2018-05-10 19:00:29 +02:00
|
|
|
from typing import Any, Callable
|
2017-04-26 04:15:45 +02:00
|
|
|
|
|
|
|
from zerver.lib.sessions import (
|
|
|
|
user_sessions,
|
|
|
|
delete_session,
|
|
|
|
delete_user_sessions,
|
|
|
|
delete_realm_user_sessions,
|
|
|
|
delete_all_user_sessions,
|
|
|
|
delete_all_deactivated_user_sessions,
|
|
|
|
)
|
|
|
|
|
|
|
|
from zerver.models import (
|
2017-11-18 00:11:24 +01:00
|
|
|
UserProfile, get_user_profile_by_id, get_realm, Realm
|
2017-04-26 04:15:45 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
from zerver.lib.test_classes import ZulipTestCase
|
|
|
|
|
|
|
|
|
|
|
|
class TestSessions(ZulipTestCase):
|
|
|
|
|
2018-05-10 19:00:29 +02:00
|
|
|
def do_test_session(self, user: str,
|
2017-11-05 10:51:25 +01:00
|
|
|
action: Callable[[], Any],
|
2017-11-18 00:11:24 +01:00
|
|
|
realm: Realm,
|
2017-11-05 10:51:25 +01:00
|
|
|
expected_result: bool) -> None:
|
2017-11-18 00:11:24 +01:00
|
|
|
self.login(user, realm=realm)
|
2017-04-26 04:15:45 +02:00
|
|
|
self.assertIn('_auth_user_id', self.client.session)
|
|
|
|
action()
|
|
|
|
if expected_result:
|
2017-11-18 00:11:24 +01:00
|
|
|
result = self.client_get('/', subdomain=realm.subdomain)
|
2017-04-26 04:15:45 +02:00
|
|
|
self.assertEqual('/login', result.url)
|
|
|
|
else:
|
|
|
|
self.assertIn('_auth_user_id', self.client.session)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_delete_session(self) -> None:
|
2017-05-23 23:52:41 +02:00
|
|
|
user_profile = self.example_user('hamlet')
|
|
|
|
email = user_profile.email
|
|
|
|
self.login(email)
|
2017-04-26 04:15:45 +02:00
|
|
|
self.assertIn('_auth_user_id', self.client.session)
|
|
|
|
for session in user_sessions(user_profile):
|
|
|
|
delete_session(session)
|
|
|
|
result = self.client_get("/")
|
|
|
|
self.assertEqual('/login', result.url)
|
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_delete_user_sessions(self) -> None:
|
2017-05-23 23:52:41 +02:00
|
|
|
user_profile = self.example_user('hamlet')
|
|
|
|
email = user_profile.email
|
2017-11-18 00:11:24 +01:00
|
|
|
self.do_test_session(str(email), lambda: delete_user_sessions(user_profile),
|
|
|
|
get_realm("zulip"), True)
|
|
|
|
self.do_test_session(str(self.example_email("othello")),
|
|
|
|
lambda: delete_user_sessions(user_profile),
|
|
|
|
get_realm("zulip"), False)
|
2017-04-26 04:15:45 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_delete_realm_user_sessions(self) -> None:
|
2017-04-26 04:15:45 +02:00
|
|
|
realm = get_realm('zulip')
|
2017-11-18 00:11:24 +01:00
|
|
|
self.do_test_session(self.example_email("hamlet"),
|
|
|
|
lambda: delete_realm_user_sessions(realm),
|
|
|
|
get_realm("zulip"), True)
|
|
|
|
self.do_test_session(self.mit_email("sipbtest"),
|
|
|
|
lambda: delete_realm_user_sessions(realm),
|
|
|
|
get_realm("zephyr"), False)
|
2017-04-26 04:15:45 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_delete_all_user_sessions(self) -> None:
|
2017-11-18 00:11:24 +01:00
|
|
|
self.do_test_session(self.example_email("hamlet"),
|
|
|
|
lambda: delete_all_user_sessions(),
|
|
|
|
get_realm("zulip"), True)
|
|
|
|
self.do_test_session(self.mit_email("sipbtest"),
|
|
|
|
lambda: delete_all_user_sessions(),
|
|
|
|
get_realm("zephyr"), True)
|
2017-04-26 04:15:45 +02:00
|
|
|
|
2017-11-05 10:51:25 +01:00
|
|
|
def test_delete_all_deactivated_user_sessions(self) -> None:
|
2017-05-10 19:04:57 +02:00
|
|
|
|
|
|
|
# Test that no exception is thrown with a logged-out session
|
2017-05-23 23:52:41 +02:00
|
|
|
self.login(self.example_email("othello"))
|
2017-04-26 04:15:45 +02:00
|
|
|
self.assertIn('_auth_user_id', self.client.session)
|
|
|
|
self.client_post('/accounts/logout/')
|
|
|
|
delete_all_deactivated_user_sessions()
|
|
|
|
result = self.client_get("/")
|
|
|
|
self.assertEqual('/login', result.url)
|
|
|
|
|
2017-05-10 19:04:57 +02:00
|
|
|
# Test nothing happens to an active user's session
|
2017-05-23 23:52:41 +02:00
|
|
|
self.login(self.example_email("othello"))
|
2017-04-26 04:15:45 +02:00
|
|
|
self.assertIn('_auth_user_id', self.client.session)
|
|
|
|
delete_all_deactivated_user_sessions()
|
|
|
|
self.assertIn('_auth_user_id', self.client.session)
|
2017-05-10 19:04:57 +02:00
|
|
|
|
|
|
|
# Test that a deactivated session gets logged out
|
2017-05-23 23:52:41 +02:00
|
|
|
user_profile_3 = self.example_user('cordelia')
|
|
|
|
email_3 = user_profile_3.email
|
|
|
|
self.login(email_3)
|
2017-05-10 19:04:57 +02:00
|
|
|
self.assertIn('_auth_user_id', self.client.session)
|
|
|
|
user_profile_3.is_active = False
|
|
|
|
user_profile_3.save()
|
|
|
|
delete_all_deactivated_user_sessions()
|
|
|
|
result = self.client_get("/")
|
|
|
|
self.assertEqual('/login', result.url)
|