def test_session_activity_model(app):
"""Test SessionActivity model."""
ext = InvenioAccounts(app)
app.register_blueprint(blueprint)
# SessionActivity table is in the datastore database.
datastore = app.extensions['invenio-accounts'].datastore
inspector = inspect(datastore.db.engine)
assert 'accounts_user_session_activity' in inspector.get_table_names()
user = testutils.create_test_user()
# Create a new SessionActivity object, put it in the datastore.
session_activity = SessionActivity(user_id=user.get_id(),
sid_s="teststring")
database = datastore.db
# the `created` field is magicked in via the Timestamp mixin class
assert not session_activity.created
assert not session_activity.id
database.session.add(session_activity)
# Commit it to the books.
database.session.commit()
assert session_activity.created
assert session_activity.id
assert len(user.active_sessions) == 1
# Now how does this look on the user object?
assert session_activity == user.active_sessions[0]
session_two = SessionActivity(user_id=user.get_id(), sid_s="testring_2")
database.session.add(session_two)
# Commit it to the books.
database.session.commit()
assert len(user.active_sessions) == 2
# Check #columns in table
queried = database.session.query(SessionActivity)
assert queried.count() == 2
active_sessions = queried.all()
assert session_activity.sid_s in [x.sid_s for x in active_sessions]
assert session_two in queried.filter(
SessionActivity.sid_s == session_two.sid_s)
assert queried.count() == 2 # `.filter` doesn't change the query
# Test session deletion
session_to_delete = user.active_sessions[0]
database.session.delete(session_to_delete)
assert len(user.active_sessions) == 2 # Not yet updated.
assert queried.count() == 1
# Deletion is visible on `user` once database session is commited.
database.session.commit()
assert len(user.active_sessions) == 1
assert user.active_sessions[0].sid_s != session_to_delete.sid_s
def get(self, **kwargs):
"""Return user sessions info."""
sessions = SessionActivity.query_by_user(user_id=current_user.get_id())
results = [{
'created': s.created,
'current': SessionActivity.is_current(s.sid_s),
'browser': s.browser,
'browser_version': s.browser_version,
'os': s.os,
'device': s.device,
'country': s.country
} for s in sessions]
return jsonify({'total': sessions.count(), 'results': results})
def delete(self, sid_s=None, **kwargs):
"""Revoke the given user session."""
if SessionActivity.query_by_user(current_user.get_id()) \
.filter_by(sid_s=sid_s).count() == 1:
delete_session(sid_s=sid_s)
db.session.commit()
message = 'Session {0} successfully removed. {1}.'
if SessionActivity.is_current(sid_s=sid_s):
message = message.format(sid_s, "Logged out")
else:
message = message.format(sid_s, "Revoked")
return jsonify({'message': message})
else:
return jsonify(
{'message':
'Unable to remove session {0}.'.format(sid_s)}), 400
def get(self, **kwargs):
"""Return user sessions info."""
sessions = SessionActivity.query_by_user(user_id=current_user.get_id())
results = [
{
"created": s.created,
"current": SessionActivity.is_current(s.sid_s),
"browser": s.browser,
"browser_version": s.browser_version,
"os": s.os,
"device": s.device,
"country": s.country,
}
for s in sessions
]
return jsonify({"total": sessions.count(), "results": results})
def add_session(session=None):
r"""Add a session to the SessionActivity table.
:param session: Flask Session object to add. If None, ``flask.session``
is used. The object is expected to have a dictionary entry named
``"user_id"`` and a field ``sid_s``
"""
user_id, sid_s = session['user_id'], session.sid_s
with db.session.begin_nested():
session_activity = SessionActivity(user_id=user_id, sid_s=sid_s)
db.session.merge(session_activity)
def add_session(session=None):
r"""Add a session to the SessionActivity table.
:param session: Flask Session object to add. If None, ``flask.session``
is used. The object is expected to have a dictionary entry named
``"user_id"`` and a field ``sid_s``
"""
user_id, sid_s = session['user_id'], session.sid_s
session_activity = SessionActivity(user_id=user_id, sid_s=sid_s)
try:
_datastore.db.session.add(session_activity)
_datastore.commit()
except IntegrityError:
_datastore.db.session.rollback()
