File: test_middleware.py

package info (click to toggle)
django-session-security 2.6.7%2Bdfsg-2
  • links: PTS, VCS
  • area: main
  • in suites: sid, trixie
  • size: 660 kB
  • sloc: javascript: 6,675; python: 594; makefile: 134; sh: 10
file content (68 lines) | stat: -rw-r--r-- 2,778 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
 
import time
import unittest

from django.test.client import Client
from django import test
from session_security.utils import set_last_activity, get_last_activity
from datetime import datetime, timedelta

from .test_base import SettingsMixin


class MiddlewareTestCase(SettingsMixin, test.TestCase):
    fixtures = ['session_security_test_user']

    def setUp(self):
        super(MiddlewareTestCase, self).setUp()
        self.client = Client()

    def test_auto_logout(self):
        self.client.login(username='test', password='test')
        response = self.client.get('/admin/')
        self.assertTrue('_auth_user_id' in self.client.session)
        time.sleep(self.max_expire_after)
        response = self.client.get('/admin/')
        self.assertFalse('_auth_user_id' in self.client.session)

    def test_last_activity_in_future(self):
        self.client.login(username='test', password='test')
        now = datetime.now()
        future = now + timedelta(0, self.max_expire_after * 2)
        set_last_activity(self.client.session, future)
        response = self.client.get('/admin/')
        self.assertTrue('_auth_user_id' in self.client.session)

    def test_non_javascript_browse_no_logout(self):
        self.client.login(username='test', password='test')
        response = self.client.get('/admin/')
        time.sleep(self.max_warn_after)
        response = self.client.get('/admin/')
        self.assertTrue('_auth_user_id' in self.client.session)
        time.sleep(self.min_warn_after)
        response = self.client.get('/admin/')
        self.assertTrue('_auth_user_id' in self.client.session)

    def test_javascript_activity_no_logout(self):
        self.client.login(username='test', password='test')
        response = self.client.get('/admin/')
        time.sleep(self.max_warn_after)
        self.client.get('/session_security/ping/?idleFor=1')
        self.assertTrue('_auth_user_id' in self.client.session)
        time.sleep(self.min_warn_after)
        self.client.get('/admin/')
        self.assertTrue('_auth_user_id' in self.client.session)

    def test_url_names(self):
        self.client.login(username='test', password='test')
        # Confirm activity is updating
        response = self.client.get('/admin/')
        activity1 = get_last_activity(self.client.session)
        time.sleep(min(2, self.min_warn_after))
        response = self.client.get('/admin/')
        activity2 = get_last_activity(self.client.session)
        self.assertTrue(activity2 > activity1)
        # Confirm activity on ignored URL is NOT updated
        time.sleep(min(2, self.min_warn_after))
        response = self.client.get('/ignore/')
        activity3 = get_last_activity(self.client.session)
        self.assertEqual(activity2, activity3)