def test_new_session(setup): username = "******" session = Session.new_session(username) assert session.user.username == username assert not session.expired() setup.session.add(session) setup.session.commit() session = Session.get_by_id(session.id) assert session.user.username == username
def test_session_role(setup): sess_admin = Session.new_session("admin") setup.session.add(sess_admin) sess_lib = Session.new_session("lib") setup.session.add(sess_lib) sess_reader = Session.new_session("reader") setup.session.add(sess_reader) setup.session.commit() assert sess_admin.user.role == "admin" assert sess_lib.user.role == "librarian" assert sess_reader.user.role == "reader"
def wrapper(*args, **kwargs): parser = reqparse.RequestParser() parser.add_argument('session-id', location='cookies') try: req = kwargs["testing_request"] except KeyError: req = None parsed_args = parser.parse_args(req) sess_id = parsed_args["session-id"] if sess_id == None: return error("Not authorized", 401) try: sess = Session.get_by_id(sess_id) except ValueError: return error("Not authorized", 401) except Exception as e: return error(str(e), 400) kwargs["session"] = sess return f(*args, **kwargs)
def post(self): parser = reqparse.RequestParser() parser.add_argument("username", required=True, location='headers', help="Username is required") parser.add_argument("password", required=True, location='headers', help="Password is required") args = parser.parse_args() username = args["username"] password = args["password"] try: user = User.get_by_username(username) if not user.check_password(password): raise ValueError except ValueError: return error("Username and/or password is incorrect.", 401) sess = Session.new_session(username) db.session.add(sess) db.session.commit() header = {"Set-Cookie": f"session-id={sess.id}"} return sess.json(), 200, header
def test_expired_session(setup): username = "******" time = datetime.now() - timedelta(hours=2) session = Session.new_session(username, time) setup.session.add(session) setup.session.commit() with pytest.raises(ValueError): assert session.get_by_id(session.id)
def test_user_backref(setup): username = "******" session = Session.new_session(username) setup.session.add(session) setup.session.commit() user = User.get_by_username(username) ids = [session.id for session in user.sessions] assert session.id in ids
def test_auth_success(setup, mocker): username = "******" role = "admin" sess = Session.new_session("admin") setup.session.add(sess) setup.session.commit() request = mocker.patch.object(flask, "request") request.cookies = {"session-id": sess.id} def inner_func(username, role, sessid, **kwargs): sess = kwargs["session"] assert sess.user.username == username assert sess.user.role == role assert sess.id == sessid wrapped_func = authenticated(inner_func) wrapped_func(username, role, sess.id, testing_request=request)
def test_auth_faliure(setup, mocker): username = "******" role = "admin" expire = datetime.now() + timedelta(hours=-3) sess = Session.new_session("admin", expire) setup.session.add(sess) setup.session.commit() request = mocker.patch.object(flask, "request") request.cookies = {"session-id": sess.id} def inner_func(**kwargs): assert not 1 == 1 #This inner func should not be called wrapped_func = authenticated(inner_func) resp, code, headers = wrapped_func(username, role, sess.id, testing_request=request) assert "error" in resp.keys() assert code == 401
def save(): username = "******" user_id = 0 if g.user.is_authenticated: username = g.user.username user_id = g.user.id if user_id == 0 and not app.config['ALLOW_UNAUTHENTICATED_USER_SAVE_LOAD']: return make_response(jsonify({'errors': True, 'msg': 'Unauthenticated user'}), 401) try: data = json.loads(request.data) except ValueError: return make_response(jsonify({'errors': True, 'msg': 'No posted data or posted data not readable'}), 400) # Create object in db session_id = request.args.get('sid', None) if not is_valid_uuid(session_id): session_id = None # Session id comes from demo session, we create new version with new id if session_id is not None: instance = Session.query.filter_by(id=session_id).first() if not instance: return make_response(jsonify({'errors': True, 'msg': 'Session not found'}), 400) # If user is not the same as the one that created the session, add a new id and update # existing user id (this will effectively create a new session object) if user_id != instance.user_id: session_id = str(uuid.uuid4()) instance.id = session_id instance.user_id = user_id else: # Should create a new session session_id = str(uuid.uuid4()) instance = Session(id=session_id, user_id=user_id) instance.created = datetime.datetime.utcnow() data['session']['author'] = username if data['session']['name']: session_name = data['session']['name'] else: n_existing_sessions = Session.query.filter_by(user_id=user_id).count() session_name = 'Untitled session #%i' % (n_existing_sessions + 1) data['session']['name'] = session_name instance.name = session_name instance.last_modified = datetime.datetime.utcnow() db_session.add(instance) db_session.commit() file_dir = '%s/%i' % (app.config['SESSIONS_FOLDER_PATH'], user_id) file_path = '%s/%s.json' % (file_dir, session_id) if os.path.exists(file_path): file_contents = json.load(open(file_path, 'r')) else: file_contents = { 'id': session_id, 'username': username, 'data': [], 'created': datetime.datetime.now().isoformat(), } file_contents['lastModified'] = datetime.datetime.now().isoformat() file_contents['data'] = data # Save session file if not os.path.exists(file_dir): os.mkdir(file_dir) json.dump(file_contents, open(file_path, 'w'), indent=4) return make_response(jsonify( {'errors': False, 'sessionName': session_name, 'sessionID': session_id }), 200)