Exemplo n.º 1
0
    def test_generate_session(self):
        """The generate_session procedure makes a new session cookie
        to be returned to the client
        If there is already a session active for this user, return the
        same session key in the cookie"""

        # run tests for all test users
        for email, password, first, last in self.users:
            cookie = interface.generate_session(self.db, email)

            self.assertNotEqual(cookie, None,
                                "No cookie returned from generate_session")

            # look for the cookie
            self.assertTrue(
                cookie.has_key(interface.COOKIE_NAME),
                "Cookie from generate_session has no entry for defined cookie name"
            )

            # get the value and verify that it is in the sessions table
            sessionid = cookie[interface.COOKIE_NAME].value

            cursor = self.db.cursor()
            cursor.execute('select useremail from sessions where sessionid=?',
                           (sessionid, ))

            stored_useremail = cursor.fetchone()[0]
            self.assertEqual(email, stored_useremail)

            # now try to make a new session for one of the users

            cookie2 = interface.generate_session(self.db, email)
            # look for the cookie
            self.assertTrue(
                cookie2.has_key(interface.COOKIE_NAME),
                "Cookie from generate_session has no entry for defined cookie name"
            )

            # sessionid should be the same as before

            self.assertEqual(cookie2[interface.COOKIE_NAME].value, sessionid)

        # try to generate a session for an invalid user

        cookie = interface.generate_session(self.db, "*****@*****.**")
        self.assertEqual(
            cookie, None,
            "Invalid user should return None from generate_session")
Exemplo n.º 2
0
    def test_delete_session(self):
        """The delete_session procedure should remove all sessions for
        a given user in the sessions table.
        Test relies on working generate_session"""

        # run tests for all test users
        for email, password, first, last in self.users:
            cookie = interface.generate_session(self.db, email)

            self.assertNotEqual(
                cookie, None,
                "generate_session failing, can't run delete_session tests")

            # get the value and verify that it is in the sessions table
            sessionid = cookie[interface.COOKIE_NAME].value

            # now remove the session
            interface.delete_session(self.db, email)

            # now check that the session is not present

            cursor = self.db.cursor()
            cursor.execute('select sessionid from sessions where useremail=?',
                           (email, ))

            rows = cursor.fetchall()
            self.assertEqual(
                rows, [],
                "Expected no results for sessions query from deleted session, got %s"
                % (rows, ))
    def test_generate_session(self):
        """The generate_session procedure makes a new session cookie
        to be returned to the client
        If there is already a session active for this user, return the
        same session key in the cookie"""

        # run tests for all test users
        for email, password, first, last in self.users:
            cookie = interface.generate_session(self.db, email)

            self.assertNotEqual(cookie, None, "No cookie returned from generate_session")

            # look for the cookie
            self.assertTrue(
                cookie.has_key(interface.COOKIE_NAME),
                "Cookie from generate_session has no entry for defined cookie name",
            )

            # get the value and verify that it is in the sessions table
            sessionid = cookie[interface.COOKIE_NAME].value

            cursor = self.db.cursor()
            cursor.execute("select useremail from sessions where sessionid=?", (sessionid,))

            stored_useremail = cursor.fetchone()[0]
            self.assertEqual(email, stored_useremail)

            # now try to make a new session for one of the users

            cookie2 = interface.generate_session(self.db, email)
            # look for the cookie
            self.assertTrue(
                cookie2.has_key(interface.COOKIE_NAME),
                "Cookie from generate_session has no entry for defined cookie name",
            )

            # sessionid should be the same as before

            self.assertEqual(cookie2[interface.COOKIE_NAME].value, sessionid)

        # try to generate a session for an invalid user

        cookie = interface.generate_session(self.db, "*****@*****.**")
        self.assertEqual(cookie, None, "Invalid user should return None from generate_session")
Exemplo n.º 4
0
    def test_user_from_cookie(self):
        """The user_from_cookie procedure finds the name of the logged in
        user from the session cookie if present

