2020-02-06 18:25:15 +01:00
|
|
|
from datetime import timedelta
|
2018-05-10 19:00:29 +02:00
|
|
|
from typing import Any, Callable
|
2020-06-11 00:54:34 +02:00
|
|
|
|
2023-11-28 19:16:58 +01:00
|
|
|
import time_machine
|
2020-06-11 00:54:34 +02:00
|
|
|
from django.utils.timezone import now as timezone_now
|
2023-10-12 19:43:45 +02:00
|
|
|
from typing_extensions import override
|
2017-04-26 04:15:45 +02:00
|
|
|
|
2022-04-19 11:47:26 +02:00
|
|
|
from zerver.actions.realm_settings import do_set_realm_property
|
2022-04-14 23:48:28 +02:00
|
|
|
from zerver.actions.users import change_user_is_active
|
2017-04-26 04:15:45 +02:00
|
|
|
from zerver.lib.sessions import (
|
2020-06-11 00:54:34 +02:00
|
|
|
delete_all_deactivated_user_sessions,
|
|
|
|
delete_all_user_sessions,
|
|
|
|
delete_realm_user_sessions,
|
2017-04-26 04:15:45 +02:00
|
|
|
delete_session,
|
|
|
|
delete_user_sessions,
|
2020-02-06 18:25:15 +01:00
|
|
|
get_expirable_session_var,
|
|
|
|
set_expirable_session_var,
|
2020-06-11 00:54:34 +02:00
|
|
|
user_sessions,
|
2017-04-26 04:15:45 +02:00
|
|
|
)
|
|
|
|
from zerver.lib.test_classes import ZulipTestCase
|
2023-12-15 02:14:24 +01:00
|
|
|
from zerver.models import Realm, UserProfile
|
|
|
|
from zerver.models.realms import get_realm
|
2017-04-26 04:15:45 +02:00
|
|
|
|
|
|
|
|
|
|
|
class TestSessions(ZulipTestCase):
|
2021-02-12 08:19:30 +01:00
|
|
|
def do_test_session(
|
|
|
|
self, user: UserProfile, action: Callable[[], Any], realm: Realm, expected_result: bool
|
|
|
|
) -> None:
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user)
|
2021-02-12 08:20:45 +01:00
|
|
|
self.assertIn("_auth_user_id", self.client.session)
|
2017-04-26 04:15:45 +02:00
|
|
|
action()
|
|
|
|
if expected_result:
|
2021-02-12 08:20:45 +01:00
|
|
|
result = self.client_get("/", subdomain=realm.subdomain)
|
2022-04-19 11:47:26 +02:00
|
|
|
self.assertEqual(200, result.status_code)
|
|
|
|
self.assertTrue('is_spectator":true' in str(result.content))
|
2017-04-26 04:15:45 +02:00
|
|
|
else:
|
2021-02-12 08:20:45 +01:00
|
|
|
self.assertIn("_auth_user_id", self.client.session)
|
2017-04-26 04:15:45 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_delete_session(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
user_profile = self.example_user("hamlet")
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user_profile)
|
2021-02-12 08:20:45 +01:00
|
|
|
self.assertIn("_auth_user_id", self.client.session)
|
2017-04-26 04:15:45 +02:00
|
|
|
for session in user_sessions(user_profile):
|
|
|
|
delete_session(session)
|
|
|
|
result = self.client_get("/")
|
2022-04-19 11:47:26 +02:00
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assertTrue('is_spectator":true' in str(result.content))
|
2017-04-26 04:15:45 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_delete_user_sessions(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
user_profile = self.example_user("hamlet")
|
2021-02-12 08:19:30 +01:00
|
|
|
self.do_test_session(
|
|
|
|
user_profile, lambda: delete_user_sessions(user_profile), get_realm("zulip"), True
|
|
|
|
)
|
|
|
|
self.do_test_session(
|
|
|
|
self.example_user("othello"),
|
|
|
|
lambda: delete_user_sessions(user_profile),
|
|
|
|
get_realm("zulip"),
|
|
|
|
