def test_single_session_per_whistleblower(self): """ Asserts that the first_id is dropped from GLSessions and requests using that session id are rejected """ yield self.perform_full_submission_actions() handler = self.request({'receipt': self.dummySubmission['receipt']}) handler.client_using_tor = True response = yield handler.post() first_id = response['session_id'] wbtip_handler = self.request(headers={'x-session': first_id}, handler_cls=WBTipInstance) yield wbtip_handler.get() response = yield handler.post() second_id = response['session_id'] try: wbtip_handler.get() self.fail('wbtip_handler.get must throw') except errors.NotAuthenticated: pass self.assertTrue(GLSessions.get(first_id) is None) valid_session = GLSessions.get(second_id) self.assertTrue(valid_session is not None) self.assertEqual(valid_session.user_role, 'whistleblower') wbtip_handler = self.request(headers={'x-session': second_id}, handler_cls=WBTipInstance) yield wbtip_handler.get()
def test_single_session_per_user(self): handler = self.request({ 'username': '******', 'password': helpers.VALID_PASSWORD1 }) r1 = yield handler.post() r2 = yield handler.post() self.assertTrue(GLSessions.get(r1['session_id']) is None) self.assertTrue(GLSessions.get(r2['session_id']) is not None)
def test_successful_session_update_on_auth_request(self): session = GLSession('admin', 'admin', 'enabled') date1 = session.getTime() self.test_reactor.pump([1] * FUTURE) handler = self.request({}, headers={'X-Session': session.id}) yield handler.get_authenticated() date2 = GLSessions.get(session.id).getTime() self.assertEqual(date1 + FUTURE, date2)