        Test relies on working generate_cookie
        """
        import Cookie
        # first test with no cookie
        environ = dict()
        email_from_cookie = interface.user_from_cookie(self.db, environ)
        self.assertEquals(
            email_from_cookie, None,
            "Expected None in case with no cookie, got %s" %
            str(email_from_cookie))

        cookie = Cookie.SimpleCookie()
        cookie[interface.COOKIE_NAME] = 'fake sessionid'
        environ = {'HTTP_COOKIE': cookie[interface.COOKIE_NAME].OutputString()}

        email_from_cookie = interface.user_from_cookie(self.db, environ)

        self.assertEquals(
            email_from_cookie, None,
            "Expected None in case with invalid session id, got %s" %
            str(email_from_cookie))

        # run tests for all test users
        for email, password, first, last in self.users:

            cookie = interface.generate_session(self.db, email)

            self.assertNotEqual(
                cookie, None,
                "generate_session failing, can't run user_from_cookie tests")

            environ = {
                'HTTP_COOKIE': cookie[interface.COOKIE_NAME].OutputString()
            }

            email_from_cookie = interface.user_from_cookie(self.db, environ)

            self.assertEqual(email_from_cookie, email)
    def test_user_from_cookie(self):
        """The user_from_cookie procedure finds the name of the logged in
        user from the session cookie if present

        Test relies on working generate_cookie
        """
        import Cookie

        # first test with no cookie
        environ = dict()
        email_from_cookie = interface.user_from_cookie(self.db, environ)
        self.assertEquals(
            email_from_cookie, None, "Expected None in case with no cookie, got %s" % str(email_from_cookie)
        )

        cookie = Cookie.SimpleCookie()
        cookie[interface.COOKIE_NAME] = "fake sessionid"
        environ = {"HTTP_COOKIE": cookie[interface.COOKIE_NAME].OutputString()}

        email_from_cookie = interface.user_from_cookie(self.db, environ)

        self.assertEquals(
            email_from_cookie, None, "Expected None in case with invalid session id, got %s" % str(email_from_cookie)
        )

        # run tests for all test users
        for email, password, first, last in self.users:

            cookie = interface.generate_session(self.db, email)

            self.assertNotEqual(cookie, None, "generate_session failing, can't run user_from_cookie tests")

            environ = {"HTTP_COOKIE": cookie[interface.COOKIE_NAME].OutputString()}

            email_from_cookie = interface.user_from_cookie(self.db, environ)

            self.assertEqual(email_from_cookie, email)
    def test_delete_session(self):
        """The delete_session procedure should remove all sessions for
        a given user in the sessions table.
        Test relies on working generate_session"""

        # run tests for all test users
        for email, password, first, last in self.users:
            cookie = interface.generate_session(self.db, email)

            self.assertNotEqual(cookie, None, "generate_session failing, can't run delete_session tests")

            # get the value and verify that it is in the sessions table
            sessionid = cookie[interface.COOKIE_NAME].value

            # now remove the session
            interface.delete_session(self.db, email)

            # now check that the session is not present

            cursor = self.db.cursor()
            cursor.execute("select sessionid from sessions where useremail=?", (email,))

            rows = cursor.fetchall()
            self.assertEqual(rows, [], "Expected no results for sessions query from deleted session, got %s" % (rows,))
Exemplo n.º 7
0
def application(environ, start_response):
    """Demo WSGI application"""   
    formdata = cgi.FieldStorage(environ=environ, fp=environ['wsgi.input'])
    if formdata.has_key('username') and formdata.has_key('password'):
        username = formdata.getvalue('username')
        password = formdata.getvalue('password')
        if interface.check_login(db, username, password) == True:
            cookie = interface.generate_session(db, username)
            # Correct username or password, return a page saying so.
            return login_success(cookie, environ, start_response)
        else:
            # Invalid username or password, return a page with an error box saying so.
            return invalid(environ, start_response)
    elif formdata.has_key('username') or formdata.has_key('password'):
        # Invalid username or password, return a page with an error box saying so.
        return invalid(environ, start_response)
    
