class SessionTestCase(unittest.TestCase):
"""Unit tests for the persistent session support."""
request_handlers = []
@classmethod
def setUpClass(cls):
class DefaultHandlerStub(Component):
implements(IRequestHandler)
def match_request(self, req):
pass
def process_request(req):
pass
cls.request_handlers = [DefaultHandlerStub]
@classmethod
def tearDownClass(cls):
for component in cls.request_handlers:
ComponentMeta.deregister(component)
def setUp(self):
self.env = EnvironmentStub()
def tearDown(self):
self.env.reset_db()
def test_new_session(self):
"""
Verify that a session cookie gets sent back to the client for a new
session.
"""
req = MockRequest(self.env, authname='anonymous')
session = Session(self.env, req)
self.assertEqual(session.sid, req.outcookie['trac_session'].value)
self.assertEqual(
0,
self.env.db_query("SELECT COUNT(*) FROM session")[0][0])
def test_anonymous_session(self):
"""
Verify that session variables are stored in the database.
"""
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual('123456', session.sid)
self.assertNotIn('trac_session', req.outcookie)
def _test_authenticated_session(self, username):
"""
Verifies that a session cookie does not get used if the user is logged
in, and that Trac expires the cookie.
"""
req = MockRequest(self.env, authname=username)
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual(username, session.sid)
session['foo'] = 'bar'
session.save()
self.assertEqual(0, req.outcookie['trac_session']['expires'])
def test_authenticated_session(self):
self._test_authenticated_session('john')
self._test_authenticated_session('j.smith')
self._test_authenticated_session(u'Jöhn') # non-ascii username
self._test_authenticated_session('*****@*****.**') # LDAP username
def _test_session_promotion(self, username):
"""
Verifies that an existing anonymous session gets promoted to an
authenticated session when the user logs in.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
req = MockRequest(self.env, authname=username)
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual(username, session.sid)
session.save()
self.assertEqual([(username, 1)],
self.env.db_query(
"""SELECT sid, authenticated FROM session
WHERE sid=%s""", (username, )))
def test_session_promotion(self):
self._test_session_promotion('john')
self._test_session_promotion('j.smith')
self._test_session_promotion(u'Jöhn') # non-ascii username
self._test_session_promotion('*****@*****.**') # LDAP username
sessions = self.env.db_query("SELECT sid, authenticated FROM session")
self.assertEqual(
{('john', 1), ('j.smith', 1), (u'Jöhn', 1),
('*****@*****.**', 1)}, set(sessions))
def _test_new_session_promotion(self, username):
"""
Verifies that even without a preexisting anonymous session,
an authenticated session will be created when the user logs in.
(same test as above without the initial INSERT)
"""
with self.env.db_transaction:
req = MockRequest(self.env, authname=username)
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual(username, session.sid)
session.save()
self.assertEqual([(username, 1)],
self.env.db_query(
"""SELECT sid, authenticated FROM session
WHERE sid=%s""", (username, )))
def test_new_session_promotion(self):
self._test_new_session_promotion('john')
self._test_new_session_promotion('j.smith')
self._test_new_session_promotion(u'Jöhn') # non-ascii username
self._test_new_session_promotion('*****@*****.**') # LDAP username
sessions = self.env.db_query("SELECT sid, authenticated FROM session")
self.assertEqual(
{('john', 1), ('j.smith', 1), (u'Jöhn', 1),
('*****@*****.**', 1)}, set(sessions))
def test_as_int(self):
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 1, 0)")
db.executemany(
"""
INSERT INTO session_attribute VALUES (%s,%s,%s,%s)
""", (('123456', 1, 'foo', 'bar'), ('123456', 1, 'baz', 3)))
req = MockRequest(self.env, authname='123456')
session = Session(self.env, req)
self.assertEqual('bar', session.get('foo'))
self.assertEqual(2, session.as_int('foo', 2))
self.assertEqual(3, session.as_int('baz', 1))
self.assertEqual(2, session.as_int('baz', 1, max=2))
self.assertEqual(4, session.as_int('baz', 1, min=4))
self.assertIsNone(session.as_int('bat'))
def test_as_bool(self):
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 1, 0)")
db.executemany(
"""
INSERT INTO session_attribute VALUES (%s,%s,%s,%s)
""", (('123456', 1, 'foo', 'bar'), ('123456', 1, 'baz', 1)))
req = MockRequest(self.env, authname='123456')
session = Session(self.env, req)
self.assertEqual('bar', session.get('foo'))
self.assertIsNone(session.as_bool('foo', None))
self.assertTrue(session.as_int('baz'))
self.assertTrue(session.as_int('baz', False))
self.assertIsNone(session.as_bool('bat'))
def test_add_anonymous_session_var(self):
"""
Verify that new variables are inserted into the 'session' table in the
database for an anonymous session.
"""
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
self.assertEqual(
'bar',
self.env.db_query(
"SELECT value FROM session_attribute WHERE sid='123456'")[0]
[0])
def test_modify_anonymous_session_var(self):
"""
Verify that modifying an existing variable updates the 'session' table
accordingly for an anonymous session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
db("""
INSERT INTO session_attribute VALUES
('123456', 0, 'foo', 'bar')
""")
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual(
'baz',
self.env.db_query(
"SELECT value FROM session_attribute WHERE sid='123456'")[0]
[0])
def test_delete_anonymous_session_var(self):
"""
Verify that modifying a variable updates the 'session' table accordingly
for an anonymous session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
db("""
INSERT INTO session_attribute VALUES
('123456', 0, 'foo', 'bar')
""")
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='123456' AND name='foo'
""")[0][0])
def _purge_anonymous_session(self):
now = int(time_now())
lifetime = 90 * 86400 # default lifetime
with self.env.db_transaction as db:
db.executemany("INSERT INTO session VALUES (%s, 0, %s)",
[('123456', 0), ('987654', now - lifetime - 3600),
('876543', now - lifetime + 3600),
('765432', now - 3600)])
db.executemany(
"""
INSERT INTO session_attribute
VALUES (%s, 0, 'foo', 'bar')
""", [('987654', ), ('876543', ), ('765432', )])
with self.env.db_transaction as db:
# We need to modify a different session to trigger the purging
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
return [
row[0] for row in self.env.db_query("""
SELECT sid FROM session WHERE authenticated=0 ORDER BY sid
""")
]
def test_purge_anonymous_session(self):
"""
Verify that old sessions get purged.
"""
sids = self._purge_anonymous_session()
self.assertEqual(['123456', '765432', '876543'], sids)
def test_purge_anonymous_session_with_short_lifetime(self):
self.env.config.set('trac', 'anonymous_session_lifetime', '1')
sids = self._purge_anonymous_session()
self.assertEqual(['123456', '765432'], sids)
def test_purge_anonymous_session_disabled(self):
self.env.config.set('trac', 'anonymous_session_lifetime', '0')
sids = self._purge_anonymous_session()
self.assertEqual(['123456', '765432', '876543', '987654'], sids)
def test_delete_empty_session(self):
"""
Verify that a session gets deleted when it doesn't have any data except
for the 'last_visit' timestamp.
