # and subsequent calls to get_flashed_messages return the messages
        # over and over.
        assert get_flashed_messages() == [HTML("abc")]
        assert get_flashed_messages() == [HTML("abc")]
        assert session.session_info.flashes == []

    # Now create the third request that should not have access to the flashed messages since the
    # second one consumed them.
    with AppContext(DummyApplication(environ, None)), \
            RequestContext(htmllib.html(http.Request(environ))), \
            login.UserContext(user_id):
        on_access(user_id, session_id)
        assert request.session is not None
        assert session.session_info.flashes == []
        assert get_flashed_messages() == []