def test_access_denied_with_invalidated_session(user_id: UserId) -> None: session_id = userdb.on_succeeded_login(user_id) assert session_id in userdb._load_session_infos(user_id) userdb.on_access(user_id, session_id) userdb.on_logout(user_id, session_id) assert not userdb._load_session_infos(user_id) with pytest.raises(MKAuthException, match="Invalid user session"): userdb.on_access(user_id, session_id)
def page(self) -> None: assert config.user.id is not None _invalidate_auth_session() session_id = _get_session_id_from_cookie(config.user.id) userdb.on_logout(config.user.id, session_id) if auth_type == 'cookie': raise HTTPRedirect(config.url_prefix() + 'check_mk/login.py') # Implement HTTP logout with cookie hack if not html.request.has_cookie('logout'): html.response.headers['WWW-Authenticate'] = ( 'Basic realm="OMD Monitoring Site %s"' % config.omd_site()) html.response.set_http_cookie('logout', '1') raise FinalizeRequest(http.client.UNAUTHORIZED) html.response.delete_cookie('logout') raise HTTPRedirect(config.url_prefix() + 'check_mk/')
def page(self) -> None: assert user.id is not None _invalidate_auth_session() session_id = _get_session_id_from_cookie(user.id, revalidate_cookie=True) userdb.on_logout(user.id, session_id) if auth_type == "cookie": # type: ignore[has-type] raise HTTPRedirect(url_prefix() + "check_mk/login.py") # Implement HTTP logout with cookie hack if not request.has_cookie("logout"): response.headers["WWW-Authenticate"] = ( 'Basic realm="OMD Monitoring Site %s"' % omd_site()) response.set_http_cookie("logout", "1", secure=request.is_secure) raise FinalizeRequest(http.client.UNAUTHORIZED) response.delete_cookie("logout") raise HTTPRedirect(url_prefix() + "check_mk/")
def test_on_logout_invalidate_session(user_id: UserId) -> None: session_id = userdb.on_succeeded_login(user_id) assert session_id in userdb._load_session_infos(user_id) userdb.on_logout(user_id, session_id) assert not userdb._load_session_infos(user_id)
def test_on_logout_no_session(user_id: UserId) -> None: assert userdb.on_succeeded_login(user_id) assert userdb._load_session_infos(user_id) userdb.on_logout(user_id, session_id="") assert userdb._load_session_infos(user_id)