# HG changeset patch # User Søren Løvborg # Date 1437911930 -7200 # Node ID 81d8affd08f407e24f0cccf1c609e8f3c23e9d20 # Parent 789c98a9306d83ca1e30a3c41219d0f7fbcdad44 auth: remove username from AuthUser session cookie There's no reason to store the username when we store the user ID. We have load the user from database anyway under all circumstances, to verify e.g. that the user is (still) active. This does not impact application code, but does impact a number of test cases which explicitly checks the username stored in the session. diff -r 789c98a9306d -r 81d8affd08f4 kallithea/lib/auth.py --- a/kallithea/lib/auth.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/lib/auth.py Sun Jul 26 13:58:50 2015 +0200 @@ -626,7 +626,6 @@ """ Serializes this login session to a cookie `dict`. """ return { 'user_id': self.user_id, - 'username': self.username, 'is_authenticated': self.is_authenticated, 'is_external_auth': self.is_external_auth, } diff -r 789c98a9306d -r 81d8affd08f4 kallithea/tests/__init__.py --- a/kallithea/tests/__init__.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/tests/__init__.py Sun Jul 26 13:58:50 2015 +0200 @@ -213,16 +213,22 @@ self.fail('could not login using %s %s' % (username, password)) self.assertEqual(response.status, '302 Found') - ses = response.session['authuser'] - self.assertEqual(ses.get('username'), username) + self.assert_authenticated_user(response, username) + response = response.follow() - self.assertEqual(ses.get('is_authenticated'), True) - return response.session['authuser'] def _get_logged_user(self): return User.get_by_username(self._logged_username) + def assert_authenticated_user(self, response, expected_username): + cookie = response.session.get('authuser') + user = cookie and cookie.get('user_id') + user = user and User.get(user) + user = user and user.username + self.assertEqual(user, expected_username) + self.assertEqual(cookie.get('is_authenticated'), True) + def authentication_token(self): return self.app.get(url('authentication_token')).body diff -r 789c98a9306d -r 81d8affd08f4 kallithea/tests/functional/test_login.py --- a/kallithea/tests/functional/test_login.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/tests/functional/test_login.py Sun Jul 26 13:58:50 2015 +0200 @@ -31,8 +31,8 @@ {'username': TEST_USER_ADMIN_LOGIN, 'password': TEST_USER_ADMIN_PASS}) self.assertEqual(response.status, '302 Found') - self.assertEqual(response.session['authuser'].get('username'), - TEST_USER_ADMIN_LOGIN) + self.assert_authenticated_user(response, TEST_USER_ADMIN_LOGIN) + response = response.follow() response.mustcontain('/%s' % HG_REPO) @@ -42,8 +42,8 @@ 'password': TEST_USER_REGULAR_PASS}) self.assertEqual(response.status, '302 Found') - self.assertEqual(response.session['authuser'].get('username'), - TEST_USER_REGULAR_LOGIN) + self.assert_authenticated_user(response, TEST_USER_REGULAR_LOGIN) + response = response.follow() response.mustcontain('/%s' % HG_REPO)