Exemplo n.º 1
0
    def login() -> Union[str, werkzeug.Response]:
        form = LoginForm()
        if form.validate_on_submit():
            try:
                SessionManager.log_user_in(
                    db_session=db.session,
                    supplied_passphrase=DicewarePassphrase(request.form["codename"].strip()),
                )
            except InvalidPassphraseError:
                current_app.logger.info("Login failed for invalid codename")
                flash_msg("error", None, gettext("Sorry, that is not a recognized codename."))
            else:
                # Success: a valid passphrase was supplied
                return redirect(url_for(".lookup", from_login="******"))

        return render_template("login.html", form=form)
    def test_log_user_in(self, source_app, app_storage):
        # Given a source user
        passphrase = PassphraseGenerator.get_default().generate_passphrase()
        source_user = create_source_user(
            db_session=db.session,
            source_passphrase=passphrase,
            source_app_storage=app_storage,
        )

        with source_app.test_request_context():
            # When they log in, it succeeds
            SessionManager.log_user_in(db_session=db.session, supplied_passphrase=passphrase)

            # And the SessionManager returns them as the current user
            assert SessionManager.is_user_logged_in(db_session=db.session)
            logged_in_user = SessionManager.get_logged_in_user(db_session=db.session)
            assert logged_in_user.db_record_id == source_user.db_record_id
Exemplo n.º 3
0
    def create() -> werkzeug.Response:
        if SessionManager.is_user_logged_in(db_session=db.session):
            flash_msg(
                "notification",
                None,
                gettext(
                    "You are already logged in. Please verify your codename as it "
                    "may differ from the one displayed on the previous page."
                ),
            )
        else:
            # Ensure the codenames have not expired
            date_codenames_expire = session.get("codenames_expire")
            if not date_codenames_expire or datetime.now(timezone.utc) >= date_codenames_expire:
                return clear_session_and_redirect_to_logged_out_page(flask_session=session)

            tab_id = request.form["tab_id"]
            codename = session["codenames"][tab_id]
            del session["codenames"]

            try:
                current_app.logger.info("Creating new source user...")
                create_source_user(
                    db_session=db.session,
                    source_passphrase=codename,
                    source_app_storage=Storage.get_default(),
                )
            except (SourcePassphraseCollisionError, SourceDesignationCollisionError) as e:
                current_app.logger.error("Could not create a source: {}".format(e))
                flash_msg(
                    "error",
                    None,
                    gettext(
                        "There was a temporary problem creating your account. Please try again."
                    ),
                )
                return redirect(url_for(".index"))

            # All done - source user was successfully created
            current_app.logger.info("New source user created")
            session["new_user_codename"] = codename
            SessionManager.log_user_in(
                db_session=db.session, supplied_passphrase=DicewarePassphrase(codename)
            )

        return redirect(url_for(".lookup"))
    def test_get_logged_in_user_but_user_deleted(self, source_app, app_storage):
        # Given a source user
        passphrase = PassphraseGenerator.get_default().generate_passphrase()
        source_user = create_source_user(
            db_session=db.session,
            source_passphrase=passphrase,
            source_app_storage=app_storage,
        )

        with source_app.test_request_context():
            # Who previously logged in
            SessionManager.log_user_in(db_session=db.session, supplied_passphrase=passphrase)
            # But since then their account was deleted
            source_in_db = source_user.get_db_record()
            source_in_db.deleted_at = datetime.utcnow()
            db.session.commit()

            # When querying the current user from the SessionManager, it fails with the right error
            with pytest.raises(UserHasBeenDeleted):
                SessionManager.get_logged_in_user(db_session=db.session)
    def test_log_user_out(self, source_app, app_storage):
        # Given a source user
        passphrase = PassphraseGenerator.get_default().generate_passphrase()
        create_source_user(
            db_session=db.session,
            source_passphrase=passphrase,
            source_app_storage=app_storage,
        )

        with source_app.test_request_context():
            # Who previously logged in
            SessionManager.log_user_in(db_session=db.session, supplied_passphrase=passphrase)

            # When they log out, it succeeds
            SessionManager.log_user_out()

            # And the SessionManager no longer returns a current user
            assert not SessionManager.is_user_logged_in(db_session=db.session)
            with pytest.raises(UserNotLoggedIn):
                SessionManager.get_logged_in_user(db_session=db.session)
    def test_get_logged_in_user_but_session_expired(self, source_app, app_storage):
        # Given a source user
        passphrase = PassphraseGenerator.get_default().generate_passphrase()
        create_source_user(
            db_session=db.session,
            source_passphrase=passphrase,
            source_app_storage=app_storage,
        )

        with source_app.test_request_context():
            # Who previously logged in
            SessionManager.log_user_in(db_session=db.session, supplied_passphrase=passphrase)

            # But we're now 6 hours later hence their session expired
            with mock.patch("source_app.session_manager.datetime") as mock_datetime:
                six_hours_later = datetime.now(timezone.utc) + timedelta(hours=6)
                mock_datetime.now.return_value = six_hours_later

                # When querying the current user from the SessionManager
                # it fails with the right error
                with pytest.raises(UserSessionExpired):
                    SessionManager.get_logged_in_user(db_session=db.session)