def test_on_access_logout_on_idle_timeout(user_id: UserId,
session_timed_out: str) -> None:
session_info = userdb._load_session_infos(user_id)[session_timed_out]
session_info.started_at = int(time.time()) - 10
with pytest.raises(MKAuthException, match="login timed out"):
userdb.on_access(user_id, session_timed_out)
def test_on_access_update_unknown_session(user_id: UserId,
session_valid: str) -> None:
session_info = userdb._load_session_infos(user_id)[session_valid]
session_info.started_at = 10
with pytest.raises(MKAuthException, match="Invalid user session"):
userdb.on_access(user_id, "xyz")
def test_flash(user_id):
# Execute the first request flash some message
with application_and_request_context(), login.UserSessionContext(user_id):
session_id = on_succeeded_login(user_id) # Create and activate session
assert session is not None
flash("abc")
assert session.session_info.flashes == ["abc"]
# Now create the second request to get the previously flashed message
with application_and_request_context(), login.UserSessionContext(user_id):
on_access(user_id, session_id)
assert session is not None
assert session.session_info.flashes == ["abc"]
# Get the flashed messages removes the messages from the session
# and subsequent calls to get_flashed_messages return the messages
# over and over.
assert get_flashed_messages() == [HTML("abc")]
assert get_flashed_messages() == [HTML("abc")]
assert session.session_info.flashes == []
# Now create the third request that should not have access to the flashed messages since the
# second one consumed them.
with application_and_request_context(), login.UserSessionContext(user_id):
on_access(user_id, session_id)
assert session is not None
assert session.session_info.flashes == []
assert get_flashed_messages() == []
def test_on_access_update_unknown_session(user_id: UserId) -> None:
now = datetime.now()
session_valid = make_valid_session(user_id, now)
session_info = userdb._load_session_infos(user_id)[session_valid]
session_info.started_at = 10
with pytest.raises(MKAuthException, match="Invalid user session"):
userdb.on_access(user_id, "xyz", now)
def test_access_denied_with_invalidated_session(user_id: UserId) -> None:
session_id = userdb.on_succeeded_login(user_id)
assert session_id in userdb._load_session_infos(user_id)
userdb.on_access(user_id, session_id)
userdb.on_logout(user_id, session_id)
assert not userdb._load_session_infos(user_id)
with pytest.raises(MKAuthException, match="Invalid user session"):
userdb.on_access(user_id, session_id)
def test_get_last_activity(with_user, session_valid):
user_id = with_user[0]
user = _load_users_uncached(lock=False)[user_id]
assert "session_info" not in user
assert userdb.get_last_activity(user_id, user) == 0
userdb.on_access(user_id, session_valid)
user = _load_users_uncached(lock=False)[user_id]
assert "session_info" in user
assert userdb.get_last_activity(user_id, user) == time.time()
def test_on_access_logout_on_idle_timeout(monkeypatch: MonkeyPatch,
user_id: UserId) -> None:
now = datetime.now()
session_timed_out = make_timed_out_session(user_id, now)
monkeypatch.setattr(active_config, "user_idle_timeout", 8)
session_info = userdb._load_session_infos(user_id)[session_timed_out]
session_info.started_at = int(now.timestamp()) - 10
with pytest.raises(MKAuthException, match="login timed out"):
userdb.on_access(user_id, session_timed_out, now)
def test_get_last_activity(with_user: tuple[UserId, str],
session_valid: str) -> None:
user_id = with_user[0]
user = _load_users_uncached(lock=False)[user_id]
assert userdb.get_last_activity(user) == time.time() - 5
userdb.on_access(user_id, session_valid)
userdb.on_end_of_request(user_id)
user = _load_users_uncached(lock=False)[user_id]
assert "session_info" in user
assert userdb.get_last_activity(user) == time.time()
def test_on_access_update_idle_session(user_id, session_timed_out):
old_session_infos = userdb._load_session_infos(user_id)
old_session = old_session_infos[session_timed_out]
userdb.on_access(user_id, session_timed_out)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_timed_out]
assert new_session.session_id == old_session.session_id
assert new_session.started_at == old_session.started_at
assert new_session.last_activity == time.time()
assert new_session.last_activity > old_session.last_activity
def test_get_last_activity(with_user: tuple[UserId, str]) -> None:
now = datetime.now()
user_id = with_user[0]
session_valid = make_valid_session(user_id, now)
user = _load_users_uncached(lock=False)[user_id]
assert userdb.get_last_activity(user) == int(now.timestamp()) - 5
userdb.on_access(user_id, session_valid, now)
userdb.on_end_of_request(user_id, now)
user = _load_users_uncached(lock=False)[user_id]
assert "session_info" in user
assert userdb.get_last_activity(user) == int(now.timestamp())
def test_on_access_update_valid_session(user_id, session_valid):
