def test_generate_session(self):
"""The generate_session procedure makes a new session cookie
to be returned to the client
If there is already a session active for this user, return the
same session key in the cookie"""
# run tests for all test users
for email, password, first, last in self.users:
cookie = interface.generate_session(self.db, email)
self.assertNotEqual(cookie, None,
"No cookie returned from generate_session")
# look for the cookie
self.assertTrue(
cookie.has_key(interface.COOKIE_NAME),
"Cookie from generate_session has no entry for defined cookie name"
)
# get the value and verify that it is in the sessions table
sessionid = cookie[interface.COOKIE_NAME].value
cursor = self.db.cursor()
cursor.execute('select useremail from sessions where sessionid=?',
(sessionid, ))
stored_useremail = cursor.fetchone()[0]
self.assertEqual(email, stored_useremail)
# now try to make a new session for one of the users
cookie2 = interface.generate_session(self.db, email)
# look for the cookie
self.assertTrue(
cookie2.has_key(interface.COOKIE_NAME),
"Cookie from generate_session has no entry for defined cookie name"
)
# sessionid should be the same as before
self.assertEqual(cookie2[interface.COOKIE_NAME].value, sessionid)
# try to generate a session for an invalid user
cookie = interface.generate_session(self.db, "*****@*****.**")
self.assertEqual(
cookie, None,
"Invalid user should return None from generate_session")
def test_delete_session(self):
"""The delete_session procedure should remove all sessions for
a given user in the sessions table.
Test relies on working generate_session"""
# run tests for all test users
for email, password, first, last in self.users:
cookie = interface.generate_session(self.db, email)
self.assertNotEqual(
cookie, None,
"generate_session failing, can't run delete_session tests")
# get the value and verify that it is in the sessions table
sessionid = cookie[interface.COOKIE_NAME].value
# now remove the session
interface.delete_session(self.db, email)
# now check that the session is not present
cursor = self.db.cursor()
cursor.execute('select sessionid from sessions where useremail=?',
(email, ))
rows = cursor.fetchall()
self.assertEqual(
rows, [],
"Expected no results for sessions query from deleted session, got %s"
% (rows, ))
def test_generate_session(self):
"""The generate_session procedure makes a new session cookie
to be returned to the client
If there is already a session active for this user, return the
same session key in the cookie"""
# run tests for all test users
for email, password, first, last in self.users:
cookie = interface.generate_session(self.db, email)
self.assertNotEqual(cookie, None, "No cookie returned from generate_session")
# look for the cookie
self.assertTrue(
cookie.has_key(interface.COOKIE_NAME),
"Cookie from generate_session has no entry for defined cookie name",
)
# get the value and verify that it is in the sessions table
sessionid = cookie[interface.COOKIE_NAME].value
cursor = self.db.cursor()
cursor.execute("select useremail from sessions where sessionid=?", (sessionid,))
stored_useremail = cursor.fetchone()[0]
self.assertEqual(email, stored_useremail)
# now try to make a new session for one of the users
cookie2 = interface.generate_session(self.db, email)
# look for the cookie
self.assertTrue(
cookie2.has_key(interface.COOKIE_NAME),
"Cookie from generate_session has no entry for defined cookie name",
)
# sessionid should be the same as before
self.assertEqual(cookie2[interface.COOKIE_NAME].value, sessionid)
# try to generate a session for an invalid user
cookie = interface.generate_session(self.db, "*****@*****.**")
self.assertEqual(cookie, None, "Invalid user should return None from generate_session")
def test_user_from_cookie(self):
"""The user_from_cookie procedure finds the name of the logged in
user from the session cookie if present
Test relies on working generate_cookie
"""
import Cookie
# first test with no cookie
environ = dict()
email_from_cookie = interface.user_from_cookie(self.db, environ)
self.assertEquals(
email_from_cookie, None,
"Expected None in case with no cookie, got %s" %