"""
now = time_now()
# Make sure the session has data so that it doesn't get dropped
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, %s)",
(int(now - UPDATE_INTERVAL - 3600), ))
db("""
INSERT INTO session_attribute
VALUES ('123456', 0, 'foo', 'bar')
""")
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
del session['foo']
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session WHERE sid='123456' AND authenticated=0
""")[0][0])
def test_change_anonymous_session(self):
"""
Verify that changing from one anonymous session to an inexisting
anonymous session creates the new session and doesn't carry over
variables from the previous session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
db("""
INSERT INTO session_attribute
VALUES ('123456', 0, 'foo', 'bar')
""")
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
self.assertEqual({'foo': 'bar'}, session)
session.get_session('7890')
session['baz'] = 'moo'
session.save()
self.assertEqual({'baz': 'moo'}, session)
with self.env.db_query as db:
self.assertEqual(
1,
db("""
SELECT COUNT(*) FROM session
WHERE sid='7890' AND authenticated=0
""")[0][0])
self.assertEqual([('baz', 'moo')],
db("""
SELECT name, value FROM session_attribute
WHERE sid='7890' AND authenticated=0
"""))
def test_add_authenticated_session_var(self):
"""
Verify that new variables are inserted into the 'session' table in the
database for an authenticated session.
"""
req = MockRequest(self.env, authname='john')
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
self.assertEqual(
'bar',
self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_modify_authenticated_session_var(self):
"""
Verify that modifying an existing variable updates the 'session' table
accordingly for an authenticated session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john',1,'foo','bar')")
req = MockRequest(self.env, authname='john')
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual(
'baz',
self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_authenticated_session_independence_var(self):
"""
Verify that an anonymous session with the same name as an authenticated
session doesn't interfere with the latter.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john',1,'foo','bar')")
self.assertEqual(
'bar',
self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND authenticated=1 AND name='foo'
""")[0][0])
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = 'john'
session = Session(self.env, req)
self.assertNotIn('foo', session)
session['foo'] = 'baz'
session.save()
rows = self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND authenticated=1 AND name='foo'
""")
self.assertEqual(1, len(rows))
self.assertEqual('bar', rows[0][0])
rows = self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND authenticated=0 AND name='foo'
""")
self.assertEqual(1, len(rows))
self.assertEqual('baz', rows[0][0])
def test_delete_authenticated_session_var(self):
"""
Verify that deleting a variable updates the 'session' table accordingly
for an authenticated session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')"
)
req = MockRequest(self.env, authname='john')
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
def test_update_session(self):
"""
Verify that accessing a session after one day updates the sessions
'last_visit' variable so that the session doesn't get purged.
"""
now = time_now()
# Make sure the session has data so that it doesn't get dropped
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 1)")
db("""
INSERT INTO session_attribute
VALUES ('123456', 0, 'foo', 'bar')
""")
req = MockRequest(self.env, authname='anonymous')
req.incookie['trac_session'] = '123456'
session = Session(self.env, req)
session['modified'] = True
session.save() # updating does require modifications
self.assertEqual(PURGE_AGE,
req.outcookie['trac_session']['expires'])
self.assertAlmostEqual(
now,
int(
self.env.db_query("""
SELECT last_visit FROM session
WHERE sid='123456' AND authenticated=0
""")[0][0]), -1)
def test_modify_detached_session(self):
"""
Verify that modifying a variable in a session not associated with a
request updates the database accordingly.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')"
)
session = DetachedSession(self.env, 'john')
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual(
'baz',
self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_delete_detached_session_var(self):
"""
Verify that removing a variable in a session not associated with a
request deletes the variable from the database.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')"
)
session = DetachedSession(self.env, 'john')
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
def test_session_set(self):
"""Verify that setting a variable in a session to the default value
removes it from the session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')"
)
session = DetachedSession(self.env, 'john')
self.assertEqual('bar', session['foo'])
# Setting the variable to the default value removes the variable
with self.env.db_transaction as db:
session.set('foo', 'default', 'default')
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
# Setting the variable to a value different from the default sets it
with self.env.db_transaction as db:
session.set('foo', 'something', 'default')
session.save()
self.assertEqual(
'something',
self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
def test_create_new_session(self):
"""Setting attribute on a new session invalidates known_users cache."""
sid = 'user'
session = DetachedSession(self.env, sid)
session.authenticated = True
self.assertEqual([], list(self.env.get_known_users()))
session.save()
known_users = list(self.env.get_known_users())
self.assertEqual(1, len(known_users))
self.assertEqual(sid, known_users[0][0])
self.assertIsNone(known_users[0][1])
self.assertIsNone(known_users[0][2])
def test_create_new_anonymous_session(self):
"""Setting attribute on a new anonymous session doesn't invalidate
known_users cache."""
sid = 'anonymous'
session = DetachedSession(self.env, sid)
session.authenticated = False
self.assertEqual([], list(self.env.get_known_users()))
# insert a session record without invalidating cache
self.env.insert_users([('user', 'Name' '*****@*****.**', 1)])
session.save()
self.assertEqual([], list(self.env.get_known_users()))
self.env.invalidate_known_users_cache()
self.assertEqual(1, len(list(self.env.get_known_users())))
def test_session_set_email(self):
"""Setting session email invalidates known_users cache."""
sid = 'user'
email = '*****@*****.**'
session = DetachedSession(self.env, sid)
session['email'] = email
self.assertEqual([], list(self.env.get_known_users()))
session.save()
known_users = list(self.env.get_known_users())
self.assertEqual(1, len(known_users))
self.assertEqual(sid, known_users[0][0])
self.assertIsNone(known_users[0][1])
self.assertEqual(email, known_users[0][2])
def test_session_set_name(self):
"""Setting session name invalidates known_users cache."""
