Mercurial > kallithea

changeset 5323:81d8affd08f4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
auth: remove username from AuthUser session cookie There's no reason to store the username when we store the user ID. We have load the user from database anyway under all circumstances, to verify e.g. that the user is (still) active. This does not impact application code, but does impact a number of test cases which explicitly checks the username stored in the session.
author Søren Løvborg <kwi@kwi.dk>
date Sun, 26 Jul 2015 13:58:50 +0200
parents 789c98a9306d
children 7e8d80882865
files kallithea/lib/auth.py kallithea/tests/__init__.py kallithea/tests/functional/test_login.py
diffstat 3 files changed, 14 insertions(+), 9 deletions(-) [+]
line wrap: on
line diff
--- a/kallithea/lib/auth.py	Sun Jul 26 13:58:50 2015 +0200
+++ b/kallithea/lib/auth.py	Sun Jul 26 13:58:50 2015 +0200
@@ -626,7 +626,6 @@
         """ Serializes this login session to a cookie `dict`. """
         return {
             'user_id': self.user_id,
-            'username': self.username,
             'is_authenticated': self.is_authenticated,
             'is_external_auth': self.is_external_auth,
         }
--- a/kallithea/tests/__init__.py	Sun Jul 26 13:58:50 2015 +0200
+++ b/kallithea/tests/__init__.py	Sun Jul 26 13:58:50 2015 +0200
@@ -213,16 +213,22 @@
             self.fail('could not login using %s %s' % (username, password))
 
         self.assertEqual(response.status, '302 Found')
-        ses = response.session['authuser']
-        self.assertEqual(ses.get('username'), username)
+        self.assert_authenticated_user(response, username)
+
         response = response.follow()
-        self.assertEqual(ses.get('is_authenticated'), True)
-
         return response.session['authuser']
 
     def _get_logged_user(self):
         return User.get_by_username(self._logged_username)
 
+    def assert_authenticated_user(self, response, expected_username):
+        cookie = response.session.get('authuser')
+        user = cookie and cookie.get('user_id')
+        user = user and User.get(user)
+        user = user and user.username
+        self.assertEqual(user, expected_username)
+        self.assertEqual(cookie.get('is_authenticated'), True)
+
     def authentication_token(self):
         return self.app.get(url('authentication_token')).body
 
--- a/kallithea/tests/functional/test_login.py	Sun Jul 26 13:58:50 2015 +0200
+++ b/kallithea/tests/functional/test_login.py	Sun Jul 26 13:58:50 2015 +0200
@@ -31,8 +31,8 @@
                                  {'username': TEST_USER_ADMIN_LOGIN,
                                   'password': TEST_USER_ADMIN_PASS})
         self.assertEqual(response.status, '302 Found')
-        self.assertEqual(response.session['authuser'].get('username'),
-                         TEST_USER_ADMIN_LOGIN)
+        self.assert_authenticated_user(response, TEST_USER_ADMIN_LOGIN)
+
         response = response.follow()
         response.mustcontain('/%s' % HG_REPO)
 
@@ -42,8 +42,8 @@
                                   'password': TEST_USER_REGULAR_PASS})
 
         self.assertEqual(response.status, '302 Found')
-        self.assertEqual(response.session['authuser'].get('username'),
-                         TEST_USER_REGULAR_LOGIN)
+        self.assert_authenticated_user(response, TEST_USER_REGULAR_LOGIN)
+
         response = response.follow()
         response.mustcontain('/%s' % HG_REPO)