zulip/zerver/tests/test_sessions.py

from datetime import timedelta
from django.utils.timezone import now as timezone_now
from typing import Any, Callable

from zerver.lib.sessions import (
    user_sessions,
    delete_session,
    delete_user_sessions,
    delete_realm_user_sessions,
    delete_all_user_sessions,
    delete_all_deactivated_user_sessions,
    get_expirable_session_var,
    set_expirable_session_var,
)

from zerver.models import (
    get_realm, Realm, UserProfile
)

from zerver.lib.test_classes import ZulipTestCase

from unittest import mock

class TestSessions(ZulipTestCase):

    def do_test_session(self, user: UserProfile,
                        action: Callable[[], Any],
                        realm: Realm,
                        expected_result: bool) -> None:
        self.login_user(user)
        self.assertIn('_auth_user_id', self.client.session)
        action()
        if expected_result:
            result = self.client_get('/', subdomain=realm.subdomain)
            self.assertEqual('/login/', result.url)
        else:
            self.assertIn('_auth_user_id', self.client.session)

    def test_delete_session(self) -> None:
        user_profile = self.example_user('hamlet')
        self.login_user(user_profile)
        self.assertIn('_auth_user_id', self.client.session)
        for session in user_sessions(user_profile):
            delete_session(session)
        result = self.client_get("/")
        self.assertEqual('/login/', result.url)

    def test_delete_user_sessions(self) -> None:
        user_profile = self.example_user('hamlet')
        self.do_test_session(user_profile, lambda: delete_user_sessions(user_profile),
                             get_realm("zulip"), True)
        self.do_test_session(self.example_user("othello"),
                             lambda: delete_user_sessions(user_profile),
                             get_realm("zulip"), False)

    def test_delete_realm_user_sessions(self) -> None:
        realm = get_realm('zulip')
        self.do_test_session(self.example_user("hamlet"),
                             lambda: delete_realm_user_sessions(realm),
                             get_realm("zulip"), True)
        self.do_test_session(self.mit_user("sipbtest"),
                             lambda: delete_realm_user_sessions(realm),
                             get_realm("zephyr"), False)

    def test_delete_all_user_sessions(self) -> None:
        self.do_test_session(self.example_user("hamlet"),
                             lambda: delete_all_user_sessions(),
                             get_realm("zulip"), True)
        self.do_test_session(self.mit_user("sipbtest"),
                             lambda: delete_all_user_sessions(),
                             get_realm("zephyr"), True)

    def test_delete_all_deactivated_user_sessions(self) -> None:

        # Test that no exception is thrown with a logged-out session
        self.login('othello')
        self.assertIn('_auth_user_id', self.client.session)
        self.client_post('/accounts/logout/')
        delete_all_deactivated_user_sessions()
        result = self.client_get("/")
        self.assertEqual('/login/', result.url)

        # Test nothing happens to an active user's session
        self.login('othello')
        self.assertIn('_auth_user_id', self.client.session)
        delete_all_deactivated_user_sessions()
        self.assertIn('_auth_user_id', self.client.session)

        # Test that a deactivated session gets logged out
        user_profile_3 = self.example_user('cordelia')
        self.login_user(user_profile_3)
        self.assertIn('_auth_user_id', self.client.session)
        user_profile_3.is_active = False
        user_profile_3.save()
        delete_all_deactivated_user_sessions()
        result = self.client_get("/")
        self.assertEqual('/login/', result.url)

class TestExpirableSessionVars(ZulipTestCase):
    def setUp(self) -> None:
        self.session = self.client.session
        super().setUp()

    def test_set_and_get_basic(self) -> None:
        start_time = timezone_now()
        with mock.patch('zerver.lib.sessions.timezone_now', return_value=start_time):
            set_expirable_session_var(self.session, 'test_set_and_get_basic', 'some_value', expiry_seconds=10)
            value = get_expirable_session_var(self.session, 'test_set_and_get_basic')
            self.assertEqual(value, 'some_value')
        with mock.patch('zerver.lib.sessions.timezone_now', return_value=start_time + timedelta(seconds=11)):
            value = get_expirable_session_var(self.session, 'test_set_and_get_basic')
            self.assertEqual(value, None)