sid = 'user'
name = 'The User'
session = DetachedSession(self.env, sid)
session['name'] = name
self.assertEqual([], list(self.env.get_known_users()))
session.save()
known_users = list(self.env.get_known_users())
self.assertEqual(1, len(known_users))
self.assertEqual(sid, known_users[0][0])
self.assertEqual(name, known_users[0][1])
self.assertIsNone(known_users[0][2])
def test_session_admin_list(self):
auth_list, anon_list, all_list = _prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
# Verify the empty case
self.assertRaises(StopIteration, next, sess_admin._get_list([]))
self.assertEqual([i for i in sess_admin._get_list(['authenticated'])],
auth_list)
self.assertEqual([i for i in sess_admin._get_list(['anonymous'])],
anon_list)
self.assertEqual([i for i in sess_admin._get_list(['*'])], all_list)
self.assertEqual([i for i in sess_admin._get_list(['name00'])][0],
auth_list[0])
self.assertEqual([i for i in sess_admin._get_list(['name10:0'])][0],
anon_list[0])
self.assertEqual(
[i for i in sess_admin._get_list(['name00', 'name01', 'name02'])],
all_list[:3])
def test_session_admin_add(self):
_prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
self.assertRaises(Exception, sess_admin._do_add, 'name00')
sess_admin._do_add('john')
self.assertEqual({}, get_session_attrs(self.env, 'john'))
self.assertIn(('john', None, None), list(self.env.get_known_users()))
sess_admin._do_add('john1', 'John1')
self.assertEqual({'name': 'John1'},
get_session_attrs(self.env, 'john1'))
self.assertIn(('john1', 'John1', None),
list(self.env.get_known_users()))
sess_admin._do_add('john2', 'John2', '*****@*****.**')
self.assertEqual({
'name': 'John2',
'email': '*****@*****.**'
}, get_session_attrs(self.env, 'john2'))
self.assertIn(('john2', 'John2', '*****@*****.**'),
list(self.env.get_known_users()))
sess_admin._do_add('alice1', None, '*****@*****.**')
self.assertEqual({'email': '*****@*****.**'},
get_session_attrs(self.env, 'alice1'))
sess_admin._do_add('alice2', '', '*****@*****.**')
self.assertEqual({'email': '*****@*****.**'},
get_session_attrs(self.env, 'alice2'))
sess_admin._do_add('bob1', 'Bob 1', None)
self.assertEqual({'name': 'Bob 1'},
get_session_attrs(self.env, 'bob1'))
sess_admin._do_add('bob2', 'Bob 2', '')
self.assertEqual({'name': 'Bob 2'},
get_session_attrs(self.env, 'bob2'))
sess_admin._do_add('charlie1', '', '')
self.assertEqual({}, get_session_attrs(self.env, 'charlie1'))
sess_admin._do_add('charlie2', None, None)
self.assertEqual({}, get_session_attrs(self.env, 'charlie2'))
def test_session_admin_set(self):
_prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
self.assertRaises(TracError, sess_admin._do_set, 'name', 'nothere',
'foo')
self.env.get_known_users() # Prep the cache
self.assertIn(('name00', 'val00', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_set('name', 'name00', 'john')
self.assertEqual({
'name': 'john',
'email': 'val00'
}, get_session_attrs(self.env, 'name00'))
self.assertIn(('name00', 'john', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_set('email', 'name00', '*****@*****.**')
self.assertEqual({
'name': 'john',
'email': '*****@*****.**'
}, get_session_attrs(self.env, 'name00'))
self.assertIn(('name00', 'john', '*****@*****.**'),
list(self.env.get_known_users()))
sess_admin._do_set('default_handler', 'name00', 'DefaultHandlerStub')
self.assertEqual(
{
'name': 'john',
'email': '*****@*****.**',
'default_handler': 'DefaultHandlerStub'
}, get_session_attrs(self.env, 'name00'))
sess_admin._do_set('name', 'name00', '')
self.assertEqual(
{
'email': '*****@*****.**',
'default_handler': 'DefaultHandlerStub'
}, get_session_attrs(self.env, 'name00'))
sess_admin._do_set('email', 'name00', '')
self.assertEqual({'default_handler': 'DefaultHandlerStub'},
get_session_attrs(self.env, 'name00'))
sess_admin._do_set('default_handler', 'name00', '')
self.assertEqual({}, get_session_attrs(self.env, 'name00'))
def test_session_admin_delete(self):
_prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
self.assertIn(('name00', 'val00', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_delete('name00')
self.assertIsNone(get_session_attrs(self.env, 'name00'))
self.assertNotIn(('name00', 'val00', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_delete('nothere')
self.assertIsNone(get_session_attrs(self.env, 'nothere'))
auth_list, anon_list, all_list = _prep_session_table(self.env)
sess_admin._do_delete('anonymous')
result = [i for i in sess_admin._get_list(['*'])]
self.assertEqual(result, auth_list)
def test_session_admin_purge(self):
sess_admin = SessionAdmin(self.env)
auth_list, anon_list, all_list = \
_prep_session_table(self.env, spread_visits=True)
sess_admin._do_purge('2010-01-02')
result = [i for i in sess_admin._get_list(['*'])]
self.assertEqual(result, auth_list + anon_list)
self.assertEqual({
'name': 'val10',
'email': 'val10'
}, get_session_attrs(self.env, anon_list[0][0]))
self.assertEqual({
'name': 'val11',
'email': 'val11'
}, get_session_attrs(self.env, anon_list[1][0]))
auth_list, anon_list, all_list = \
_prep_session_table(self.env, spread_visits=True)
sess_admin._do_purge('2010-01-12')
result = [i for i in sess_admin._get_list(['*'])]
self.assertEqual(result, auth_list + anon_list[1:])
rows = self.env.db_query(
"""
SELECT name, value FROM session_attribute WHERE sid = %s
""", (anon_list[0][0], ))
self.assertEqual([], rows)
self.assertIsNone(get_session_attrs(self.env, anon_list[0][0]))
self.assertEqual({
'name': 'val11',
'email': 'val11'
}, get_session_attrs(self.env, anon_list[1][0]))
def test_session_get_session_with_invalid_sid(self):
req = MockRequest(self.env, authname='anonymous')
session = Session(self.env, req)
session.get_session('0123456789')
self.assertEqual('0123456789', session.sid)
session.get_session('abcxyz')
self.assertEqual('abcxyz', session.sid)
session.get_session('abc123xyz')
self.assertEqual('abc123xyz', session.sid)
self.assertRaises(TracError, session.get_session, 'abc 123 xyz')
self.assertRaises(TracError, session.get_session, 'abc-123-xyz')
self.assertRaises(TracError, session.get_session, 'abc<i>123</i>xyz')
self.assertRaises(TracError, session.get_session, u'abc123xÿz')
self.assertRaises(TracError, session.get_session,
u'abc¹₂³xyz') # Unicode digits
def test_session_change_id_with_invalid_sid(self):
req = MockRequest(self.env, authname='anonymous', base_path='/')
session = Session(self.env, req)
session.change_sid('0123456789')
self.assertEqual('0123456789', session.sid)
session.change_sid('abcxyz')
self.assertEqual('abcxyz', session.sid)
session.change_sid('abc123xyz')
self.assertEqual('abc123xyz', session.sid)
self.assertRaises(TracError, session.change_sid, 'abc 123 xyz')
self.assertRaises(TracError, session.change_sid, 'abc-123-xyz')
self.assertRaises(TracError, session.change_sid, 'abc<i>123</i>xyz')
self.assertRaises(TracError, session.change_sid, u'abc123xÿz')
self.assertRaises(TracError, session.change_sid,
u'abc¹₂³xyz') # Unicode digits
class KnownUsersTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub()
users = [('123', None, '*****@*****.**', 0), ('jane', 'Jane', None, 1),
('joe', None, '*****@*****.**', 1),
('tom', 'Tom', '*****@*****.**', 1)]
self.env.insert_users(users)
self.expected = [user[:3] for user in users if user[3] == 1]
def tearDown(self):
self.env.reset_db()
def test_get_known_users_as_list_of_tuples(self):
users = list(self.env.get_known_users())
i = 0
for i, user in enumerate(users):
self.assertEqual(self.expected[i], user)
else:
self.assertEqual(2, i)
def test_get_known_users_as_dict(self):
users = self.env.get_known_users(as_dict=True)
self.assertEqual(3, len(users))
for exp in self.expected:
self.assertEqual(exp[1:], users[exp[0]])
def test_get_known_users_is_cached(self):
self.env.get_known_users()
self.env.get_known_users(as_dict=True)
self.env.insert_users([('user4', None, None)])
users_list = list(self.env.get_known_users())
users_dict = self.env.get_known_users(as_dict=True)
i = 0
for i, user in enumerate(users_list):
self.assertEqual(self.expected[i], user)
self.assertIn(self.expected[i][0], users_dict)
else:
self.assertEqual(2, i)
self.assertEqual(3, len(users_dict))
def test_invalidate_known_users_cache(self):
self.env.get_known_users()
self.env.get_known_users(as_dict=True)
user = ('user4', 'User Four', '*****@*****.**')
self.env.insert_users([user])
self.expected.append(user[:3])
self.env.invalidate_known_users_cache()
users_list = self.env.get_known_users()
users_dict = self.env.get_known_users(as_dict=True)
i = 0
for i, user in enumerate(users_list):
self.assertEqual(self.expected[i], user)
self.assertIn(self.expected[i][0], users_dict)
else:
self.assertEqual(3, i)
self.assertEqual(4, len(users_dict))
class SessionTestCase(unittest.TestCase):
"""Unit tests for the persistent session support."""
