Mercurial > p > roundup > code
comparison test/test_liveserver.py @ 6813:6b636fb29740
Refactor client.py session cookie code. Remove session db access.
The original code did a session_db.exists test followed by a
session_db.getall.
Refactor does a getall and if a KeyError is thrown, handles the
error. Most likely the session key will be found so exception handling
won't be triggered.
Added test case to test the exception code path and minor
rearrangement of setup code.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 03 Aug 2022 17:34:58 -0400 |
| parents | 6d4ac1ae2ae8 |
| children | d9c9f5b81d4d |
comparison
equal
deleted
inserted
replaced
| 6812:d7905a78ab8a | 6813:6b636fb29740 |
|---|---|
| 71 cls.db.config['TRACKER_WEB'] = "http://localhost:9001/" | 71 cls.db.config['TRACKER_WEB'] = "http://localhost:9001/" |
| 72 # set up mailhost so errors get reported to debuging capture file | 72 # set up mailhost so errors get reported to debuging capture file |
| 73 cls.db.config.MAILHOST = "localhost" | 73 cls.db.config.MAILHOST = "localhost" |
| 74 cls.db.config.MAIL_HOST = "localhost" | 74 cls.db.config.MAIL_HOST = "localhost" |
| 75 cls.db.config.MAIL_DEBUG = "../_test_tracker_mail.log" | 75 cls.db.config.MAIL_DEBUG = "../_test_tracker_mail.log" |
| 76 | |
| 77 # added to enable csrf forgeries/CORS to be tested | |
| 76 cls.db.config.WEB_CSRF_ENFORCE_HEADER_ORIGIN = "required" | 78 cls.db.config.WEB_CSRF_ENFORCE_HEADER_ORIGIN = "required" |
| 77 cls.db.config.WEB_ALLOWED_API_ORIGINS = "https://client.com" | 79 cls.db.config.WEB_ALLOWED_API_ORIGINS = "https://client.com" |
| 80 cls.db.config['WEB_CSRF_ENFORCE_HEADER_X-REQUESTED-WITH'] = "required" | |
| 78 | 81 |
| 79 # disable web login rate limiting. The fast rate of tests | 82 # disable web login rate limiting. The fast rate of tests |
| 80 # causes them to trip the rate limit and fail. | 83 # causes them to trip the rate limit and fail. |
| 81 cls.db.config.WEB_LOGIN_ATTEMPTS_MIN = 0 | 84 cls.db.config.WEB_LOGIN_ATTEMPTS_MIN = 0 |
| 82 | 85 |
| 83 cls.db.config['WEB_CSRF_ENFORCE_HEADER_X-REQUESTED-WITH'] = "required" | |
| 84 | |
| 85 # enable static precompressed files | 86 # enable static precompressed files |
| 86 cls.db.config.WEB_USE_PRECOMPRESSED_FILES = 1 | 87 cls.db.config.WEB_USE_PRECOMPRESSED_FILES = 1 |
| 87 | 88 |
| 88 cls.db.config.save() | 89 cls.db.config.save() |
| 89 | 90 |
| 901 print(f.headers) | 902 print(f.headers) |
| 902 | 903 |
| 903 self.assertEqual(f.status_code, 200) | 904 self.assertEqual(f.status_code, 200) |
| 904 self.assertEqual(f.headers['Cache-Control'], 'public, max-age=1209600') | 905 self.assertEqual(f.headers['Cache-Control'], 'public, max-age=1209600') |
| 905 | 906 |
| 907 def test_missing_session_key(self): | |
| 908 '''Test case where we have an outdated session cookie. Make | |
| 909 sure cookie is removed. | |
| 910 ''' | |
| 911 session = requests.Session() | |
| 912 session.headers.update({'Origin': 'http://localhost:9001'}) | |
| 913 | |
| 914 # login using form to get cookie | |
| 915 login = {"__login_name": 'admin', '__login_password': 'sekrit', | |
| 916 "@action": "login"} | |
| 917 f = session.post(self.url_base()+'/', data=login) | |
| 918 | |
| 919 # verify cookie is present and we are logged in | |
| 920 self.assertIn('<b>Hello, admin</b>', f.text) | |
| 921 self.assertIn('roundup_session_Roundupissuetracker', | |
| 922 session.cookies) | |
| 923 | |
| 924 f = session.get(self.url_base()+'/') | |
| 925 self.assertIn('<b>Hello, admin</b>', f.text) | |
| 926 | |
| 927 for cookie in session.cookies: | |
| 928 if cookie.name == 'roundup_session_Roundupissuetracker': | |
| 929 cookie.value = 'bad_cookie_no_chocolate' | |
| 930 break | |
| 931 | |
| 932 f = session.get(self.url_base()+'/') | |
| 933 | |
| 934 self.assertNotIn('<b>Hello, admin</b>', f.text) | |
| 935 self.assertNotIn('roundup_session_Roundupissuetracker', session.cookies) | |
| 936 | |
| 906 def test_login_fail_then_succeed(self): | 937 def test_login_fail_then_succeed(self): |
| 907 # Set up session to manage cookies <insert blue monster here> | 938 # Set up session to manage cookies <insert blue monster here> |
| 908 session = requests.Session() | 939 session = requests.Session() |
| 909 session.headers.update({'Origin': 'http://localhost:9001'}) | 940 session.headers.update({'Origin': 'http://localhost:9001'}) |
| 910 | 941 |