Skip to content

Commit

Permalink
add a test of constant sessions
Browse files Browse the repository at this point in the history
  • Loading branch information
@Changaco
Changaco committed Dec 9, 2024
1 parent 0036879 commit 12193d0
Showing 1 changed file with 95 additions and 0 deletions.
95 changes: 95 additions & 0 deletions tests/py/test_sessions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -787,3 +787,98 @@ def test_a_read_only_session_can_be_used_to_view_an_account_but_not_modify_it(se
assert r.code == 200, r.text
r = self.client.PxST('/alice/edit/username', {}, auth_as=alice)
assert r.code == 403, r.text

def test_constant_sessions(self):
alice = self.make_participant('alice')
r = self.client.GET('/alice/access/constant-session', auth_as=alice)
assert r.code == 200, r.text
constant_sessions = self.db.all("""
SELECT *
FROM user_secrets
WHERE participant = %s
AND id >= 800
""", (alice.id,))
assert not constant_sessions
del constant_sessions
# Test creating the constant session
r = self.client.PxST(
'/alice/access/constant-session',
{'action': 'start'},
auth_as=alice,
)
assert r.code == 302, r.text
constant_session = self.db.one("""
SELECT *
FROM user_secrets
WHERE participant = %s
AND id >= 800
""", (alice.id,))
assert constant_session
r = self.client.GET('/alice/access/constant-session', auth_as=alice)
assert r.code == 200, r.text
assert constant_session.secret in r.text
# Test using the constant session
r = self.client.GxT(
'/about/me/',
cookies={
'session': f'{alice.id}:{constant_session.id}:{constant_session.secret}',
},
)
assert r.code == 302, r.text
# Test regenerating the constant session
r = self.client.PxST(
'/alice/access/constant-session',
{'action': 'start'},
auth_as=alice,
)
assert r.code == 302, r.text
old_constant_session = constant_session
constant_session = self.db.one("""
SELECT *
FROM user_secrets
WHERE participant = %s
AND id >= 800
""", (alice.id,))
assert constant_session
assert constant_session.secret != old_constant_session.secret
# Test expiration of the session
self.db.run("""
UPDATE user_secrets
SET mtime = mtime - interval '300 days'
, latest_use = latest_use - interval '300 days'
WHERE id = 800
""")
r = self.client.GxT(
'/about/me/',
cookies={
'session': f'{alice.id}:{constant_session.id}:{constant_session.secret}',
},
)
assert r.code == 302, r.text
self.db.run("""
UPDATE user_secrets
SET mtime = mtime - interval '500 days'
, latest_use = latest_use - interval '500 days'
WHERE id = 800
""")
r = self.client.GxT(
'/about/me/',
cookies={
'session': f'{alice.id}:{constant_session.id}:{constant_session.secret}',
},
)
assert r.code == 403, r.text
# Test revoking the constant session
r = self.client.PxST(
'/alice/access/constant-session',
{'action': 'end'},
auth_as=alice,
)
assert r.code == 302, r.text
constant_session = self.db.one("""
SELECT *
FROM user_secrets
WHERE participant = %s
AND id >= 800
""", (alice.id,))
assert not constant_session

0 comments on commit 12193d0

Please sign in to comment.