def setUp(self):
self.env = EnvironmentStub()
def tearDown(self):
self.env.reset_db()
def test_new_session(self):
"""
Verify that a session cookie gets sent back to the client for a new
session.
"""
cookie = Cookie()
req = Mock(incookie=Cookie(), outcookie=cookie, authname='anonymous',
base_path='/')
session = Session(self.env, req)
self.assertEqual(session.sid, cookie['trac_session'].value)
self.assertEqual(0, self.env.db_query(
"SELECT COUNT(*) FROM session")[0][0])
def test_anonymous_session(self):
"""
Verify that session variables are stored in the database.
"""
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='anonymous', base_path='/', incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual('123456', session.sid)
self.assertNotIn('trac_session', outcookie)
def _test_authenticated_session(self, username):
"""
Verifies that a session cookie does not get used if the user is logged
in, and that Trac expires the cookie.
"""
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname=username, base_path='/', incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual(username, session.sid)
session['foo'] = 'bar'
session.save()
self.assertEqual(0, outcookie['trac_session']['expires'])
def test_authenticated_session(self):
self._test_authenticated_session('john')
self._test_authenticated_session('j.smith')
self._test_authenticated_session(u'Jöhn') # non-ascii username
self._test_authenticated_session('*****@*****.**') # LDAP username
def _test_session_promotion(self, username):
"""
Verifies that an existing anonymous session gets promoted to an
authenticated session when the user logs in.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname=username, base_path='/', incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual(username, session.sid)
session.save()
self.assertEqual([(username, 1)],
self.env.db_query("""SELECT sid, authenticated FROM session
WHERE sid=%s""", (username,)))
def test_session_promotion(self):
self._test_session_promotion('john')
self._test_session_promotion('j.smith')
self._test_session_promotion(u'Jöhn') # non-ascii username
self._test_session_promotion('*****@*****.**') # LDAP username
sessions = self.env.db_query("SELECT sid, authenticated FROM session")
self.assertEqual(set([('john', 1), ('j.smith', 1), (u'Jöhn', 1),
('*****@*****.**', 1)]),
set(sessions))
def _test_new_session_promotion(self, username):
"""
Verifies that even without a preexisting anonymous session,
an authenticated session will be created when the user logs in.
(same test as above without the initial INSERT)
"""
with self.env.db_transaction:
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname=username, base_path='/', incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual(username, session.sid)
session.save()
self.assertEqual([(username, 1)],
self.env.db_query("""SELECT sid, authenticated FROM session
WHERE sid=%s""", (username,)))
def test_new_session_promotion(self):
self._test_new_session_promotion('john')
self._test_new_session_promotion('j.smith')
self._test_new_session_promotion(u'Jöhn') # non-ascii username
self._test_new_session_promotion('*****@*****.**') # LDAP username
sessions = self.env.db_query("SELECT sid, authenticated FROM session")
self.assertEqual(set([('john', 1), ('j.smith', 1), (u'Jöhn', 1),
('*****@*****.**', 1)]),
set(sessions))
def test_add_anonymous_session_var(self):
"""
Verify that new variables are inserted into the 'session' table in the
database for an anonymous session.
"""
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous', base_path='/', incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
self.assertEqual('bar', self.env.db_query(
"SELECT value FROM session_attribute WHERE sid='123456'")[0][0])
def test_modify_anonymous_session_var(self):
"""
Verify that modifying an existing variable updates the 'session' table
accordingly for an anonymous session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
db("""
INSERT INTO session_attribute VALUES
('123456', 0, 'foo', 'bar')
""")
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous', base_path='/', incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual('baz', self.env.db_query(
"SELECT value FROM session_attribute WHERE sid='123456'")[0][0])
def test_delete_anonymous_session_var(self):
"""
Verify that modifying a variable updates the 'session' table accordingly
for an anonymous session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
db("""
INSERT INTO session_attribute VALUES
('123456', 0, 'foo', 'bar')
""")
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous', base_path='/', incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
self.assertEqual(0, self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='123456' AND name='foo'
""")[0][0])
def test_purge_anonymous_session(self):
"""
Verify that old sessions get purged.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, %s)", (0,))
db("INSERT INTO session VALUES ('987654', 0, %s)",
(int(time.time() - PURGE_AGE - 3600),))
db("""
INSERT INTO session_attribute
VALUES ('987654', 0, 'foo', 'bar')
""")
# We need to modify a different session to trigger the purging
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous', base_path='/', incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
self.assertEqual(0, self.env.db_query("""
SELECT COUNT(*) FROM session WHERE sid='987654' AND authenticated=0
""")[0][0])
def test_delete_empty_session(self):
"""
Verify that a session gets deleted when it doesn't have any data except
for the 'last_visit' timestamp.
"""
now = time.time()
# Make sure the session has data so that it doesn't get dropped
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, %s)",
(int(now - UPDATE_INTERVAL - 3600),))
db("""
INSERT INTO session_attribute
VALUES ('123456', 0, 'foo', 'bar')
""")
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous', base_path='/', incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
del session['foo']
session.save()
self.assertEqual(0, self.env.db_query("""
SELECT COUNT(*) FROM session WHERE sid='123456' AND authenticated=0
""")[0][0])
def test_change_anonymous_session(self):
"""
Verify that changing from one anonymous session to an inexisting
anonymous session creates the new session and doesn't carry over
variables from the previous session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
db("""
INSERT INTO session_attribute
VALUES ('123456', 0, 'foo', 'bar')
""")
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous', base_path='/', incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
self.assertEqual({'foo': 'bar'}, session)
session.get_session('7890')
session['baz'] = 'moo'
session.save()
self.assertEqual({'baz': 'moo'}, session)
with self.env.db_query as db:
self.assertEqual(1, db("""
SELECT COUNT(*) FROM session
WHERE sid='7890' AND authenticated=0
""")[0][0])
self.assertEqual([('baz', 'moo')], db("""
SELECT name, value FROM session_attribute
WHERE sid='7890' AND authenticated=0
"""))
def test_add_authenticated_session_var(self):
"""
Verify that new variables are inserted into the 'session' table in the
database for an authenticated session.
