def test_repeated_login_session_population(app):
"""Verify that the number of SessionActivity entries match the number of
sessions in the kv-store, when logging in with one user."""
InvenioAccounts(app)
app.register_blueprint(blueprint)
user = testutils.create_test_user()
query = _datastore.db.session.query(SessionActivity)
assert query.count() == len(testutils.get_kvsession_keys())
with app.test_client() as client:
# After logging in, there should be one session in the kv-store and
# one SessionActivity
testutils.login_user_via_view(client, user=user)
assert testutils.client_authenticated(client)
query = _datastore.db.session.query(SessionActivity)
assert query.count() == 1
assert query.count() == len(testutils.get_kvsession_keys())
# Sessions are not deleted upon logout
client.get(flask_security.url_for_security('logout'))
assert len(testutils.get_kvsession_keys()) == 1
query = _datastore.db.session.query(SessionActivity)
assert query.count() == len(testutils.get_kvsession_keys())
# After logging out and back in, the number of sessions correspond to
# the number of SessionActivity entries.
testutils.login_user_via_view(client, user=user)
query = _datastore.db.session.query(SessionActivity)
assert query.count() == len(testutils.get_kvsession_keys())
def test_session_ttl(app):
"""Test actual/working session expiration/TTL settings."""
ttl_seconds = 1
# Set ttl to "0 days, 1 seconds"
ttl_delta = datetime.timedelta(0, ttl_seconds)
ext = InvenioAccounts(app)
app.register_blueprint(blueprint)
assert ext.sessionstore.ttl_support
# _THIS_ is what flask_kvsession uses to determine default ttl
# sets default ttl to `ttl_seconds` seconds
app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta
assert app.permanent_session_lifetime.total_seconds() == ttl_seconds
user = testutils.create_test_user()
with app.test_client() as client:
testutils.login_user_via_view(client, user=user)
assert len(testutils.get_kvsession_keys()) == 1
sid = testutils.unserialize_session(flask.session.sid_s)
testutils.let_session_expire()
assert sid.has_expired(ttl_delta)
assert not testutils.client_authenticated(client)
# Expired sessions are automagically removed from the sessionstore
# Although not _instantly_.
while len(testutils.get_kvsession_keys()) > 0:
pass
assert len(testutils.get_kvsession_keys()) == 0
def test_session_deletion(app):
"""Test that a user/client is no longer authenticated when its session is
deleted via `delete_session`."""
InvenioAccounts(app)
app.register_blueprint(blueprint)
user = testutils.create_test_user()
with app.test_client() as client:
testutils.login_user_via_view(client, user=user)
assert testutils.client_authenticated(client)
assert len(user.active_sessions) == 1
saved_sid_s = flask.session.sid_s
delete_session(saved_sid_s)
# The user now has no active sessions
assert len(testutils.get_kvsession_keys()) == 0
assert len(user.active_sessions) == 0
query = _datastore.db.session.query(SessionActivity)
assert query.count() == 0
# After deleting the session, the client is not authenticated
assert not testutils.client_authenticated(client)
# A new session is created in the kv-sessionstore, but its
# sid_s is different and the user is not authenticated with it.
assert len(testutils.get_kvsession_keys()) == 1
assert not flask.session.sid_s == saved_sid_s
assert not testutils.client_authenticated(client)
def test_repeated_login_session_population(app):
"""Verify that the number of SessionActivity entries match the number of
sessions in the kv-store, when logging in with one user."""
InvenioAccounts(app)
app.register_blueprint(blueprint)
user = testutils.create_test_user()
query = _datastore.db.session.query(SessionActivity)
assert query.count() == len(testutils.get_kvsession_keys())
with app.test_client() as client:
# After logging in, there should be one session in the kv-store and
# one SessionActivity
testutils.login_user_via_view(client, user=user)
assert testutils.client_authenticated(client)
query = _datastore.db.session.query(SessionActivity)
assert query.count() == 1
assert query.count() == len(testutils.get_kvsession_keys())
# Sessions are not deleted upon logout
client.get(flask_security.url_for_security('logout'))
assert len(testutils.get_kvsession_keys()) == 1
query = _datastore.db.session.query(SessionActivity)
assert query.count() == len(testutils.get_kvsession_keys())
# After logging out and back in, the number of sessions correspond to
# the number of SessionActivity entries.
testutils.login_user_via_view(client, user=user)
query = _datastore.db.session.query(SessionActivity)
assert query.count() == len(testutils.get_kvsession_keys())
def test_session_deletion(app):
"""Test that a user/client is no longer authenticated when its session is
deleted via `delete_session`."""
InvenioAccounts(app)
app.register_blueprint(blueprint)
user = testutils.create_test_user()
with app.test_client() as client:
testutils.login_user_via_view(client, user=user)
assert testutils.client_authenticated(client)
assert len(user.active_sessions) == 1
saved_sid_s = flask.session.sid_s
delete_session(saved_sid_s)
# The user now has no active sessions
assert len(testutils.get_kvsession_keys()) == 0
assert len(user.active_sessions) == 0
query = _datastore.db.session.query(SessionActivity)
assert query.count() == 0
# After deleting the session, the client is not authenticated
assert not testutils.client_authenticated(client)
# A new session is created in the kv-sessionstore, but its
# sid_s is different and the user is not authenticated with it.
assert len(testutils.get_kvsession_keys()) == 1
assert not flask.session.sid_s == saved_sid_s
assert not testutils.client_authenticated(client)
def test_session_ttl(app):
"""Test actual/working session expiration/TTL settings."""
ttl_seconds = 1
# Set ttl to "0 days, 1 seconds"
ttl_delta = datetime.timedelta(0, ttl_seconds)
ext = InvenioAccounts(app)
app.register_blueprint(blueprint)
assert ext.sessionstore.ttl_support
# _THIS_ is what flask_kvsession uses to determine default ttl
# sets default ttl to `ttl_seconds` seconds
app.config['PERMANENT_SESSION_LIFETIME'] = ttl_delta
assert app.permanent_session_lifetime.total_seconds() == ttl_seconds
user = testutils.create_test_user()
with app.test_client() as client:
testutils.login_user_via_view(client, user=user)
assert len(testutils.get_kvsession_keys()) == 1
sid = testutils.unserialize_session(flask.session.sid_s)
testutils.let_session_expire()
assert sid.has_expired(ttl_delta)
assert not testutils.client_authenticated(client)
# Expired sessions are automagically removed from the sessionstore
# Although not _instantly_.
while len(testutils.get_kvsession_keys()) > 0:
pass
assert len(testutils.get_kvsession_keys()) == 0
def test_login_multiple_clients_single_user_session_population(app):
"""Test session population/creation when logging in as the same user from
multiple clients."""
InvenioAccounts(app)
app.register_blueprint(blueprint)
user = testutils.create_test_user()
client_count = 3
clients = [app.test_client() for _ in range(client_count)]
sid_s_list = []
for c in clients:
with c as client:
testutils.login_user_via_view(client, user=user)
assert testutils.client_authenticated(client)
sid_s_list.append(flask.session.sid_s)
response = client.get(flask_security.url_for_security('logout'))
assert not testutils.client_authenticated(client)
# There is now `client_count` existing sessions and SessionActivity
# entries
assert len(testutils.get_kvsession_keys()) == client_count
query = _datastore.db.session.query(SessionActivity)
assert query.count() == client_count
assert len(user.active_sessions) == client_count
def test_login_multiple_clients_single_user_session_population(app):
"""Test session population/creation when logging in as the same user from
multiple clients."""
InvenioAccounts(app)
app.register_blueprint(blueprint)
user = testutils.create_test_user()
client_count = 3
clients = [app.test_client() for _ in range(client_count)]
sid_s_list = []
for c in clients:
with c as client:
testutils.login_user_via_view(client, user=user)
assert testutils.client_authenticated(client)
sid_s_list.append(flask.session.sid_s)
response = client.get(flask_security.url_for_security('logout'))
assert not testutils.client_authenticated(client)
# There is now `client_count` existing sessions and SessionActivity
# entries
assert len(testutils.get_kvsession_keys()) == client_count
query = _datastore.db.session.query(SessionActivity)
assert query.count() == client_count
assert len(user.active_sessions) == client_count
