def test_on_succeeded_login(user_id: UserId, zero_uuid: None) -> None:
now = datetime.now()
assert active_config.single_user_session is None
# Never logged in before
assert not userdb._load_session_infos(user_id)
assert userdb._load_failed_logins(user_id) == 0
session_id = userdb.on_succeeded_login(user_id, now)
assert session_id != ""
# Verify the session was initialized
session_infos = userdb._load_session_infos(user_id)
assert session_infos == {
session_id:
userdb.SessionInfo(
session_id=session_id,
started_at=int(now.timestamp()),
last_activity=int(now.timestamp()),
flashes=[],
csrf_token="00000000-0000-0000-0000-000000000000",
)
}
# Ensure the failed login count is 0
assert userdb._load_failed_logins(user_id) == 0
def test_access_denied_with_invalidated_session(user_id: UserId) -> None:
session_id = userdb.on_succeeded_login(user_id)
assert session_id in userdb._load_session_infos(user_id)
userdb.on_access(user_id, session_id)
userdb.on_logout(user_id, session_id)
assert not userdb._load_session_infos(user_id)
with pytest.raises(MKAuthException, match="Invalid user session"):
userdb.on_access(user_id, session_id)
def test_refresh_session_success(user_id, session_valid):
session_infos = userdb._load_session_infos(user_id)
assert session_infos
old_session = session_infos[session_valid]
with on_time("2019-09-05 00:00:30", "UTC"):
userdb._refresh_session(user_id, session_valid)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_valid]
assert old_session.session_id == new_session.session_id
assert new_session.last_activity > old_session.last_activity
def test_on_access_update_idle_session(user_id, session_timed_out):
old_session_infos = userdb._load_session_infos(user_id)
old_session = old_session_infos[session_timed_out]
userdb.on_access(user_id, session_timed_out)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_timed_out]
assert new_session.session_id == old_session.session_id
assert new_session.started_at == old_session.started_at
assert new_session.last_activity == time.time()
assert new_session.last_activity > old_session.last_activity
def test_on_access_update_valid_session(user_id, session_valid):
old_session_infos = userdb._load_session_infos(user_id)
old_session = old_session_infos[session_valid]
userdb.on_access(user_id, session_valid)
userdb.on_end_of_request(user_id)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_valid]
assert new_session.session_id == old_session.session_id
assert new_session.started_at == old_session.started_at
assert new_session.last_activity == time.time()
assert new_session.last_activity > old_session.last_activity
def test_refresh_session_success(user_id: UserId, session_valid: str) -> None:
session_infos = userdb._load_session_infos(user_id)
assert session_infos
old_session = userdb.SessionInfo(**asdict(session_infos[session_valid]))
with on_time("2019-09-05 00:00:30", "UTC"):
userdb._set_session(user_id, session_infos[session_valid])
userdb._refresh_session(user_id, session_infos[session_valid])
userdb.on_end_of_request(user_id)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_valid]
assert old_session.session_id == new_session.session_id
assert new_session.last_activity > old_session.last_activity
def test_on_access_update_idle_session(user_id: UserId,
session_timed_out: str) -> None:
old_session_infos = userdb._load_session_infos(user_id)
old_session = old_session_infos[session_timed_out]
userdb.on_access(user_id, session_timed_out)
userdb.on_end_of_request(user_id)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_timed_out]
assert new_session.session_id == old_session.session_id
assert new_session.started_at == old_session.started_at
assert new_session.last_activity == time.time()
assert new_session.last_activity > old_session.last_activity
def test_load_pre_20_session(user_id: UserId) -> None:
timestamp = 1234567890
userdb.save_custom_attr(user_id, "session_info", f"sess2|{timestamp}")
old_session = userdb._load_session_infos(user_id)
assert isinstance(old_session, dict)
assert old_session["sess2"].started_at == timestamp
assert old_session["sess2"].last_activity == timestamp
def test_on_access_update_unknown_session(user_id: UserId,
session_valid: str) -> None:
session_info = userdb._load_session_infos(user_id)[session_valid]
session_info.started_at = 10
with pytest.raises(MKAuthException, match="Invalid user session"):
userdb.on_access(user_id, "xyz")
def test_on_access_logout_on_idle_timeout(user_id: UserId,
session_timed_out: str) -> None:
session_info = userdb._load_session_infos(user_id)[session_timed_out]
session_info.started_at = int(time.time()) - 10
with pytest.raises(MKAuthException, match="login timed out"):
userdb.on_access(user_id, session_timed_out)
def test_on_access_update_idle_session(user_id: UserId) -> None:
now = datetime.now()
session_timed_out = make_timed_out_session(user_id, now)
old_session_infos = userdb._load_session_infos(user_id)
old_session = old_session_infos[session_timed_out]
userdb.on_access(user_id, session_timed_out, now)
userdb.on_end_of_request(user_id, now)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_timed_out]
assert new_session.session_id == old_session.session_id
assert new_session.started_at == old_session.started_at
assert new_session.last_activity == int(now.timestamp())
assert new_session.last_activity > old_session.last_activity
def test_on_access_update_unknown_session(user_id: UserId) -> None:
now = datetime.now()
session_valid = make_valid_session(user_id, now)
session_info = userdb._load_session_infos(user_id)[session_valid]
session_info.started_at = 10