"""
req = Mock(authname='john', base_path='/', incookie=Cookie())
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
self.assertEqual('bar', self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_modify_authenticated_session_var(self):
"""
Verify that modifying an existing variable updates the 'session' table
accordingly for an authenticated session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john',1,'foo','bar')")
req = Mock(authname='john', base_path='/', incookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual('baz', self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_authenticated_session_independence_var(self):
"""
Verify that an anonymous session with the same name as an authenticated
session doesn't interfere with the latter.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john',1,'foo','bar')")
self.assertEqual('bar', self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND authenticated=1 AND name='foo'
""")[0][0])
incookie = Cookie()
incookie['trac_session'] = 'john'
req = Mock(authname='anonymous', base_path='/', incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
self.assertTrue('foo' not in session)
session['foo'] = 'baz'
session.save()
rows = self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND authenticated=1 AND name='foo'
""")
self.assertEqual(1, len(rows))
self.assertEqual('bar', rows[0][0])
rows = self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND authenticated=0 AND name='foo'
""")
self.assertEqual(1, len(rows))
self.assertEqual('baz', rows[0][0])
def test_delete_authenticated_session_var(self):
"""
Verify that deleting a variable updates the 'session' table accordingly
for an authenticated session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')")
req = Mock(authname='john', base_path='/', incookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
self.assertEqual(0, self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
def test_update_session(self):
"""
Verify that accessing a session after one day updates the sessions
'last_visit' variable so that the session doesn't get purged.
"""
now = time.time()
# Make sure the session has data so that it doesn't get dropped
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 1)")
db("""
INSERT INTO session_attribute
VALUES ('123456', 0, 'foo', 'bar')
""")
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='anonymous', base_path='/', incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
session['modified'] = True
session.save() # updating does require modifications
self.assertEqual(PURGE_AGE, outcookie['trac_session']['expires'])
self.assertAlmostEqual(now, int(self.env.db_query("""
SELECT last_visit FROM session
WHERE sid='123456' AND authenticated=0
""")[0][0]), -1)
def test_modify_detached_session(self):
"""
Verify that modifying a variable in a session not associated with a
request updates the database accordingly.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')")
session = DetachedSession(self.env, 'john')
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual('baz', self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_delete_detached_session_var(self):
"""
Verify that removing a variable in a session not associated with a
request deletes the variable from the database.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')")
session = DetachedSession(self.env, 'john')
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
self.assertEqual(0, self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
def test_session_set(self):
"""Verify that setting a variable in a session to the default value
removes it from the session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')")
session = DetachedSession(self.env, 'john')
self.assertEqual('bar', session['foo'])
# Setting the variable to the default value removes the variable
with self.env.db_transaction as db:
session.set('foo', 'default', 'default')
session.save()
self.assertEqual(0, self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
# Setting the variable to a value different from the default sets it
with self.env.db_transaction as db:
session.set('foo', 'something', 'default')
session.save()
self.assertEqual('something', self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
def test_session_set_email(self):
"""Setting session email invalidates known_users cache."""
session = DetachedSession(self.env, 'user')
session['email'] = '*****@*****.**'
self.assertEqual([], list(self.env.get_known_users()))
session.save()
email = None
for sid, name, email in self.env.get_known_users():
if sid == 'user':
break
self.assertEqual(session['email'], email)
def test_session_set_name(self):
"""Setting session name invalidates known_users cache."""
session = DetachedSession(self.env, 'user')
session['name'] = 'The User'
self.assertEqual([], list(self.env.get_known_users()))
session.save()
name = None
for sid, name, email in self.env.get_known_users():
if sid == 'user':
break
self.assertEqual(session['name'], name)
def test_session_admin_list(self):
auth_list, anon_list, all_list = _prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
# Verify the empty case
self.assertRaises(StopIteration, sess_admin._get_list([]).next)
self.assertEqual([i for i in sess_admin._get_list(['authenticated'])],
auth_list)
self.assertEqual([i for i in sess_admin._get_list(['anonymous'])],
anon_list)
self.assertEqual([i for i in sess_admin._get_list(['*'])], all_list)
self.assertEqual([i for i in sess_admin._get_list(['name00'])][0],
auth_list[0])
self.assertEqual([i for i in sess_admin._get_list(['name10:0'])][0],
anon_list[0])
self.assertEqual([i for i in sess_admin._get_list(['name00', 'name01',
'name02'])],
all_list[:3])
def test_session_admin_add(self):
_prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
self.assertRaises(Exception, sess_admin._do_add, 'name00')
sess_admin._do_add('john')
result = get_session_info(self.env, 'john')
self.assertEqual(result, ('john', None, None, None))
self.assertIn(('john', None, None),
list(self.env.get_known_users()))
sess_admin._do_add('john1', 'John1')
result = get_session_info(self.env, 'john1')
self.assertEqual(result, ('john1', 'John1', None, None))
self.assertIn(('john1', 'John1', None),
list(self.env.get_known_users()))
sess_admin._do_add('john2', 'John2', '*****@*****.**')
result = get_session_info(self.env, 'john2')
self.assertEqual(result,
('john2', 'John2', '*****@*****.**', None))
self.assertIn(('john2', 'John2', '*****@*****.**'),
list(self.env.get_known_users()))
def test_session_admin_set(self):
_prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
self.assertRaises(TracError, sess_admin._do_set, 'name', 'nothere',
'foo')
self.env.get_known_users() # Prep the cache
self.assertIn(('name00', 'val00', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_set('name', 'name00', 'john')
result = get_session_info(self.env, 'name00')
self.assertEqual(result, ('name00', 'john', 'val00', None))
self.assertIn(('name00', 'john', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_set('email', 'name00', '*****@*****.**')
result = get_session_info(self.env, 'name00')
self.assertEqual(result, ('name00', 'john', '*****@*****.**', None))
self.assertIn(('name00', 'john', '*****@*****.**'),
list(self.env.get_known_users()))
sess_admin._do_set('default_handler', 'name00', 'SearchModule')
result = get_session_info(self.env, 'name00')
self.assertEqual(result, ('name00', 'john', '*****@*****.**',
'SearchModule'))