    session = str(interface.user_from_cookie(db, environ)) 
    if formdata.has_key('website') and formdata.has_key('addcomment'):
        if formdata.getvalue('website') == 'http://':
            # Shouldn't post a comment about http://!
            return comment_unsuccessful(environ, start_response)
        elif session != 'None':
            topic = formdata.getvalue('website')
            comment = formdata.getvalue('addcomment')
            interface.add_comment(db, session, topic, comment)
            #Comment successfully added. Return a page saying so, with a redirect link to main page.
            return comment_successful(environ, start_response)
        else:
            # Unlogged users should receive a 404 Not Found error
            return no_permission(environ, start_response)
    elif formdata.has_key('website') or formdata.has_key('addcomment'):
        if session != 'None':
            #Invalid form returned. Return a page showing an error box and how to fix it.
            return comment_unsuccessful(environ, start_response)
        else:
            # Unlogged users should receive a 404 Not Found error.
            return no_permission(environ, start_response)  
          
    if environ['PATH_INFO'] == '/':
        return main_page(environ, start_response)
    elif environ['PATH_INFO'] == '/login':
        return login_page(environ, start_response)
    elif environ['PATH_INFO'] == '/my':
        if session != 'None':
            return my_comments(environ, start_response)
        else:
            return show_404_app(environ, start_response)
    elif environ['PATH_INFO'] == '/conversation':
        return conversation_page(environ, start_response)
    elif environ['PATH_INFO'] == '/comment':
        if session != 'None':
            return add_comment(environ, start_response)
        else:
            #Unlogged users should be told they do not have permission to access this page.
            return no_permission(environ, start_response)
    elif environ['PATH_INFO'] == '/logout':
        if session != 'None':
            interface.delete_session(db, session)
            return logout(environ, start_response)
        else:
            # Unlogged users should receive a 404 Not Found error.
            return show_404_app(environ, start_response)
    else:
        # Path invalid, return 404 Not Found
        return show_404_app(environ, start_response)
Exemplo n.º 8
0
def application(environ, start_response):
    """Demo WSGI application"""
    formdata = cgi.FieldStorage(environ=environ, fp=environ['wsgi.input'])
    if formdata.has_key('username') and formdata.has_key('password'):
        username = formdata.getvalue('username')
        password = formdata.getvalue('password')
        if interface.check_login(db, username, password) == True:
            cookie = interface.generate_session(db, username)
            # Correct username or password, return a page saying so.
            return login_success(cookie, environ, start_response)
        else:
            # Invalid username or password, return a page with an error box saying so.
            return invalid(environ, start_response)
    elif formdata.has_key('username') or formdata.has_key('password'):
        # Invalid username or password, return a page with an error box saying so.
        return invalid(environ, start_response)

    session = str(interface.user_from_cookie(db, environ))
    if formdata.has_key('website') and formdata.has_key('addcomment'):
        if formdata.getvalue('website') == 'http://':
            # Shouldn't post a comment about http://!
            return comment_unsuccessful(environ, start_response)
        elif session != 'None':
            topic = formdata.getvalue('website')
            comment = formdata.getvalue('addcomment')
            interface.add_comment(db, session, topic, comment)
            #Comment successfully added. Return a page saying so, with a redirect link to main page.
            return comment_successful(environ, start_response)
        else:
            # Unlogged users should receive a 404 Not Found error
            return no_permission(environ, start_response)
    elif formdata.has_key('website') or formdata.has_key('addcomment'):
        if session != 'None':
            #Invalid form returned. Return a page showing an error box and how to fix it.
            return comment_unsuccessful(environ, start_response)
        else:
            # Unlogged users should receive a 404 Not Found error.
            return no_permission(environ, start_response)

    if environ['PATH_INFO'] == '/':
        return main_page(environ, start_response)
    elif environ['PATH_INFO'] == '/login':
        return login_page(environ, start_response)
    elif environ['PATH_INFO'] == '/my':
        if session != 'None':
            return my_comments(environ, start_response)
        else:
            return show_404_app(environ, start_response)
    elif environ['PATH_INFO'] == '/conversation':
        return conversation_page(environ, start_response)
    elif environ['PATH_INFO'] == '/comment':
        if session != 'None':
            return add_comment(environ, start_response)
        else:
            #Unlogged users should be told they do not have permission to access this page.
            return no_permission(environ, start_response)
    elif environ['PATH_INFO'] == '/logout':
        if session != 'None':
            interface.delete_session(db, session)
            return logout(environ, start_response)
        else:
            # Unlogged users should receive a 404 Not Found error.
            return show_404_app(environ, start_response)
    else:
        # Path invalid, return 404 Not Found
        return show_404_app(environ, start_response)