Mercurial > kallithea
changeset 5323:81d8affd08f4
auth: remove username from AuthUser session cookie
There's no reason to store the username when we store the user ID. We
have load the user from database anyway under all circumstances, to
verify e.g. that the user is (still) active.
This does not impact application code, but does impact a number of test
cases which explicitly checks the username stored in the session.
author | Søren Løvborg <kwi@kwi.dk> |
---|---|
date | Sun, 26 Jul 2015 13:58:50 +0200 |
parents | 789c98a9306d |
children | 7e8d80882865 |
files | kallithea/lib/auth.py kallithea/tests/__init__.py kallithea/tests/functional/test_login.py |
diffstat | 3 files changed, 14 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/lib/auth.py Sun Jul 26 13:58:50 2015 +0200 @@ -626,7 +626,6 @@ """ Serializes this login session to a cookie `dict`. """ return { 'user_id': self.user_id, - 'username': self.username, 'is_authenticated': self.is_authenticated, 'is_external_auth': self.is_external_auth, }
--- a/kallithea/tests/__init__.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/tests/__init__.py Sun Jul 26 13:58:50 2015 +0200 @@ -213,16 +213,22 @@ self.fail('could not login using %s %s' % (username, password)) self.assertEqual(response.status, '302 Found') - ses = response.session['authuser'] - self.assertEqual(ses.get('username'), username) + self.assert_authenticated_user(response, username) + response = response.follow() - self.assertEqual(ses.get('is_authenticated'), True) - return response.session['authuser'] def _get_logged_user(self): return User.get_by_username(self._logged_username) + def assert_authenticated_user(self, response, expected_username): + cookie = response.session.get('authuser') + user = cookie and cookie.get('user_id') + user = user and User.get(user) + user = user and user.username + self.assertEqual(user, expected_username) + self.assertEqual(cookie.get('is_authenticated'), True) + def authentication_token(self): return self.app.get(url('authentication_token')).body
--- a/kallithea/tests/functional/test_login.py Sun Jul 26 13:58:50 2015 +0200 +++ b/kallithea/tests/functional/test_login.py Sun Jul 26 13:58:50 2015 +0200 @@ -31,8 +31,8 @@ {'username': TEST_USER_ADMIN_LOGIN, 'password': TEST_USER_ADMIN_PASS}) self.assertEqual(response.status, '302 Found') - self.assertEqual(response.session['authuser'].get('username'), - TEST_USER_ADMIN_LOGIN) + self.assert_authenticated_user(response, TEST_USER_ADMIN_LOGIN) + response = response.follow() response.mustcontain('/%s' % HG_REPO) @@ -42,8 +42,8 @@ 'password': TEST_USER_REGULAR_PASS}) self.assertEqual(response.status, '302 Found') - self.assertEqual(response.session['authuser'].get('username'), - TEST_USER_REGULAR_LOGIN) + self.assert_authenticated_user(response, TEST_USER_REGULAR_LOGIN) + response = response.follow() response.mustcontain('/%s' % HG_REPO)