def test_session_admin_delete(self):
_prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
self.assertIn(('name00', 'val00', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_delete('name00')
result = get_session_info(self.env, 'name00')
self.assertEqual(result, (None, None, None, None))
self.assertNotIn(('name00', 'val00', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_delete('nothere')
result = get_session_info(self.env, 'nothere')
self.assertEqual(result, (None, None, None, None))
auth_list, anon_list, all_list = _prep_session_table(self.env)
sess_admin._do_delete('anonymous')
result = [i for i in sess_admin._get_list(['*'])]
self.assertEqual(result, auth_list)
def test_session_admin_purge(self):
sess_admin = SessionAdmin(self.env)
auth_list, anon_list, all_list = \
_prep_session_table(self.env, spread_visits=True)
sess_admin._do_purge('2010-01-02')
result = [i for i in sess_admin._get_list(['*'])]
self.assertEqual(result, auth_list + anon_list)
result = get_session_info(self.env, anon_list[0][0])
self.assertEqual(result, ('name10', 'val10', 'val10', None))
result = get_session_info(self.env, anon_list[1][0])
self.assertEqual(result, ('name11', 'val11', 'val11', None))
auth_list, anon_list, all_list = \
_prep_session_table(self.env, spread_visits=True)
sess_admin._do_purge('2010-01-12')
result = [i for i in sess_admin._get_list(['*'])]
self.assertEqual(result, auth_list + anon_list[1:])
rows = self.env.db_query("""
SELECT name, value FROM session_attribute WHERE sid = %s
""", (anon_list[0][0],))
self.assertEqual([], rows)
result = get_session_info(self.env, anon_list[1][0])
self.assertEqual(result, ('name11', 'val11', 'val11', None))
def test_session_get_session_with_invalid_sid(self):
cookie = Cookie()
req = Mock(incookie=Cookie(), outcookie=cookie, authname='anonymous',
base_path='/')
session = Session(self.env, req)
session.get_session('0123456789')
self.assertEqual('0123456789', session.sid)
session.get_session('abcxyz')
self.assertEqual('abcxyz', session.sid)
session.get_session('abc123xyz')
self.assertEqual('abc123xyz', session.sid)
self.assertRaises(TracError, session.get_session, 'abc 123 xyz')
self.assertRaises(TracError, session.get_session, 'abc-123-xyz')
self.assertRaises(TracError, session.get_session, 'abc<i>123</i>xyz')
self.assertRaises(TracError, session.get_session, u'abc123xÿz')
self.assertRaises(TracError, session.get_session,
u'abc¹₂³xyz') # Unicode digits
def test_session_change_id_with_invalid_sid(self):
cookie = Cookie()
req = Mock(incookie=Cookie(), outcookie=cookie, authname='anonymous',
base_path='/')
session = Session(self.env, req)
session.change_sid('0123456789')
self.assertEqual('0123456789', session.sid)
session.change_sid('abcxyz')
self.assertEqual('abcxyz', session.sid)
session.change_sid('abc123xyz')
self.assertEqual('abc123xyz', session.sid)
self.assertRaises(TracError, session.change_sid, 'abc 123 xyz')
self.assertRaises(TracError, session.change_sid, 'abc-123-xyz')
self.assertRaises(TracError, session.change_sid, 'abc<i>123</i>xyz')
self.assertRaises(TracError, session.change_sid, u'abc123xÿz')
self.assertRaises(TracError, session.change_sid,
u'abc¹₂³xyz') # Unicode digits
class SessionTestCase(unittest.TestCase):
"""Unit tests for the persistent session support."""
def setUp(self):
self.env = EnvironmentStub()
def tearDown(self):
self.env.reset_db()
def test_new_session(self):
"""
Verify that a session cookie gets sent back to the client for a new
session.
"""
cookie = Cookie()
req = Mock(incookie=Cookie(),
outcookie=cookie,
authname='anonymous',
base_path='/')
session = Session(self.env, req)
self.assertEqual(session.sid, cookie['trac_session'].value)
self.assertEqual(
0,
self.env.db_query("SELECT COUNT(*) FROM session")[0][0])
def test_anonymous_session(self):
"""
Verify that session variables are stored in the database.
"""
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='anonymous',
base_path='/',
incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual('123456', session.sid)
self.assertNotIn('trac_session', outcookie)
def test_authenticated_session(self):
"""
Verifies that a session cookie does not get used if the user is logged
in, and that Trac expires the cookie.
"""
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='john',
base_path='/',
incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual('john', session.sid)
session['foo'] = 'bar'
session.save()
self.assertEqual(0, outcookie['trac_session']['expires'])
def test_session_promotion(self):
"""
Verifies that an existing anonymous session gets promoted to an
authenticated session when the user logs in.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='john',
base_path='/',
incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual('john', session.sid)
session.save()
self.assertEqual(
[('john', 1)],
self.env.db_query("SELECT sid, authenticated FROM session"))
def test_new_session_promotion(self):
"""
Verifies that even without a preexisting anonymous session,
an authenticated session will be created when the user logs in.
(same test as above without the initial INSERT)
"""
with self.env.db_transaction as db:
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='john',
base_path='/',
incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
self.assertEqual('john', session.sid)
session.save()
self.assertEqual(
[('john', 1)],
self.env.db_query("SELECT sid, authenticated FROM session"))
def test_add_anonymous_session_var(self):
"""
Verify that new variables are inserted into the 'session' table in the
database for an anonymous session.
"""
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous',
base_path='/',
incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
self.assertEqual(
'bar',
self.env.db_query(
"SELECT value FROM session_attribute WHERE sid='123456'")[0]
[0])
def test_modify_anonymous_session_var(self):
"""
Verify that modifying an existing variable updates the 'session' table
accordingly for an anonymous session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
db("""
INSERT INTO session_attribute VALUES
('123456', 0, 'foo', 'bar')
""")
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous',
base_path='/',
incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual(
'baz',
self.env.db_query(
"SELECT value FROM session_attribute WHERE sid='123456'")[0]
[0])
def test_delete_anonymous_session_var(self):
"""
Verify that modifying a variable updates the 'session' table accordingly
for an anonymous session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
db("""
INSERT INTO session_attribute VALUES
('123456', 0, 'foo', 'bar')
""")
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous',
base_path='/',
incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='123456' AND name='foo'
""")[0][0])
def test_purge_anonymous_session(self):
"""
Verify that old sessions get purged.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, %s)", (0, ))
db("INSERT INTO session VALUES ('987654', 0, %s)",
(int(time.time() - PURGE_AGE - 3600), ))
db("""
INSERT INTO session_attribute
VALUES ('987654', 0, 'foo', 'bar')
""")
# We need to modify a different session to trigger the purging
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous',
base_path='/',
incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session WHERE sid='987654' AND authenticated=0
""")[0][0])
def test_delete_empty_session(self):
"""
Verify that a session gets deleted when it doesn't have any data except
for the 'last_visit' timestamp.
