installation: addition of Flask-Security>=1.7.5

* Amends usage of current_user and session. Signed-off-by: Jiri Kuncar <jiri.kuncar@cern.ch>
inveniosoftware · Dec 4, 2015 · d52eb4c · d52eb4c
1 parent 0e7bb71
commit d52eb4c
Show file tree

Hide file tree

Showing 7 changed files with 28 additions and 24 deletions.
diff --git a/examples/github_app.py b/examples/github_app.py
@@ -133,7 +133,7 @@
 @app.route('/')
 def index():
     """Home page: try to print user email or redirect to login with github."""
-    if not current_user.is_authenticated():
+    if not current_user.is_authenticated:
         return redirect(url_for("invenio_oauthclient.login",
                                 remote_app='github'))
     return "hello {}".format(current_user.email)
diff --git a/invenio_oauthclient/contrib/orcid.py b/invenio_oauthclient/contrib/orcid.py
@@ -134,7 +134,7 @@ def disconnect_handler(remote, *args, **kwargs):
     from invenio_oauthclient.utils import oauth_unlink_external_id
     from invenio_oauthclient.models import RemoteAccount
 
-    if not current_user.is_authenticated():
+    if not current_user.is_authenticated:
         return current_app.login_manager.unauthorized()
 
     account = RemoteAccount.get(user_id=current_user.get_id(),

diff --git a/invenio_oauthclient/handlers.py b/invenio_oauthclient/handlers.py
@@ -111,7 +111,7 @@ def token_setter(remote, token, secret='', token_type='', extra_data=None):
     session[token_session_key(remote.name)] = (token, secret)
 
     # Save token if used is authenticated
-    if current_user.is_authenticated():
+    if current_user.is_authenticated:
         uid = current_user.get_id()
         cid = remote.consumer_key
 
@@ -139,7 +139,7 @@ def token_getter(remote, token=''):
     """
     session_key = token_session_key(remote.name)
 
-    if session_key not in session and current_user.is_authenticated():
+    if session_key not in session and current_user.is_authenticated:
         # Fetch key from token store if user is authenticated, and the key
         # isn't already cached in the session.
         remote_token = RemoteToken.get(
@@ -215,7 +215,7 @@ def authorized_signup_handler(resp, remote, *args, **kwargs):
 
     # Sign-in/up user
     # ---------------
-    if not current_user.is_authenticated():
+    if not current_user.is_authenticated:
         account_info = handlers['info'](resp)
 
         user = oauth_get_user(
@@ -274,7 +274,7 @@ def disconnect_handler(remote, *args, **kwargs):
     wish to extend this module to perform clean-up in the remote service
     before removing the link (e.g. removing install webhooks).
     """
-    if not current_user.is_authenticated():
+    if not current_user.is_authenticated:
         return current_app.login_manager.unauthorized()
 
     with db.session.begin_nested():
@@ -291,7 +291,7 @@ def disconnect_handler(remote, *args, **kwargs):
 def signup_handler(remote, *args, **kwargs):
     """Handle extra signup information."""
     # User already authenticated so move on
-    if current_user.is_authenticated():
+    if current_user.is_authenticated:
         return redirect("/")
 
     # Retrieve token from session

diff --git a/invenio_oauthclient/views/client.py b/invenio_oauthclient/views/client.py
@@ -22,6 +22,7 @@
 from __future__ import absolute_import
 
 from flask import Blueprint, abort, current_app, request, session, url_for
+from flask_login import _create_identifier
 from itsdangerous import BadData, TimedJSONWebSignatureSerializer
 from werkzeug.local import LocalProxy
 
@@ -91,7 +92,7 @@ def login(remote_app):
     state_token = serializer.dumps({
         'app': remote_app,
         'next': next_param,
-        'sid': session['_id']
+        'sid': _create_identifier(),
     })
 
     return oauth.remote_apps[remote_app].authorize(
@@ -115,7 +116,7 @@ def authorized(remote_app=None):
         state = serializer.loads(state_token)
         # Verify that state is for this session, app and that next parameter
         # have not been modified.
-        assert state['sid'] == session['_id']
+        assert state['sid'] == _create_identifier()
         assert state['app'] == remote_app
         # Store next URL
         set_session_next_url(remote_app, state['next'])