with pytest.raises(MKAuthException, match="Invalid user session"):
userdb.on_access(user_id, "xyz", now)
def test_refresh_session_success(user_id: UserId) -> None:
now = datetime.now()
session_valid = make_valid_session(user_id, now)
session_infos = userdb._load_session_infos(user_id)
assert session_infos
old_session = userdb.SessionInfo(**asdict(session_infos[session_valid]))
now += timedelta(minutes=30)
userdb._set_session(user_id, session_infos[session_valid])
userdb._refresh_session(session_infos[session_valid], now)
userdb.on_end_of_request(user_id, now)
new_session_infos = userdb._load_session_infos(user_id)
new_session = new_session_infos[session_valid]
assert old_session.session_id == new_session.session_id
assert new_session.last_activity > old_session.last_activity
def test_initialize_session_single_user_session(user_id):
session_id = userdb._initialize_session(user_id)
assert session_id != ""
session_infos = userdb._load_session_infos(user_id)
assert session_infos[session_id] == userdb.SessionInfo(
session_id=session_id,
started_at=int(time.time()),
last_activity=int(time.time()),
)
def test_on_access_logout_on_idle_timeout(monkeypatch: MonkeyPatch,
user_id: UserId) -> None:
now = datetime.now()
session_timed_out = make_timed_out_session(user_id, now)
monkeypatch.setattr(active_config, "user_idle_timeout", 8)
session_info = userdb._load_session_infos(user_id)[session_timed_out]
session_info.started_at = int(now.timestamp()) - 10
with pytest.raises(MKAuthException, match="login timed out"):
userdb.on_access(user_id, session_timed_out, now)
def test_initialize_session_single_user_session(user_id: UserId,
zero_uuid: None) -> None:
now = datetime.now()
session_id = userdb._initialize_session(user_id, now)
assert session_id != ""
session_infos = userdb._load_session_infos(user_id)
assert session_infos[session_id] == userdb.SessionInfo(
session_id=session_id,
started_at=int(now.timestamp()),
last_activity=int(now.timestamp()),
flashes=[],
csrf_token="00000000-0000-0000-0000-000000000000",
)
def test_on_succeeded_login(user_id):
assert config.single_user_session is None
# Never logged in before
assert not userdb._load_session_infos(user_id)
assert userdb._load_failed_logins(user_id) == 0
session_id = userdb.on_succeeded_login(user_id)
assert session_id != ""
# Verify the session was initialized
session_infos = userdb._load_session_infos(user_id)
assert session_infos == {
session_id:
userdb.SessionInfo(
session_id=session_id,
started_at=int(time.time()),
last_activity=int(time.time()),
)
}
# Ensure the failed login count is 0
assert userdb._load_failed_logins(user_id) == 0
def test_is_valid_user_session_valid(user_id: UserId,
session_valid: str) -> None:
assert (userdb._is_valid_user_session(
user_id, userdb._load_session_infos(user_id), session_valid) is True)
def test_is_valid_user_session_still_valid_when_last_activity_extends_timeout(
user_id: UserId, session_timed_out: str) -> None:
assert (userdb._is_valid_user_session(user_id,
userdb._load_session_infos(user_id),
session_timed_out) is True)
def test_is_valid_user_session_not_existing(user_id: UserId) -> None:
assert (userdb._is_valid_user_session(user_id,
userdb._load_session_infos(user_id),
"not-existing-session") is False)
def test_is_valid_user_session_single_user_session_disabled(
user_id: UserId) -> None:
assert config.single_user_session is None
assert (userdb._is_valid_user_session(
user_id, userdb._load_session_infos(user_id), "session1") is False)
def test_is_valid_user_session_valid(user_id: UserId) -> None:
session_valid = make_valid_session(user_id, datetime.now())
assert userdb._is_valid_user_session(user_id,
userdb._load_session_infos(user_id),
session_valid)
def test_invalidate_session(user_id: UserId) -> None:
session_valid = make_valid_session(user_id, datetime.now())
assert session_valid in userdb._load_session_infos(user_id)
userdb._invalidate_session(user_id, session_valid)
assert not userdb._load_session_infos(user_id)
def test_is_valid_user_session_valid(user_id, session_valid):
assert (userdb._is_valid_user_session(
user_id, userdb._load_session_infos(user_id), session_valid) is True)
def test_on_logout_invalidate_session(user_id: UserId) -> None:
session_id = userdb.on_succeeded_login(user_id)
assert session_id in userdb._load_session_infos(user_id)
userdb.on_logout(user_id, session_id)
assert not userdb._load_session_infos(user_id)
def test_on_logout_no_session(user_id: UserId) -> None:
assert userdb.on_succeeded_login(user_id)
assert userdb._load_session_infos(user_id)
userdb.on_logout(user_id, session_id="")
assert userdb._load_session_infos(user_id)
def test_load_pre_20_session(user_id: UserId, session_pre_20: str) -> None:
old_session = userdb._load_session_infos(user_id)
assert isinstance(old_session, dict)
assert old_session["sess2"].started_at == int(time.time()) - 5
assert old_session["sess2"].last_activity == int(time.time()) - 5
def test_is_valid_user_session_still_valid_when_last_activity_extends_timeout(
user_id: UserId, ) -> None:
session_timed_out = make_timed_out_session(user_id, datetime.now())
assert userdb._is_valid_user_session(user_id,
userdb._load_session_infos(user_id),
session_timed_out)
def test_invalidate_session(user_id: UserId, session_valid: str) -> None:
assert session_valid in userdb._load_session_infos(user_id)
userdb._invalidate_session(user_id, session_valid)
assert not userdb._load_session_infos(user_id)
def test_invalidate_session(user_id, session_valid):
assert session_valid in userdb._load_session_infos(user_id)
userdb._invalidate_session(user_id, session_valid)
assert not userdb._load_session_infos(user_id)