    def test_set_and_get_with_delete(self) -> None:
        set_expirable_session_var(self.session, 'test_set_and_get_with_delete', 'some_value', expiry_seconds=10)
        value = get_expirable_session_var(self.session, 'test_set_and_get_with_delete', delete=True)
        self.assertEqual(value, 'some_value')
        self.assertEqual(get_expirable_session_var(self.session, 'test_set_and_get_with_delete'), None)

    def test_get_var_not_set(self) -> None:
        value = get_expirable_session_var(self.session, 'test_get_var_not_set', default_value='default')
        self.assertEqual(value, 'default')

    def test_get_var_is_not_expirable(self) -> None:
        self.session["test_get_var_is_not_expirable"] = 0
        with mock.patch('zerver.lib.sessions.logging.warning') as mock_warn:
            value = get_expirable_session_var(self.session, 'test_get_var_is_not_expirable', default_value='default')
            self.assertEqual(value, 'default')
            mock_warn.assert_called_once()
sessions: Implement the concept of expirable session variables. This can be useful in the future for various things, and right now it'll specifically be used in the signup mobile/desktop flows. 2020-02-06 18:25:15 +01:00			`from datetime import timedelta`
			`from django.utils.timezone import now as timezone_now`
zerver/tests: Change use of typing.Text to str. 2018-05-10 19:00:29 +02:00			`from typing import Any, Callable`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00
			`from zerver.lib.sessions import (`
			`user_sessions,`
			`delete_session,`
			`delete_user_sessions,`
			`delete_realm_user_sessions,`
			`delete_all_user_sessions,`
			`delete_all_deactivated_user_sessions,`
sessions: Implement the concept of expirable session variables. This can be useful in the future for various things, and right now it'll specifically be used in the signup mobile/desktop flows. 2020-02-06 18:25:15 +01:00			`get_expirable_session_var,`
			`set_expirable_session_var,`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00			`)`

			`from zerver.models import (`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`get_realm, Realm, UserProfile`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00			`)`

			`from zerver.lib.test_classes import ZulipTestCase`

requirements: Drop direct dependency on mock. mock is just a backport of the standard library’s unittest.mock now. The SAMLAuthBackendTest change is needed because MagicMock.call_args.args wasn’t introduced until Python 3.8 (https://bugs.python.org/issue21269). The PROVISION_VERSION bump is skipped because mock is still an indirect dev requirement via moto. Signed-off-by: Anders Kaseorg <anders@zulip.com> 2020-05-26 07:16:25 +02:00			`from unittest import mock`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00
			`class TestSessions(ZulipTestCase):`

tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`def do_test_session(self, user: UserProfile,`
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them. 2017-11-05 10:51:25 +01:00			`action: Callable[[], Any],`
tests: Pass a realm option to login for non-zulip realms. This better matches the model of how having multiple realms should work: you need to specify which realm you're logging into. 2017-11-18 00:11:24 +01:00			`realm: Realm,`
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them. 2017-11-05 10:51:25 +01:00			`expected_result: bool) -> None:`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.login_user(user)`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00			`self.assertIn('_auth_user_id', self.client.session)`
			`action()`
			`if expected_result:`
tests: Pass a realm option to login for non-zulip realms. This better matches the model of how having multiple realms should work: you need to specify which realm you're logging into. 2017-11-18 00:11:24 +01:00			`result = self.client_get('/', subdomain=realm.subdomain)`
Avoid double redirects to /login and then to /login/. Signed-off-by: Anders Kaseorg <andersk@mit.edu> 2018-12-04 02:12:08 +01:00			`self.assertEqual('/login/', result.url)`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00			`else:`
			`self.assertIn('_auth_user_id', self.client.session)`

zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them. 2017-11-05 10:51:25 +01:00			`def test_delete_session(self) -> None:`
test_sessions.py: Use helpers instead of get_user_profile_by_email. 2017-05-23 23:52:41 +02:00			`user_profile = self.example_user('hamlet')`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.login_user(user_profile)`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00			`self.assertIn('_auth_user_id', self.client.session)`
			`for session in user_sessions(user_profile):`
			`delete_session(session)`
			`result = self.client_get("/")`
Avoid double redirects to /login and then to /login/. Signed-off-by: Anders Kaseorg <andersk@mit.edu> 2018-12-04 02:12:08 +01:00			`self.assertEqual('/login/', result.url)`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them. 2017-11-05 10:51:25 +01:00			`def test_delete_user_sessions(self) -> None:`
test_sessions.py: Use helpers instead of get_user_profile_by_email. 2017-05-23 23:52:41 +02:00			`user_profile = self.example_user('hamlet')`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.do_test_session(user_profile, lambda: delete_user_sessions(user_profile),`
tests: Pass a realm option to login for non-zulip realms. This better matches the model of how having multiple realms should work: you need to specify which realm you're logging into. 2017-11-18 00:11:24 +01:00			`get_realm("zulip"), True)`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.do_test_session(self.example_user("othello"),`
tests: Pass a realm option to login for non-zulip realms. This better matches the model of how having multiple realms should work: you need to specify which realm you're logging into. 2017-11-18 00:11:24 +01:00			`lambda: delete_user_sessions(user_profile),`
			`get_realm("zulip"), False)`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them. 2017-11-05 10:51:25 +01:00			`def test_delete_realm_user_sessions(self) -> None:`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00			`realm = get_realm('zulip')`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.do_test_session(self.example_user("hamlet"),`
tests: Pass a realm option to login for non-zulip realms. This better matches the model of how having multiple realms should work: you need to specify which realm you're logging into. 2017-11-18 00:11:24 +01:00			`lambda: delete_realm_user_sessions(realm),`
			`get_realm("zulip"), True)`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.do_test_session(self.mit_user("sipbtest"),`
tests: Pass a realm option to login for non-zulip realms. This better matches the model of how having multiple realms should work: you need to specify which realm you're logging into. 2017-11-18 00:11:24 +01:00			`lambda: delete_realm_user_sessions(realm),`
			`get_realm("zephyr"), False)`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them. 2017-11-05 10:51:25 +01:00			`def test_delete_all_user_sessions(self) -> None:`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.do_test_session(self.example_user("hamlet"),`
tests: Pass a realm option to login for non-zulip realms. This better matches the model of how having multiple realms should work: you need to specify which realm you're logging into. 2017-11-18 00:11:24 +01:00			`lambda: delete_all_user_sessions(),`
			`get_realm("zulip"), True)`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.do_test_session(self.mit_user("sipbtest"),`
tests: Pass a realm option to login for non-zulip realms. This better matches the model of how having multiple realms should work: you need to specify which realm you're logging into. 2017-11-18 00:11:24 +01:00			`lambda: delete_all_user_sessions(),`
			`get_realm("zephyr"), True)`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00
zerver/tests: Use python 3 syntax for typing. This patch was extracted by tabbott for just the files with no open PRs modifying them. 2017-11-05 10:51:25 +01:00			`def test_delete_all_deactivated_user_sessions(self) -> None:`
test_sessions: Extends tests to reach 100% coverage of sessions.py. Fixes #3980. 2017-05-10 19:04:57 +02:00
			`# Test that no exception is thrown with a logged-out session`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.login('othello')`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00			`self.assertIn('_auth_user_id', self.client.session)`
			`self.client_post('/accounts/logout/')`
			`delete_all_deactivated_user_sessions()`
			`result = self.client_get("/")`
Avoid double redirects to /login and then to /login/. Signed-off-by: Anders Kaseorg <andersk@mit.edu> 2018-12-04 02:12:08 +01:00			`self.assertEqual('/login/', result.url)`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00
test_sessions: Extends tests to reach 100% coverage of sessions.py. Fixes #3980. 2017-05-10 19:04:57 +02:00			`# Test nothing happens to an active user's session`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.login('othello')`
Add tests for zerver/lib/sessions.py. 2017-04-26 04:15:45 +02:00			`self.assertIn('_auth_user_id', self.client.session)`
			`delete_all_deactivated_user_sessions()`
			`self.assertIn('_auth_user_id', self.client.session)`
test_sessions: Extends tests to reach 100% coverage of sessions.py. Fixes #3980. 2017-05-10 19:04:57 +02:00
			`# Test that a deactivated session gets logged out`
test_sessions.py: Use helpers instead of get_user_profile_by_email. 2017-05-23 23:52:41 +02:00			`user_profile_3 = self.example_user('cordelia')`
tests: Limit email-based logins. We now have this API... If you really just need to log in and not do anything with the actual user: self.login('hamlet') If you're gonna use the user in the rest of the test: hamlet = self.example_user('hamlet') self.login_user(hamlet) If you are specifically testing email/password logins (used only in 4 places): self.login_by_email(email, password) And for failures uses this (used twice): self.assert_login_failure(email) 2020-03-06 18:40:46 +01:00			`self.login_user(user_profile_3)`
test_sessions: Extends tests to reach 100% coverage of sessions.py. Fixes #3980. 2017-05-10 19:04:57 +02:00			`self.assertIn('_auth_user_id', self.client.session)`
			`user_profile_3.is_active = False`
			`user_profile_3.save()`
			`delete_all_deactivated_user_sessions()`
			`result = self.client_get("/")`
Avoid double redirects to /login and then to /login/. Signed-off-by: Anders Kaseorg <andersk@mit.edu> 2018-12-04 02:12:08 +01:00			`self.assertEqual('/login/', result.url)`
sessions: Implement the concept of expirable session variables. This can be useful in the future for various things, and right now it'll specifically be used in the signup mobile/desktop flows. 2020-02-06 18:25:15 +01:00
			`class TestExpirableSessionVars(ZulipTestCase):`
			`def setUp(self) -> None:`
			`self.session = self.client.session`
			`super().setUp()`

