def get_user_data_from_session(self):
"""Retrieve user info from session."""
cookies = "; ".join(["{}={}".format(k, v) for k, v in self.testapp.cookies.items()])
request = webapp2.Request.blank('/', headers=[('Cookie', cookies)])
request.app = self.app
a = auth.Auth(request=request)
return a.get_user_by_session()
def test_set_auth(self):
app = webapp2.WSGIApplication()
req = webapp2.Request.blank('/')
req.app = app
a = auth.Auth(req)
self.assertEqual(len(req.registry), 0)
auth.set_auth(a, request=req)
self.assertEqual(len(req.registry), 1)
a = auth.get_auth(request=req)
self.assertTrue(isinstance(a, auth.Auth))
def test_get_user_by_session(self):
app = webapp2.WSGIApplication(
config={'webapp2_extras.sessions': {
'secret_key': 'foo',
}})
req = webapp2.Request.blank('/')
rsp = webapp2.Response()
req.app = app
s = auth.get_store(app=app)
a = auth.Auth(request=req)
session_store = sessions.get_store(request=req)
# This won't work.
a.set_session_data({})
self.assertEqual(a.session.get('_user'), None)
# This won't work.
a.session['_user'] = {}
self.assertEqual(a.get_session_data(), None)
self.assertEqual(a.session.get('_user'), None)
# Create a user.
m = models.User
success, user = m.create_user(auth_id='auth_id',
password_raw='password')
user_id = user.key.id()
# Get user with session. An anonymous_user is returned.
rv = a.get_user_by_session()
self.assertTrue(rv is None)
# Login with password. User dict is returned.
rv = a.get_user_by_password('auth_id', 'password')
self.assertEqual(rv['user_id'], user_id)
# Save sessions.
session_store.save_sessions(rsp)
# Get user with session. Voila!
cookies = rsp.headers.get('Set-Cookie')
req = webapp2.Request.blank('/', headers=[('Cookie', cookies)])
rsp = webapp2.Response()
req.app = app
a = auth.Auth(request=req)
# only auth_id is returned when there're no
# custom user attributes defined.
rv = a.get_user_by_session()
self.assertEqual(rv['user_id'], user_id)
# If we call get_user_by_token() now, the same user is returned.
rv2 = a.get_user_by_token(rv['user_id'], rv['token'])
self.assertTrue(rv is rv2)
# Let's get it again and check that token is the same.
token = rv['token']
a._user = None
rv = a.get_user_by_session()
self.assertEqual(rv['user_id'], user_id)
self.assertEqual(rv['token'], token)
# Now let's force token to be renewed and check that we have a new one.
s.config['token_new_age'] = None
a._user = None
rv = a.get_user_by_session()
self.assertEqual(rv['user_id'], user_id)
self.assertNotEqual(rv['token'], token)
# Now let's force token to be invalid.
s.config['token_max_age'] = None
a._user = None
rv = a.get_user_by_session()
self.assertEqual(rv, None)