str(email_from_cookie))
cookie = Cookie.SimpleCookie()
cookie[interface.COOKIE_NAME] = 'fake sessionid'
environ = {'HTTP_COOKIE': cookie[interface.COOKIE_NAME].OutputString()}
email_from_cookie = interface.user_from_cookie(self.db, environ)
self.assertEquals(
email_from_cookie, None,
"Expected None in case with invalid session id, got %s" %
str(email_from_cookie))
# run tests for all test users
for email, password, first, last in self.users:
cookie = interface.generate_session(self.db, email)
self.assertNotEqual(
cookie, None,
"generate_session failing, can't run user_from_cookie tests")
environ = {
'HTTP_COOKIE': cookie[interface.COOKIE_NAME].OutputString()
}
email_from_cookie = interface.user_from_cookie(self.db, environ)
self.assertEqual(email_from_cookie, email)
def test_user_from_cookie(self):
"""The user_from_cookie procedure finds the name of the logged in
user from the session cookie if present
Test relies on working generate_cookie
"""
import Cookie
# first test with no cookie
environ = dict()
email_from_cookie = interface.user_from_cookie(self.db, environ)
self.assertEquals(
email_from_cookie, None, "Expected None in case with no cookie, got %s" % str(email_from_cookie)
)
cookie = Cookie.SimpleCookie()
cookie[interface.COOKIE_NAME] = "fake sessionid"
environ = {"HTTP_COOKIE": cookie[interface.COOKIE_NAME].OutputString()}
email_from_cookie = interface.user_from_cookie(self.db, environ)
self.assertEquals(
email_from_cookie, None, "Expected None in case with invalid session id, got %s" % str(email_from_cookie)
)
# run tests for all test users
for email, password, first, last in self.users:
cookie = interface.generate_session(self.db, email)
self.assertNotEqual(cookie, None, "generate_session failing, can't run user_from_cookie tests")
environ = {"HTTP_COOKIE": cookie[interface.COOKIE_NAME].OutputString()}
email_from_cookie = interface.user_from_cookie(self.db, environ)
self.assertEqual(email_from_cookie, email)
def test_delete_session(self):
"""The delete_session procedure should remove all sessions for
a given user in the sessions table.
Test relies on working generate_session"""
# run tests for all test users
for email, password, first, last in self.users:
cookie = interface.generate_session(self.db, email)
self.assertNotEqual(cookie, None, "generate_session failing, can't run delete_session tests")
# get the value and verify that it is in the sessions table
sessionid = cookie[interface.COOKIE_NAME].value
# now remove the session
interface.delete_session(self.db, email)
# now check that the session is not present
cursor = self.db.cursor()
cursor.execute("select sessionid from sessions where useremail=?", (email,))
rows = cursor.fetchall()
self.assertEqual(rows, [], "Expected no results for sessions query from deleted session, got %s" % (rows,))
def application(environ, start_response):
"""Demo WSGI application"""
formdata = cgi.FieldStorage(environ=environ, fp=environ['wsgi.input'])
if formdata.has_key('username') and formdata.has_key('password'):
username = formdata.getvalue('username')
password = formdata.getvalue('password')
if interface.check_login(db, username, password) == True:
cookie = interface.generate_session(db, username)
# Correct username or password, return a page saying so.
return login_success(cookie, environ, start_response)
else:
# Invalid username or password, return a page with an error box saying so.
return invalid(environ, start_response)
elif formdata.has_key('username') or formdata.has_key('password'):
# Invalid username or password, return a page with an error box saying so.
return invalid(environ, start_response)
session = str(interface.user_from_cookie(db, environ))
if formdata.has_key('website') and formdata.has_key('addcomment'):
if formdata.getvalue('website') == 'http://':
# Shouldn't post a comment about http://!
return comment_unsuccessful(environ, start_response)
elif session != 'None':
topic = formdata.getvalue('website')
comment = formdata.getvalue('addcomment')
interface.add_comment(db, session, topic, comment)
#Comment successfully added. Return a page saying so, with a redirect link to main page.