diff --git a/setup.py b/setup.py
@@ -72,7 +72,8 @@
     'Flask-BabelEx>=0.9.2',
     'Flask-Breadcrumbs>=0.3.0',
     'Flask-OAuthlib>=0.6.0,<0.7',  # quick fix for issue invenio#2158
-    'invenio-accounts>=1.0.0a5',
+    'Flask-Security>=1.7.5',
+    'invenio-accounts>=1.0.0a6',
     'invenio-db>=1.0.0a4',
     # FIXME
     #  'invenio-upgrader>=0.1.0',

diff --git a/tests/test_contrib_orcid.py b/tests/test_contrib_orcid.py
@@ -23,6 +23,7 @@
 
 import httpretty
 from flask import session, url_for
+from flask_login import _create_identifier
 from flask_security.utils import login_user
 from mock import MagicMock
 from six.moves.urllib_parse import parse_qs, urlparse
@@ -41,7 +42,7 @@ def mock_response(oauth, remote_app='test', data=None):
 
 
 def _get_state():
-    return serializer.dumps({'app': 'orcid', 'sid': session['_id'],
+    return serializer.dumps({'app': 'orcid', 'sid': _create_identifier(),
                              'next': None, })
 
 

diff --git a/tests/test_views.py b/tests/test_views.py
@@ -25,8 +25,8 @@
 import time
 
 import pytest
-from flask import session, url_for
-from flask_login import login_user
+from flask import url_for
+from flask_login import _create_identifier, login_user
 from itsdangerous import TimedJSONWebSignatureSerializer
 from mock import MagicMock, patch
 from simplejson import JSONDecodeError
@@ -207,7 +207,7 @@ def test_invalid_authorized_handler(resp, remote, *args, **kwargs):
 
         state = serializer.dumps({
             'app': 'test',
-            'sid': session['_id'],
+            'sid': _create_identifier(),
             'next': None,
         })
 
@@ -227,7 +227,7 @@ def test_invalid_authorized_handler(resp, remote, *args, **kwargs):
 
         state = serializer.dumps({
             'app': 'test_invalid',
-            'sid': session['_id'],
+            'sid': _create_identifier(),
             'next': None,
         })
 
@@ -257,7 +257,7 @@ def test_invalid_authorized_response():
 
         state = serializer.dumps({
             'app': 'test',
-            'sid': session['_id'],
+            'sid': _create_identifier(),
             'next': None,
         })
 
@@ -273,8 +273,9 @@ def test_invalid_authorized_response():
 def test_state_token(monkeypatch):
     """Test state token."""
     # Mock session id
-    monkeypatch.setattr('invenio_oauthclient.views.client.session',
-                        {'_id': '1234'})
+    monkeypatch.setattr('flask_login._create_identifier', lambda: '1234')
+    monkeypatch.setattr(
+        'invenio_oauthclient.views.client._create_identifier', lambda: '1234')
     app = setup_app()
     with app.test_client() as client:
         # Ensure remote apps have been loaded (due to before first
@@ -335,13 +336,12 @@ def test_no_remote_app():
         assert resp.status_code == 404
 
 
-#  @patch('invenio.ext.session.interface.SessionInterface.save_session')
-#  @patch('invenio_oauthclient.views.client.session')
 def test_token_getter_setter(monkeypatch):
     """Test token getter setter."""
     # Mock session id
-    monkeypatch.setattr('invenio_oauthclient.views.client.session',
-                        {'_id': '1234'})
+    monkeypatch.setattr('flask_login._create_identifier', lambda: '1234')
+    monkeypatch.setattr(
+        'invenio_oauthclient.views.client._create_identifier', lambda: '1234')
 
     app = setup_app()
     oauth = app.extensions['oauthlib.client']
@@ -418,8 +418,9 @@ def test_token_getter_setter(monkeypatch):
 def test_rejected(monkeypatch):
     """Test rejected."""
     # Mock session id
-    monkeypatch.setattr('invenio_oauthclient.views.client.session',
-                        {'_id': '1234'})
+    monkeypatch.setattr('flask_login._create_identifier', lambda: '1234')
+    monkeypatch.setattr(
+        'invenio_oauthclient.views.client._create_identifier', lambda: '1234')
 
     app = setup_app()
     oauth = app.extensions['oauthlib.client']