Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
[1.7.x] Fixed #21649 -- Added optional invalidation of sessions when …
…user password changes. Thanks Paul McMillan, Aymeric Augustin, and Erik Romijn for reviews. Backport of fd23c06 from master
- Loading branch information
Showing
12 changed files
with
246 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
from django.contrib.auth.middleware import SessionAuthenticationMiddleware | ||
from django.contrib.auth.models import User | ||
from django.http import HttpRequest | ||
from django.test import TestCase | ||
|
||
|
||
class TestSessionAuthenticationMiddleware(TestCase): | ||
def setUp(self): | ||
self.user_password = 'test_password' | ||
self.user = User.objects.create_user('test_user', | ||
'test@example.com', | ||
self.user_password) | ||
|
||
def test_changed_password_invalidates_session(self): | ||
""" | ||
Tests that changing a user's password invalidates the session. | ||
""" | ||
verification_middleware = SessionAuthenticationMiddleware() | ||
self.assertTrue(self.client.login( | ||
username=self.user.username, | ||
password=self.user_password, | ||
)) | ||
request = HttpRequest() | ||
request.session = self.client.session | ||
request.user = self.user | ||
verification_middleware.process_request(request) | ||
self.assertIsNotNone(request.user) | ||
self.assertFalse(request.user.is_anonymous()) | ||
|
||
# After password change, user should be anonymous | ||
request.user.set_password('new_password') | ||
request.user.save() | ||
verification_middleware.process_request(request) | ||
self.assertIsNotNone(request.user) | ||
self.assertTrue(request.user.is_anonymous()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.