return comment_successful(environ, start_response)
else:
# Unlogged users should receive a 404 Not Found error
return no_permission(environ, start_response)
elif formdata.has_key('website') or formdata.has_key('addcomment'):
if session != 'None':
#Invalid form returned. Return a page showing an error box and how to fix it.
return comment_unsuccessful(environ, start_response)
else:
# Unlogged users should receive a 404 Not Found error.
return no_permission(environ, start_response)
if environ['PATH_INFO'] == '/':
return main_page(environ, start_response)
elif environ['PATH_INFO'] == '/login':
return login_page(environ, start_response)
elif environ['PATH_INFO'] == '/my':
if session != 'None':
return my_comments(environ, start_response)
else:
return show_404_app(environ, start_response)
elif environ['PATH_INFO'] == '/conversation':
return conversation_page(environ, start_response)
elif environ['PATH_INFO'] == '/comment':
if session != 'None':
return add_comment(environ, start_response)
else:
#Unlogged users should be told they do not have permission to access this page.
return no_permission(environ, start_response)
elif environ['PATH_INFO'] == '/logout':
if session != 'None':
interface.delete_session(db, session)
return logout(environ, start_response)
else:
# Unlogged users should receive a 404 Not Found error.
return show_404_app(environ, start_response)
else:
# Path invalid, return 404 Not Found
return show_404_app(environ, start_response)
def application(environ, start_response):
"""Demo WSGI application"""
formdata = cgi.FieldStorage(environ=environ, fp=environ['wsgi.input'])
if formdata.has_key('username') and formdata.has_key('password'):
username = formdata.getvalue('username')
password = formdata.getvalue('password')
if interface.check_login(db, username, password) == True:
cookie = interface.generate_session(db, username)
# Correct username or password, return a page saying so.
return login_success(cookie, environ, start_response)
else:
# Invalid username or password, return a page with an error box saying so.
return invalid(environ, start_response)
elif formdata.has_key('username') or formdata.has_key('password'):
# Invalid username or password, return a page with an error box saying so.
return invalid(environ, start_response)
session = str(interface.user_from_cookie(db, environ))
if formdata.has_key('website') and formdata.has_key('addcomment'):
if formdata.getvalue('website') == 'http://':
# Shouldn't post a comment about http://!
return comment_unsuccessful(environ, start_response)
elif session != 'None':
topic = formdata.getvalue('website')
comment = formdata.getvalue('addcomment')
interface.add_comment(db, session, topic, comment)
#Comment successfully added. Return a page saying so, with a redirect link to main page.
return comment_successful(environ, start_response)
else:
# Unlogged users should receive a 404 Not Found error
return no_permission(environ, start_response)
elif formdata.has_key('website') or formdata.has_key('addcomment'):
if session != 'None':
#Invalid form returned. Return a page showing an error box and how to fix it.
return comment_unsuccessful(environ, start_response)
else:
# Unlogged users should receive a 404 Not Found error.
return no_permission(environ, start_response)
if environ['PATH_INFO'] == '/':
return main_page(environ, start_response)
elif environ['PATH_INFO'] == '/login':
return login_page(environ, start_response)
elif environ['PATH_INFO'] == '/my':
if session != 'None':
return my_comments(environ, start_response)
else:
return show_404_app(environ, start_response)
elif environ['PATH_INFO'] == '/conversation':
return conversation_page(environ, start_response)
elif environ['PATH_INFO'] == '/comment':
if session != 'None':
return add_comment(environ, start_response)
else:
#Unlogged users should be told they do not have permission to access this page.
return no_permission(environ, start_response)
elif environ['PATH_INFO'] == '/logout':
if session != 'None':
interface.delete_session(db, session)
return logout(environ, start_response)
else:
# Unlogged users should receive a 404 Not Found error.
return show_404_app(environ, start_response)
else:
# Path invalid, return 404 Not Found
return show_404_app(environ, start_response)