False,
|
|
|
|
)
|
2017-04-26 04:15:45 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_delete_realm_user_sessions(self) -> None:
|
2021-02-12 08:20:45 +01:00
|
|
|
realm = get_realm("zulip")
|
2021-02-12 08:19:30 +01:00
|
|
|
self.do_test_session(
|
|
|
|
self.example_user("hamlet"),
|
|
|
|
lambda: delete_realm_user_sessions(realm),
|
|
|
|
get_realm("zulip"),
|
|
|
|
True,
|
|
|
|
)
|
|
|
|
self.do_test_session(
|
|
|
|
self.mit_user("sipbtest"),
|
|
|
|
lambda: delete_realm_user_sessions(realm),
|
|
|
|
get_realm("zephyr"),
|
|
|
|
False,
|
|
|
|
)
|
2017-04-26 04:15:45 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_delete_all_user_sessions(self) -> None:
|
2021-02-12 08:19:30 +01:00
|
|
|
self.do_test_session(
|
|
|
|
self.example_user("hamlet"),
|
2024-03-01 02:56:37 +01:00
|
|
|
delete_all_user_sessions,
|
2021-02-12 08:19:30 +01:00
|
|
|
get_realm("zulip"),
|
|
|
|
True,
|
|
|
|
)
|
2022-04-19 11:47:26 +02:00
|
|
|
|
|
|
|
lear_realm = get_realm("lear")
|
|
|
|
do_set_realm_property(lear_realm, "enable_spectator_access", True, acting_user=None)
|
|
|
|
self.make_stream(
|
|
|
|
"web_public_stream",
|
|
|
|
realm=lear_realm,
|
|
|
|
is_web_public=True,
|
|
|
|
)
|
2021-02-12 08:19:30 +01:00
|
|
|
self.do_test_session(
|
2022-04-19 11:47:26 +02:00
|
|
|
self.lear_user("cordelia"),
|
2024-03-01 02:56:37 +01:00
|
|
|
delete_all_user_sessions,
|
2022-04-19 11:47:26 +02:00
|
|
|
lear_realm,
|
|
|
|
True,
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2017-04-26 04:15:45 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_delete_all_deactivated_user_sessions(self) -> None:
|
2017-05-10 19:04:57 +02:00
|
|
|
# Test that no exception is thrown with a logged-out session
|
2021-02-12 08:20:45 +01:00
|
|
|
self.login("othello")
|
|
|
|
self.assertIn("_auth_user_id", self.client.session)
|
|
|
|
self.client_post("/accounts/logout/")
|
2017-04-26 04:15:45 +02:00
|
|
|
delete_all_deactivated_user_sessions()
|
|
|
|
result = self.client_get("/")
|
2022-04-19 11:47:26 +02:00
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assertTrue('is_spectator":true' in str(result.content))
|
2017-04-26 04:15:45 +02:00
|
|
|
|
2017-05-10 19:04:57 +02:00
|
|
|
# Test nothing happens to an active user's session
|
2021-02-12 08:20:45 +01:00
|
|
|
self.login("othello")
|
|
|
|
self.assertIn("_auth_user_id", self.client.session)
|
2017-04-26 04:15:45 +02:00
|
|
|
delete_all_deactivated_user_sessions()
|
2021-02-12 08:20:45 +01:00
|
|
|
self.assertIn("_auth_user_id", self.client.session)
|
2017-05-10 19:04:57 +02:00
|
|
|
|
|
|
|
# Test that a deactivated session gets logged out
|
2021-02-12 08:20:45 +01:00
|
|
|
user_profile_3 = self.example_user("cordelia")
|
2020-03-06 18:40:46 +01:00
|
|
|
self.login_user(user_profile_3)
|
2021-02-12 08:20:45 +01:00
|
|
|
self.assertIn("_auth_user_id", self.client.session)
|
2021-02-14 00:03:40 +01:00
|
|
|
change_user_is_active(user_profile_3, False)
|
2021-02-12 08:20:45 +01:00
|
|
|
with self.assertLogs(level="INFO") as info_logs:
|
2020-07-27 01:08:29 +02:00
|
|
|
delete_all_deactivated_user_sessions()
|
2021-02-12 08:19:30 +01:00
|
|
|
self.assertEqual(
|
2021-07-09 21:38:06 +02:00
|
|
|
info_logs.output,
|
|
|
|
[f"INFO:root:Deactivating session for deactivated user {user_profile_3.id}"],
