Skip to content
Snippets Groups Projects
Commit 409117f7 authored by Julian's avatar Julian
Browse files

Bind session to client id

Fixes #5
parent ea7786a1
No related branches found
No related tags found
No related merge requests found
...@@ -22,6 +22,7 @@ def create_app(test_config=None): ...@@ -22,6 +22,7 @@ def create_app(test_config=None):
def auth(): def auth():
try: try:
timestamp = datetime.datetime.fromtimestamp(session['timestamp']) timestamp = datetime.datetime.fromtimestamp(session['timestamp'])
client_id = session['client_id']
user_id = session['user_id'] user_id = session['user_id']
user_name = session['user_name'] user_name = session['user_name']
user_nickname = session['user_nickname'] user_nickname = session['user_nickname']
...@@ -32,7 +33,8 @@ def create_app(test_config=None): ...@@ -32,7 +33,8 @@ def create_app(test_config=None):
session.clear() session.clear()
session['cookies_enabled'] = True session['cookies_enabled'] = True
abort(401) abort(401)
if datetime.datetime.now() - timestamp > datetime.timedelta(days=2): if datetime.datetime.now() - timestamp > datetime.timedelta(days=2) or \
client_id != request.headers['X-CLIENT-ID']:
session.clear() session.clear()
session['cookies_enabled'] = True session['cookies_enabled'] = True
abort(401) abort(401)
...@@ -85,6 +87,7 @@ def create_app(test_config=None): ...@@ -85,6 +87,7 @@ def create_app(test_config=None):
session.clear() session.clear()
session['timestamp'] = datetime.datetime.now().timestamp() session['timestamp'] = datetime.datetime.now().timestamp()
session['client_id'] = request.headers['X-CLIENT-ID']
session['user_id'] = userinfo['id'] session['user_id'] = userinfo['id']
session['user_name'] = userinfo['name'] session['user_name'] = userinfo['name']
session['user_nickname'] = userinfo['nickname'] session['user_nickname'] = userinfo['nickname']
......
...@@ -114,6 +114,7 @@ class TestCases(unittest.TestCase): ...@@ -114,6 +114,7 @@ class TestCases(unittest.TestCase):
self.assertEqual(r.location, 'https://127.0.0.123:7654/app') self.assertEqual(r.location, 'https://127.0.0.123:7654/app')
with self.client.session_transaction() as session: with self.client.session_transaction() as session:
self.assertGreaterEqual(session['timestamp'], (datetime.datetime.now() - datetime.timedelta(seconds=60)).timestamp()) self.assertGreaterEqual(session['timestamp'], (datetime.datetime.now() - datetime.timedelta(seconds=60)).timestamp())
self.assertEqual(session['client_id'], 'test_client_id')
self.assertEqual(session['user_id'], 1234) self.assertEqual(session['user_id'], 1234)
self.assertEqual(session['user_name'], 'Test User') self.assertEqual(session['user_name'], 'Test User')
self.assertEqual(session['user_nickname'], 'testuser') self.assertEqual(session['user_nickname'], 'testuser')
...@@ -136,6 +137,7 @@ class TestCases(unittest.TestCase): ...@@ -136,6 +137,7 @@ class TestCases(unittest.TestCase):
def test_auth_session(self): def test_auth_session(self):
with self.client.session_transaction() as session: with self.client.session_transaction() as session:
session['timestamp'] = datetime.datetime.now().timestamp() session['timestamp'] = datetime.datetime.now().timestamp()
session['client_id'] = 'test_client_id'
session['user_id'] = 1234 session['user_id'] = 1234
session['user_name'] = 'Test User' session['user_name'] = 'Test User'
session['user_nickname'] = 'testuser' session['user_nickname'] = 'testuser'
...@@ -154,6 +156,20 @@ class TestCases(unittest.TestCase): ...@@ -154,6 +156,20 @@ class TestCases(unittest.TestCase):
def test_auth_session_timeout(self): def test_auth_session_timeout(self):
with self.client.session_transaction() as session: with self.client.session_transaction() as session:
session['timestamp'] = (datetime.datetime.now() - datetime.timedelta(days=3)).timestamp() session['timestamp'] = (datetime.datetime.now() - datetime.timedelta(days=3)).timestamp()
session['client_id'] = 'test_client_id'
session['user_id'] = 1234
session['user_name'] = 'Test User'
session['user_nickname'] = 'testuser'
session['user_email'] = 'test@example.com'
session['user_ldap_dn'] = 'uid=testuser,ou=users,dc=example,dc=com'
session['user_groups'] = ['uffd_access', 'users']
r = self.client.get(path='/auth', headers=headers)
self.assertEqual(r.status_code, 401)
def test_auth_session_wrong_client(self):
with self.client.session_transaction() as session:
session['timestamp'] = (datetime.datetime.now() - datetime.timedelta(days=3)).timestamp()
session['client_id'] = 'other_client_id'
session['user_id'] = 1234 session['user_id'] = 1234
session['user_name'] = 'Test User' session['user_name'] = 'Test User'
session['user_nickname'] = 'testuser' session['user_nickname'] = 'testuser'
...@@ -166,6 +182,7 @@ class TestCases(unittest.TestCase): ...@@ -166,6 +182,7 @@ class TestCases(unittest.TestCase):
def test_logout(self): def test_logout(self):
with self.client.session_transaction() as session: with self.client.session_transaction() as session:
session['timestamp'] = datetime.datetime.now().timestamp() session['timestamp'] = datetime.datetime.now().timestamp()
session['client_id'] = 'test_client_id'
session['user_id'] = 1234 session['user_id'] = 1234
session['user_name'] = 'Test User' session['user_name'] = 'Test User'
session['user_nickname'] = 'testuser' session['user_nickname'] = 'testuser'
...@@ -186,6 +203,7 @@ class TestCases(unittest.TestCase): ...@@ -186,6 +203,7 @@ class TestCases(unittest.TestCase):
def test_logout_redirect(self): def test_logout_redirect(self):
with self.client.session_transaction() as session: with self.client.session_transaction() as session:
session['timestamp'] = datetime.datetime.now().timestamp() session['timestamp'] = datetime.datetime.now().timestamp()
session['client_id'] = 'test_client_id'
session['user_id'] = 1234 session['user_id'] = 1234
session['user_name'] = 'Test User' session['user_name'] = 'Test User'
session['user_nickname'] = 'testuser' session['user_nickname'] = 'testuser'
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment