kallithea Changeset - 81d8affd08f4

Changeset - 81d8affd08f4

Parent rev.

Child rev.

[Not reviewed]

default

0 3 0

Søren Løvborg - 10 years ago 2015-07-26 13:58:50
kwi@kwi.dk

auth: remove username from AuthUser session cookie

There's no reason to store the username when we store the user ID. We
have load the user from database anyway under all circumstances, to
verify e.g. that the user is (still) active.

This does not impact application code, but does impact a number of test
cases which explicitly checks the username stored in the session.

3 files changed with 14 insertions and 9 deletions:

kallithea/lib/auth.py

kallithea/tests/__init__.py

kallithea/tests/functional/test_login.py

0 comments (0 inline, 0 general)

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -626,7 +626,6 @@ class AuthUser(object): @@
         """ Serializes this login session to a cookie `dict`. """
         return {
             'user_id': self.user_id,
             'username': self.username,
             'is_authenticated': self.is_authenticated,
             'is_external_auth': self.is_external_auth,
+        }

kallithea/tests/__init__.py

➞

Show inline comments

@@ @@ -213,16 +213,22 @@ class TestController(BaseTestCase): @@
             self.fail('could not login using %s %s' % (username, password))
         self.assertEqual(response.status, '302 Found')
         ses = response.session['authuser']
         self.assertEqual(ses.get('username'), username)
         self.assert_authenticated_user(response, username)
         response = response.follow()
         self.assertEqual(ses.get('is_authenticated'), True)
         return response.session['authuser']
     def _get_logged_user(self):
         return User.get_by_username(self._logged_username)
     def assert_authenticated_user(self, response, expected_username):
         cookie = response.session.get('authuser')
         user = cookie and cookie.get('user_id')
         user = user and User.get(user)
         user = user and user.username
         self.assertEqual(user, expected_username)
         self.assertEqual(cookie.get('is_authenticated'), True)
     def authentication_token(self):
         return self.app.get(url('authentication_token')).body

kallithea/tests/functional/test_login.py

➞

Show inline comments

@@ @@ -31,8 +31,8 @@ class TestLoginController(TestController @@
                                  {'username': TEST_USER_ADMIN_LOGIN,
                                   'password': TEST_USER_ADMIN_PASS})
         self.assertEqual(response.status, '302 Found')
         self.assertEqual(response.session['authuser'].get('username'),
                          TEST_USER_ADMIN_LOGIN)
         self.assert_authenticated_user(response, TEST_USER_ADMIN_LOGIN)
         response = response.follow()
         response.mustcontain('/%s' % HG_REPO)
@@ @@ -42,8 +42,8 @@ class TestLoginController(TestController @@
                                   'password': TEST_USER_REGULAR_PASS})
         self.assertEqual(response.status, '302 Found')
         self.assertEqual(response.session['authuser'].get('username'),
                          TEST_USER_REGULAR_LOGIN)
         self.assert_authenticated_user(response, TEST_USER_REGULAR_LOGIN)
         response = response.follow()
         response.mustcontain('/%s' % HG_REPO)

0 comments (0 inline, 0 general)