old_session_infos = userdb._load_session_infos(user_id)
old_session = old_session_infos[session_valid]
userdb.on_access(user_id, session_valid)
userdb.on_end_of_request(user_id)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_valid]
assert new_session.session_id == old_session.session_id
assert new_session.started_at == old_session.started_at
assert new_session.last_activity == time.time()
assert new_session.last_activity > old_session.last_activity
def test_on_access_update_idle_session(user_id: UserId,
session_timed_out: str) -> None:
old_session_infos = userdb._load_session_infos(user_id)
old_session = old_session_infos[session_timed_out]
userdb.on_access(user_id, session_timed_out)
userdb.on_end_of_request(user_id)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_timed_out]
assert new_session.session_id == old_session.session_id
assert new_session.started_at == old_session.started_at
assert new_session.last_activity == time.time()
assert new_session.last_activity > old_session.last_activity
def test_on_access_update_idle_session(user_id: UserId) -> None:
now = datetime.now()
session_timed_out = make_timed_out_session(user_id, now)
old_session_infos = userdb._load_session_infos(user_id)
old_session = old_session_infos[session_timed_out]
userdb.on_access(user_id, session_timed_out, now)
userdb.on_end_of_request(user_id, now)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_timed_out]
assert new_session.session_id == old_session.session_id
assert new_session.started_at == old_session.started_at
assert new_session.last_activity == int(now.timestamp())
assert new_session.last_activity > old_session.last_activity
def _check_auth_cookie(cookie_name: str) -> Optional[UserId]:
username, session_id, cookie_hash = user_from_cookie(
_fetch_cookie(cookie_name))
check_parsed_auth_cookie(username, session_id, cookie_hash)
try:
userdb.on_access(username, session_id)
except MKAuthException:
del_auth_cookie()
raise
# Once reached this the cookie is a good one. Renew it!
_renew_cookie(cookie_name, username, session_id)
_redirect_for_password_change(username)
_redirect_for_two_factor_authentication(username)
# Return the authenticated username
return username
def _check_auth_cookie(cookie_name: str) -> Optional[UserId]:
username, session_id, cookie_hash = _parse_auth_cookie(cookie_name)
_check_parsed_auth_cookie(username, session_id, cookie_hash)
try:
userdb.on_access(username, session_id)
except MKAuthException:
del_auth_cookie()
raise
# Once reached this the cookie is a good one. Renew it!
_renew_cookie(cookie_name, username, session_id)
if html.myfile != 'user_change_pw':
result = userdb.need_to_change_pw(username)
if result:
raise HTTPRedirect('user_change_pw.py?_origtarget=%s&reason=%s' %
(html.urlencode(html.makeuri([])), result))
# Return the authenticated username
return username
def _check_auth_cookie(cookie_name: str) -> Optional[UserId]:
username, session_id, cookie_hash = user_from_cookie(
_fetch_cookie(cookie_name))
check_parsed_auth_cookie(username, session_id, cookie_hash)
try:
userdb.on_access(username, session_id)
except MKAuthException:
del_auth_cookie()
raise
# Once reached this the cookie is a good one. Renew it!
_renew_cookie(cookie_name, username, session_id)
if requested_file_name(request) != "user_change_pw":
result = userdb.need_to_change_pw(username)
if result:
raise HTTPRedirect("user_change_pw.py?_origtarget=%s&reason=%s" %
(urlencode(makeuri(request, [])), result))
# Return the authenticated username
return username
def test_flash(user_id):
environ = create_environ()
# Execute the first request flash some message
with AppContext(DummyApplication(environ, None)), \
RequestContext(htmllib.html(http.Request(environ))) as request, \
login.UserContext(user_id):
session_id = on_succeeded_login(user_id) # Create and activate session
assert request.session is not None
flash("abc")
assert session.session_info.flashes == ["abc"]
# Now create the second request to get the previously flashed message
with AppContext(DummyApplication(environ, None)), \
RequestContext(htmllib.html(http.Request(environ))), \
login.UserContext(user_id):
on_access(user_id, session_id)
assert request.session is not None
assert session.session_info.flashes == ["abc"]
# Get the flashed messages removes the messages from the session
# and subsequent calls to get_flashed_messages return the messages
# over and over.
assert get_flashed_messages() == [HTML("abc")]
assert get_flashed_messages() == [HTML("abc")]
assert session.session_info.flashes == []
# Now create the third request that should not have access to the flashed messages since the
# second one consumed them.
with AppContext(DummyApplication(environ, None)), \
RequestContext(htmllib.html(http.Request(environ))), \
login.UserContext(user_id):
on_access(user_id, session_id)
assert request.session is not None
assert session.session_info.flashes == []
assert get_flashed_messages() == []
