def test_single_session_per_whistleblower(self):
"""
Asserts that the first_id is dropped from GLSessions and requests
using that session id are rejected
"""
yield self.perform_full_submission_actions()
handler = self.request({'receipt': self.dummySubmission['receipt']})
handler.client_using_tor = True
response = yield handler.post()
first_id = response['session_id']
wbtip_handler = self.request(headers={'x-session': first_id},
handler_cls=WBTipInstance)
yield wbtip_handler.get()
response = yield handler.post()
second_id = response['session_id']
try:
wbtip_handler.get()
self.fail('wbtip_handler.get must throw')
except errors.NotAuthenticated:
pass
self.assertTrue(GLSessions.get(first_id) is None)
valid_session = GLSessions.get(second_id)
self.assertTrue(valid_session is not None)
self.assertEqual(valid_session.user_role, 'whistleblower')
wbtip_handler = self.request(headers={'x-session': second_id},
handler_cls=WBTipInstance)
yield wbtip_handler.get()
def test_single_session_per_user(self):
handler = self.request({
'username': '******',
'password': helpers.VALID_PASSWORD1
})
r1 = yield handler.post()
r2 = yield handler.post()
self.assertTrue(GLSessions.get(r1['session_id']) is None)
self.assertTrue(GLSessions.get(r2['session_id']) is not None)
def test_successful_session_update_on_auth_request(self):
session = GLSession('admin', 'admin', 'enabled')
date1 = session.getTime()
self.test_reactor.pump([1] * FUTURE)
handler = self.request({}, headers={'X-Session': session.id})
yield handler.get_authenticated()
date2 = GLSessions.get(session.id).getTime()
self.assertEqual(date1 + FUTURE, date2)
def test_successful_session_update_on_auth_request(self):
session = GLSession('admin', 'admin', 'enabled')
date1 = session.getTime()
self.test_reactor.pump([1] * FUTURE)
handler = self.request({}, headers={'X-Session': session.id})
yield handler.get_authenticated()
date2 = GLSessions.get(session.id).getTime()
self.assertEqual(date1 + FUTURE, date2)
