Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cycle session ID on login #2813

Merged
merged 15 commits into from
Feb 29, 2024
Merged

Cycle session ID on login #2813

merged 15 commits into from
Feb 29, 2024

Commits on Feb 29, 2024

  1. Cycle sessionid when changing account 

    Does not do antyhing for logging out(i.e. removing account)
just when changing from either no account to an account
or from one account to another
    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    fe9cfce View commit details
    Browse the repository at this point in the history

  2. Remove private hint 

    this func is imported alot of places, makes no sense
for this to be marked as private
    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    ae36aa5 View commit details
    Browse the repository at this point in the history

  3. Update FakeSession 

    have to mock away the cycle_key thingy else existing tests
fail. Will probably need separate integration tests to test
session ID cycling
    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    df41516 View commit details
    Browse the repository at this point in the history

  4. Test session id cycling on webfront login

    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    783d5c0 View commit details
    Browse the repository at this point in the history

  5. Test session id not rotating on every request

    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    be8b1f5 View commit details
    Browse the repository at this point in the history

  6. Do not cycle session id in ensure_account 

    Avoids session id changing on every request.
session will still be cycled on login by the functions
that directly handle login.

ensure_account either just sets the request.account field
to the match the already logged in user, or sets the account
to be the anonymous user. Neither should trigger a session_id.
    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    1897710 View commit details
    Browse the repository at this point in the history

  7. Put admin credentials in its own fixture

    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    467e48d View commit details
    Browse the repository at this point in the history

  8. Set client fixture as function scoped 

    got some issues testing session stuff when the client was
shared amongst all tests, maybe it got old or something as well.
Getting a fresh client for each test was a lot better
    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    ee92404 View commit details
    Browse the repository at this point in the history

  9. Logout first

    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    72c46d0 View commit details
    Browse the repository at this point in the history

  10. Clarify test case is only for non-expired sessions

    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    1c23abd View commit details
    Browse the repository at this point in the history

  11. Test sudo cycles session_id

    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    ef7eca5 View commit details
    Browse the repository at this point in the history

  12. Move fixture to conftest for auth directory

    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    3c46e2b View commit details
    Browse the repository at this point in the history

  13. Test session cycling on remote login

    @stveit
    stveit committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    96190ff View commit details
    Browse the repository at this point in the history

  14. Rename tests 

    Co-authored-by: Morten Brekkevold <morten.brekkevold@sikt.no>
    @stveit @lunkwill42
    stveit and lunkwill42 committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    3714383 View commit details
    Browse the repository at this point in the history

  15. Add message to assert statements 

    Co-authored-by: Morten Brekkevold <morten.brekkevold@sikt.no>
    @stveit @lunkwill42
    stveit and lunkwill42 committed Feb 29, 2024
    Configuration menu
    Copy the full SHA
    19c5d84 View commit details
    Browse the repository at this point in the history