def test_repeated_login_session_population(app): """Verify that the number of SessionActivity entries match the number of sessions in the kv-store, when logging in with one user.""" InvenioAccounts(app) app.register_blueprint(blueprint) user = testutils.create_test_user() query = _datastore.db.session.query(SessionActivity) assert query.count() == len(testutils.get_kvsession_keys()) with app.test_client() as client: # After logging in, there should be one session in the kv-store and # one SessionActivity testutils.login_user_via_view(client, user=user) assert testutils.client_authenticated(client) query = _datastore.db.session.query(SessionActivity) assert query.count() == 1 assert query.count() == len(testutils.get_kvsession_keys()) # Sessions are not deleted upon logout client.get(flask_security.url_for_security('logout')) assert len(testutils.get_kvsession_keys()) == 1 query = _datastore.db.session.query(SessionActivity) assert query.count() == len(testutils.get_kvsession_keys()) # After logging out and back in, the number of sessions correspond to # the number of SessionActivity entries. testutils.login_user_via_view(client, user=user) query = _datastore.db.session.query(SessionActivity) assert query.count() == len(testutils.get_kvsession_keys())
def test_session_ttl(app): """Test actual/working session expiration/TTL settings.""" ttl_seconds = 1 # Set ttl to "0 days, 1 seconds" ttl_delta = datetime.timedelta(0, ttl_seconds) ext = InvenioAccounts(app) app.register_blueprint(blueprint) assert ext.sessionstore.ttl_support # _THIS_ is what flask_kvsession uses to determine default ttl # sets default ttl to `ttl_seconds` seconds app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta assert app.permanent_session_lifetime.total_seconds() == ttl_seconds user = testutils.create_test_user() with app.test_client() as client: testutils.login_user_via_view(client, user=user) assert len(testutils.get_kvsession_keys()) == 1 sid = testutils.unserialize_session(flask.session.sid_s) testutils.let_session_expire() assert sid.has_expired(ttl_delta) assert not testutils.client_authenticated(client) # Expired sessions are automagically removed from the sessionstore # Although not _instantly_. while len(testutils.get_kvsession_keys()) > 0: pass assert len(testutils.get_kvsession_keys()) == 0
def test_session_deletion(app): """Test that a user/client is no longer authenticated when its session is deleted via `delete_session`.""" InvenioAccounts(app) app.register_blueprint(blueprint) user = testutils.create_test_user() with app.test_client() as client: testutils.login_user_via_view(client, user=user) assert testutils.client_authenticated(client) assert len(user.active_sessions) == 1 saved_sid_s = flask.session.sid_s delete_session(saved_sid_s) # The user now has no active sessions assert len(testutils.get_kvsession_keys()) == 0 assert len(user.active_sessions) == 0 query = _datastore.db.session.query(SessionActivity) assert query.count() == 0 # After deleting the session, the client is not authenticated assert not testutils.client_authenticated(client) # A new session is created in the kv-sessionstore, but its # sid_s is different and the user is not authenticated with it. assert len(testutils.get_kvsession_keys()) == 1 assert not flask.session.sid_s == saved_sid_s assert not testutils.client_authenticated(client)
def test_login_multiple_clients_single_user_session_population(app): """Test session population/creation when logging in as the same user from multiple clients.""" InvenioAccounts(app) app.register_blueprint(blueprint) user = testutils.create_test_user() client_count = 3 clients = [app.test_client() for _ in range(client_count)] sid_s_list = [] for c in clients: with c as client: testutils.login_user_via_view(client, user=user) assert testutils.client_authenticated(client) sid_s_list.append(flask.session.sid_s) response = client.get(flask_security.url_for_security('logout')) assert not testutils.client_authenticated(client) # There is now `client_count` existing sessions and SessionActivity # entries assert len(testutils.get_kvsession_keys()) == client_count query = _datastore.db.session.query(SessionActivity) assert query.count() == client_count assert len(user.active_sessions) == client_count