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2017-05-10 19:04:57 +02:00
|
|
|
result = self.client_get("/")
|
2022-04-19 11:47:26 +02:00
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
self.assertTrue('is_spectator":true' in str(result.content))
|
2020-02-06 18:25:15 +01:00
|
|
|
|
2021-02-12 08:19:30 +01:00
|
|
|
|
2020-02-06 18:25:15 +01:00
|
|
|
class TestExpirableSessionVars(ZulipTestCase):
|
2023-10-12 19:43:45 +02:00
|
|
|
@override
|
2020-02-06 18:25:15 +01:00
|
|
|
def setUp(self) -> None:
|
|
|
|
self.session = self.client.session
|
|
|
|
super().setUp()
|
|
|
|
|
|
|
|
def test_set_and_get_basic(self) -> None:
|
|
|
|
start_time = timezone_now()
|
2023-11-28 19:16:58 +01:00
|
|
|
with time_machine.travel(start_time, tick=False):
|
2021-02-12 08:19:30 +01:00
|
|
|
set_expirable_session_var(
|
2021-02-12 08:20:45 +01:00
|
|
|
self.session, "test_set_and_get_basic", "some_value", expiry_seconds=10
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2021-02-12 08:20:45 +01:00
|
|
|
value = get_expirable_session_var(self.session, "test_set_and_get_basic")
|
|
|
|
self.assertEqual(value, "some_value")
|
2023-11-28 19:16:58 +01:00
|
|
|
with time_machine.travel((start_time + timedelta(seconds=11)), tick=False):
|
2021-02-12 08:20:45 +01:00
|
|
|
value = get_expirable_session_var(self.session, "test_set_and_get_basic")
|
2020-02-06 18:25:15 +01:00
|
|
|
self.assertEqual(value, None)
|
|
|
|
|
|
|
|
def test_set_and_get_with_delete(self) -> None:
|
2021-02-12 08:19:30 +01:00
|
|
|
set_expirable_session_var(
|
2021-02-12 08:20:45 +01:00
|
|
|
self.session, "test_set_and_get_with_delete", "some_value", expiry_seconds=10
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2021-02-12 08:20:45 +01:00
|
|
|
value = get_expirable_session_var(self.session, "test_set_and_get_with_delete", delete=True)
|
|
|
|
self.assertEqual(value, "some_value")
|
2021-02-12 08:19:30 +01:00
|
|
|
self.assertEqual(
|
2021-02-12 08:20:45 +01:00
|
|
|
get_expirable_session_var(self.session, "test_set_and_get_with_delete"), None
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2020-02-06 18:25:15 +01:00
|
|
|
|
|
|
|
def test_get_var_not_set(self) -> None:
|
2021-02-12 08:19:30 +01:00
|
|
|
value = get_expirable_session_var(
|
2021-02-12 08:20:45 +01:00
|
|
|
self.session, "test_get_var_not_set", default_value="default"
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2021-02-12 08:20:45 +01:00
|
|
|
self.assertEqual(value, "default")
|
2020-02-06 18:25:15 +01:00
|
|
|
|
|
|
|
def test_get_var_is_not_expirable(self) -> None:
|
|
|
|
self.session["test_get_var_is_not_expirable"] = 0
|
2021-02-12 08:20:45 +01:00
|
|
|
with self.assertLogs(level="WARNING") as m:
|
2021-02-12 08:19:30 +01:00
|
|
|
value = get_expirable_session_var(
|
2021-02-12 08:20:45 +01:00
|
|
|
self.session, "test_get_var_is_not_expirable", default_value="default"
|
2021-02-12 08:19:30 +01:00
|
|
|
)
|
2021-02-12 08:20:45 +01:00
|
|
|
self.assertEqual(value, "default")
|
2021-02-12 08:19:30 +01:00
|
|
|
self.assertIn(
|
2021-02-12 08:20:45 +01:00
|
|
|
"WARNING:root:get_expirable_session_var: error getting test_get_var_is_not_expirable",
|
2021-02-12 08:19:30 +01:00
|
|
|
m.output[0],
|
|
|
|
)
|