"""
now = time.time()
# Make sure the session has data so that it doesn't get dropped
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, %s)",
(int(now - UPDATE_INTERVAL - 3600), ))
db("""
INSERT INTO session_attribute
VALUES ('123456', 0, 'foo', 'bar')
""")
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous',
base_path='/',
incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
del session['foo']
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session WHERE sid='123456' AND authenticated=0
""")[0][0])
def test_change_anonymous_session(self):
"""
Verify that changing from one anonymous session to an inexisting
anonymous session creates the new session and doesn't carry over
variables from the previous session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 0)")
db("""
INSERT INTO session_attribute
VALUES ('123456', 0, 'foo', 'bar')
""")
incookie = Cookie()
incookie['trac_session'] = '123456'
req = Mock(authname='anonymous',
base_path='/',
incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
self.assertEqual({'foo': 'bar'}, session)
session.get_session('7890')
session['baz'] = 'moo'
session.save()
self.assertEqual({'baz': 'moo'}, session)
with self.env.db_query as db:
self.assertEqual(
1,
db("""
SELECT COUNT(*) FROM session
WHERE sid='7890' AND authenticated=0
""")[0][0])
self.assertEqual([('baz', 'moo')],
db("""
SELECT name, value FROM session_attribute
WHERE sid='7890' AND authenticated=0
"""))
def test_add_authenticated_session_var(self):
"""
Verify that new variables are inserted into the 'session' table in the
database for an authenticated session.
"""
req = Mock(authname='john', base_path='/', incookie=Cookie())
session = Session(self.env, req)
session['foo'] = 'bar'
session.save()
self.assertEqual(
'bar',
self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_modify_authenticated_session_var(self):
"""
Verify that modifying an existing variable updates the 'session' table
accordingly for an authenticated session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john',1,'foo','bar')")
req = Mock(authname='john', base_path='/', incookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual(
'baz',
self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_authenticated_session_independence_var(self):
"""
Verify that an anonymous session with the same name as an authenticated
session doesn't interfere with the latter.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john',1,'foo','bar')")
self.assertEqual(
'bar',
self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND authenticated=1 AND name='foo'
""")[0][0])
incookie = Cookie()
incookie['trac_session'] = 'john'
req = Mock(authname='anonymous',
base_path='/',
incookie=incookie,
outcookie=Cookie())
session = Session(self.env, req)
self.assertTrue('foo' not in session)
session['foo'] = 'baz'
session.save()
rows = self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND authenticated=1 AND name='foo'
""")
self.assertEqual(1, len(rows))
self.assertEqual('bar', rows[0][0])
rows = self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND authenticated=0 AND name='foo'
""")
self.assertEqual(1, len(rows))
self.assertEqual('baz', rows[0][0])
def test_delete_authenticated_session_var(self):
"""
Verify that deleting a variable updates the 'session' table accordingly
for an authenticated session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')"
)
req = Mock(authname='john', base_path='/', incookie=Cookie())
session = Session(self.env, req)
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
def test_update_session(self):
"""
Verify that accessing a session after one day updates the sessions
'last_visit' variable so that the session doesn't get purged.
"""
now = time.time()
# Make sure the session has data so that it doesn't get dropped
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('123456', 0, 1)")
db("""
INSERT INTO session_attribute
VALUES ('123456', 0, 'foo', 'bar')
""")
incookie = Cookie()
incookie['trac_session'] = '123456'
outcookie = Cookie()
req = Mock(authname='anonymous',
base_path='/',
incookie=incookie,
outcookie=outcookie)
session = Session(self.env, req)
session['modified'] = True
session.save() # updating does require modifications
self.assertEqual(PURGE_AGE, outcookie['trac_session']['expires'])
self.assertAlmostEqual(
now,
int(
self.env.db_query("""
SELECT last_visit FROM session
WHERE sid='123456' AND authenticated=0
""")[0][0]), -1)
def test_modify_detached_session(self):
"""
Verify that modifying a variable in a session not associated with a
request updates the database accordingly.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')"
)
session = DetachedSession(self.env, 'john')
self.assertEqual('bar', session['foo'])
session['foo'] = 'baz'
session.save()
self.assertEqual(
'baz',
self.env.db_query("""
SELECT value FROM session_attribute WHERE sid='john' AND name='foo'
""")[0][0])
def test_delete_detached_session_var(self):
"""
Verify that removing a variable in a session not associated with a
request deletes the variable from the database.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')"
)
session = DetachedSession(self.env, 'john')
self.assertEqual('bar', session['foo'])
del session['foo']
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
def test_session_set(self):
"""Verify that setting a variable in a session to the default value
removes it from the session.
"""
with self.env.db_transaction as db:
db("INSERT INTO session VALUES ('john', 1, 0)")
db("INSERT INTO session_attribute VALUES ('john', 1, 'foo', 'bar')"
)
session = DetachedSession(self.env, 'john')
self.assertEqual('bar', session['foo'])
# Setting the variable to the default value removes the variable
with self.env.db_transaction as db:
session.set('foo', 'default', 'default')
session.save()
self.assertEqual(
0,
self.env.db_query("""
SELECT COUNT(*) FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
# Setting the variable to a value different from the default sets it
with self.env.db_transaction as db:
session.set('foo', 'something', 'default')
session.save()
self.assertEqual(
'something',
self.env.db_query("""
SELECT value FROM session_attribute
WHERE sid='john' AND name='foo'
""")[0][0])
def test_session_set_email(self):
"""Setting session email invalidates known_users cache."""
session = DetachedSession(self.env, 'user')
session['email'] = '*****@*****.**'
self.assertEqual([], list(self.env.get_known_users()))
session.save()
email = None
for sid, name, email in self.env.get_known_users():
if sid == 'user':
break
self.assertEqual(session['email'], email)
def test_session_set_name(self):
"""Setting session name invalidates known_users cache."""
