Skip to content

Commit

Permalink
added session expiration test for source interface
Browse files Browse the repository at this point in the history
  • Loading branch information
@heartsucker
heartsucker committed Oct 1, 2017
1 parent 1dd76f5 commit bad6431
Showing 1 changed file with 35 additions and 1 deletion.
36 changes: 35 additions & 1 deletion securedrop/tests/test_journalist.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
import unittest
import zipfile

from flask import url_for, escape
from flask import url_for, escape, session
from flask_testing import TestCase
from mock import patch, ANY, MagicMock
from sqlalchemy.orm.exc import StaleDataError
Expand Down Expand Up @@ -965,6 +965,40 @@ def test_add_star_redirects_to_index(self):
filesystem_id=source.filesystem_id))
self.assertRedirects(resp, url_for('index'))

def test_journalist_session_expiration(self):
try:
old_expiration = config.SESSION_EXPIRATION_MINUTES
has_session_expiration = True
except AttributeError:
has_session_expiration = False

try:
with self.client as client:
# do a real login to get a real session
# (none of the mocking `g` hacks)
resp = self.client.post(url_for('login'),
data=dict(username=self.user.username,
password=VALID_PASSWORD,
token='mocked'))
assert resp.status_code == 200

# set the expiration to ensure we trigger an expiration
config.SESSION_EXPIRATION_MINUTES = -1

resp = client.get(url_for('edit_account'),
follow_redirects=True)

# check that the session was cleared (apart from 'expires'
# which is always present and 'csrf_token' which leaks no info)
session.pop('expires', None)
session.pop('csrf_token', None)
assert not session, session
assert ('You have been logged out due to inactivity' in
resp.data.decode('utf-8'))
finally:
if has_session_expiration:
config.SESSION_EXPIRATION_MINUTES = old_expiration


class TestJournalistAppTwo(unittest.TestCase):

Expand Down

0 comments on commit bad6431

Please sign in to comment.