def login() -> Union[str, werkzeug.Response]:
form = LoginForm()
if form.validate_on_submit():
try:
SessionManager.log_user_in(
db_session=db.session,
supplied_passphrase=DicewarePassphrase(request.form["codename"].strip()),
)
except InvalidPassphraseError:
current_app.logger.info("Login failed for invalid codename")
flash_msg("error", None, gettext("Sorry, that is not a recognized codename."))
else:
# Success: a valid passphrase was supplied
return redirect(url_for(".lookup", from_login="******"))
return render_template("login.html", form=form)
def test_log_user_in(self, source_app, app_storage):
# Given a source user
passphrase = PassphraseGenerator.get_default().generate_passphrase()
source_user = create_source_user(
db_session=db.session,
source_passphrase=passphrase,
source_app_storage=app_storage,
)
with source_app.test_request_context():
# When they log in, it succeeds
SessionManager.log_user_in(db_session=db.session, supplied_passphrase=passphrase)
# And the SessionManager returns them as the current user
assert SessionManager.is_user_logged_in(db_session=db.session)
logged_in_user = SessionManager.get_logged_in_user(db_session=db.session)
assert logged_in_user.db_record_id == source_user.db_record_id
def create() -> werkzeug.Response:
if SessionManager.is_user_logged_in(db_session=db.session):
flash_msg(
"notification",
None,
gettext(
"You are already logged in. Please verify your codename as it "
"may differ from the one displayed on the previous page."
),
)
else:
# Ensure the codenames have not expired
date_codenames_expire = session.get("codenames_expire")
if not date_codenames_expire or datetime.now(timezone.utc) >= date_codenames_expire:
return clear_session_and_redirect_to_logged_out_page(flask_session=session)
tab_id = request.form["tab_id"]
codename = session["codenames"][tab_id]
del session["codenames"]
try:
current_app.logger.info("Creating new source user...")
create_source_user(
db_session=db.session,
source_passphrase=codename,
source_app_storage=Storage.get_default(),
)
except (SourcePassphraseCollisionError, SourceDesignationCollisionError) as e:
current_app.logger.error("Could not create a source: {}".format(e))
flash_msg(
"error",
None,
gettext(
"There was a temporary problem creating your account. Please try again."
),
)
return redirect(url_for(".index"))
# All done - source user was successfully created
current_app.logger.info("New source user created")
session["new_user_codename"] = codename
SessionManager.log_user_in(
db_session=db.session, supplied_passphrase=DicewarePassphrase(codename)
)
return redirect(url_for(".lookup"))
def test_get_logged_in_user_but_user_deleted(self, source_app, app_storage):
# Given a source user
passphrase = PassphraseGenerator.get_default().generate_passphrase()
source_user = create_source_user(
db_session=db.session,
source_passphrase=passphrase,
source_app_storage=app_storage,
)
with source_app.test_request_context():
# Who previously logged in
SessionManager.log_user_in(db_session=db.session, supplied_passphrase=passphrase)
# But since then their account was deleted
source_in_db = source_user.get_db_record()
source_in_db.deleted_at = datetime.utcnow()
db.session.commit()
# When querying the current user from the SessionManager, it fails with the right error
with pytest.raises(UserHasBeenDeleted):
SessionManager.get_logged_in_user(db_session=db.session)
def test_log_user_out(self, source_app, app_storage):
# Given a source user
passphrase = PassphraseGenerator.get_default().generate_passphrase()
create_source_user(
db_session=db.session,
source_passphrase=passphrase,
source_app_storage=app_storage,
)
with source_app.test_request_context():
# Who previously logged in
SessionManager.log_user_in(db_session=db.session, supplied_passphrase=passphrase)
# When they log out, it succeeds
SessionManager.log_user_out()
# And the SessionManager no longer returns a current user
assert not SessionManager.is_user_logged_in(db_session=db.session)
with pytest.raises(UserNotLoggedIn):
SessionManager.get_logged_in_user(db_session=db.session)
def test_get_logged_in_user_but_session_expired(self, source_app, app_storage):
# Given a source user
passphrase = PassphraseGenerator.get_default().generate_passphrase()
create_source_user(
db_session=db.session,
source_passphrase=passphrase,
source_app_storage=app_storage,
)
with source_app.test_request_context():
# Who previously logged in
SessionManager.log_user_in(db_session=db.session, supplied_passphrase=passphrase)
# But we're now 6 hours later hence their session expired
with mock.patch("source_app.session_manager.datetime") as mock_datetime:
six_hours_later = datetime.now(timezone.utc) + timedelta(hours=6)
mock_datetime.now.return_value = six_hours_later
# When querying the current user from the SessionManager
# it fails with the right error
with pytest.raises(UserSessionExpired):
SessionManager.get_logged_in_user(db_session=db.session)