session = DetachedSession(self.env, 'user')
session['name'] = 'The User'
self.assertEqual([], list(self.env.get_known_users()))
session.save()
name = None
for sid, name, email in self.env.get_known_users():
if sid == 'user':
break
self.assertEqual(session['name'], name)
def test_session_admin_list(self):
auth_list, anon_list, all_list = _prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
# Verify the empty case
self.assertRaises(StopIteration, sess_admin._get_list([]).next)
self.assertEqual([i for i in sess_admin._get_list(['authenticated'])],
auth_list)
self.assertEqual([i for i in sess_admin._get_list(['anonymous'])],
anon_list)
self.assertEqual([i for i in sess_admin._get_list(['*'])], all_list)
self.assertEqual([i for i in sess_admin._get_list(['name00'])][0],
auth_list[0])
self.assertEqual([i for i in sess_admin._get_list(['name10:0'])][0],
anon_list[0])
self.assertEqual(
[i for i in sess_admin._get_list(['name00', 'name01', 'name02'])],
all_list[:3])
def test_session_admin_add(self):
_prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
self.assertRaises(Exception, sess_admin._do_add, 'name00')
sess_admin._do_add('john')
result = get_session_info(self.env, 'john')
self.assertEqual(result, ('john', None, None, None))
self.assertIn(('john', None, None), list(self.env.get_known_users()))
sess_admin._do_add('john1', 'John1')
result = get_session_info(self.env, 'john1')
self.assertEqual(result, ('john1', 'John1', None, None))
self.assertIn(('john1', 'John1', None),
list(self.env.get_known_users()))
sess_admin._do_add('john2', 'John2', '*****@*****.**')
result = get_session_info(self.env, 'john2')
self.assertEqual(result, ('john2', 'John2', '*****@*****.**', None))
self.assertIn(('john2', 'John2', '*****@*****.**'),
list(self.env.get_known_users()))
def test_session_admin_set(self):
_prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
self.assertRaises(TracError, sess_admin._do_set, 'name', 'nothere',
'foo')
self.env.get_known_users() # Prep the cache
self.assertIn(('name00', 'val00', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_set('name', 'name00', 'john')
result = get_session_info(self.env, 'name00')
self.assertEqual(result, ('name00', 'john', 'val00', None))
self.assertIn(('name00', 'john', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_set('email', 'name00', '*****@*****.**')
result = get_session_info(self.env, 'name00')
self.assertEqual(result, ('name00', 'john', '*****@*****.**', None))
self.assertIn(('name00', 'john', '*****@*****.**'),
list(self.env.get_known_users()))
sess_admin._do_set('default_handler', 'name00', 'SearchModule')
result = get_session_info(self.env, 'name00')
self.assertEqual(
result, ('name00', 'john', '*****@*****.**', 'SearchModule'))
def test_session_admin_delete(self):
_prep_session_table(self.env)
sess_admin = SessionAdmin(self.env)
self.assertIn(('name00', 'val00', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_delete('name00')
result = get_session_info(self.env, 'name00')
self.assertEqual(result, (None, None, None, None))
self.assertNotIn(('name00', 'val00', 'val00'),
list(self.env.get_known_users()))
sess_admin._do_delete('nothere')
result = get_session_info(self.env, 'nothere')
self.assertEqual(result, (None, None, None, None))
auth_list, anon_list, all_list = _prep_session_table(self.env)
sess_admin._do_delete('anonymous')
result = [i for i in sess_admin._get_list(['*'])]
self.assertEqual(result, auth_list)
def test_session_admin_purge(self):
sess_admin = SessionAdmin(self.env)
auth_list, anon_list, all_list = \
_prep_session_table(self.env, spread_visits=True)
sess_admin._do_purge('2010-01-02')
result = [i for i in sess_admin._get_list(['*'])]
self.assertEqual(result, auth_list + anon_list)
result = get_session_info(self.env, anon_list[0][0])
self.assertEqual(result, ('name10', 'val10', 'val10', None))
result = get_session_info(self.env, anon_list[1][0])
self.assertEqual(result, ('name11', 'val11', 'val11', None))
auth_list, anon_list, all_list = \
_prep_session_table(self.env, spread_visits=True)
sess_admin._do_purge('2010-01-12')
result = [i for i in sess_admin._get_list(['*'])]
self.assertEqual(result, auth_list + anon_list[1:])
rows = self.env.db_query(
"""
SELECT name, value FROM session_attribute WHERE sid = %s
""", (anon_list[0][0], ))
self.assertEqual([], rows)
result = get_session_info(self.env, anon_list[1][0])
self.assertEqual(result, ('name11', 'val11', 'val11', None))
def test_session_get_session_with_invalid_sid(self):
cookie = Cookie()
req = Mock(incookie=Cookie(),
outcookie=cookie,
authname='anonymous',
base_path='/')
session = Session(self.env, req)
session.get_session('0123456789')
self.assertEqual('0123456789', session.sid)
session.get_session('abcxyz')
self.assertEqual('abcxyz', session.sid)
session.get_session('abc123xyz')
self.assertEqual('abc123xyz', session.sid)
self.assertRaises(TracError, session.get_session, 'abc 123 xyz')
self.assertRaises(TracError, session.get_session, 'abc-123-xyz')
self.assertRaises(TracError, session.get_session, 'abc<i>123</i>xyz')
self.assertRaises(TracError, session.get_session, u'abc123xÿz')
self.assertRaises(TracError, session.get_session,
u'abc¹₂³xyz') # Unicode digits
def test_session_change_id_with_invalid_sid(self):
cookie = Cookie()
req = Mock(incookie=Cookie(),
outcookie=cookie,
authname='anonymous',
base_path='/')
session = Session(self.env, req)
session.change_sid('0123456789')
self.assertEqual('0123456789', session.sid)
session.change_sid('abcxyz')
self.assertEqual('abcxyz', session.sid)
session.change_sid('abc123xyz')
self.assertEqual('abc123xyz', session.sid)
self.assertRaises(TracError, session.change_sid, 'abc 123 xyz')
self.assertRaises(TracError, session.change_sid, 'abc-123-xyz')
self.assertRaises(TracError, session.change_sid, 'abc<i>123</i>xyz')
self.assertRaises(TracError, session.change_sid, u'abc123xÿz')
self.assertRaises(TracError, session.change_sid,
u'abc¹₂³xyz') # Unicode digits
class KnownUsersTestCase(unittest.TestCase):
def setUp(self):
self.env = EnvironmentStub()
users = [
('123', None, '*****@*****.**', 0),
('jane', 'Jane', None, 1),
('joe', None, '*****@*****.**', 1),
('tom', 'Tom', '*****@*****.**', 1)
]
self.expected = []
for user in users:
self._insert_user(user)
if user[3] == 1:
self.expected.append(user[:3])
def tearDown(self):
self.env.reset_db()
def _insert_user(self, user):
with self.env.db_transaction as db:
db.execute("""
INSERT INTO session VALUES (%s,%s,0)
""", (user[0], user[3]))
db.executemany("""
INSERT INTO session_attribute VALUES (%s,%s,%s,%s)
""", [(user[0], user[3], 'name', user[1]),
(user[0], user[3], 'email', user[2])])
def test_get_known_users_as_list_of_tuples(self):
users = list(self.env.get_known_users())
i = 0
for i, user in enumerate(users):
self.assertEqual(self.expected[i], user)
else:
self.assertEqual(2, i)
def test_get_known_users_as_dict(self):
users = self.env.get_known_users(as_dict=True)
self.assertEqual(3, len(users))
for exp in self.expected:
self.assertEqual(exp[1:], users[exp[0]])
def test_get_known_users_is_cached(self):
self.env.get_known_users()
self.env.get_known_users(as_dict=True)
self._insert_user(('user4', None, None, 1))
users_list = list(self.env.get_known_users())
users_dict = self.env.get_known_users(as_dict=True)
i = 0
for i, user in enumerate(users_list):
self.assertEqual(self.expected[i], user)
self.assertIn(self.expected[i][0], users_dict)
else:
self.assertEqual(2, i)
self.assertEqual(3, len(users_dict))
def test_invalidate_known_users_cache(self):
self.env.get_known_users()
self.env.get_known_users(as_dict=True)
user = ('user4', 'User Four', '*****@*****.**', 1)
self._insert_user(user)
self.expected.append(user[:3])
self.env.invalidate_known_users_cache()
users_list = self.env.get_known_users()
users_dict = self.env.get_known_users(as_dict=True)
i = 0
for i, user in enumerate(users_list):
self.assertEqual(self.expected[i], user)
self.assertIn(self.expected[i][0], users_dict)
else:
self.assertEqual(3, i)
self.assertEqual(4, len(users_dict))