			`def test_set_and_get_basic(self) -> None:`
			`start_time = timezone_now()`
			`with mock.patch('zerver.lib.sessions.timezone_now', return_value=start_time):`
			`set_expirable_session_var(self.session, 'test_set_and_get_basic', 'some_value', expiry_seconds=10)`
			`value = get_expirable_session_var(self.session, 'test_set_and_get_basic')`
			`self.assertEqual(value, 'some_value')`
			`with mock.patch('zerver.lib.sessions.timezone_now', return_value=start_time + timedelta(seconds=11)):`
			`value = get_expirable_session_var(self.session, 'test_set_and_get_basic')`
			`self.assertEqual(value, None)`

			`def test_set_and_get_with_delete(self) -> None:`
			`set_expirable_session_var(self.session, 'test_set_and_get_with_delete', 'some_value', expiry_seconds=10)`
			`value = get_expirable_session_var(self.session, 'test_set_and_get_with_delete', delete=True)`
			`self.assertEqual(value, 'some_value')`
			`self.assertEqual(get_expirable_session_var(self.session, 'test_set_and_get_with_delete'), None)`

			`def test_get_var_not_set(self) -> None:`
			`value = get_expirable_session_var(self.session, 'test_get_var_not_set', default_value='default')`
			`self.assertEqual(value, 'default')`

			`def test_get_var_is_not_expirable(self) -> None:`
			`self.session["test_get_var_is_not_expirable"] = 0`
			`with mock.patch('zerver.lib.sessions.logging.warning') as mock_warn:`
			`value = get_expirable_session_var(self.session, 'test_get_var_is_not_expirable', default_value='default')`
			`self.assertEqual(value, 'default')`
			`mock_warn.assert_called_once()`