|
6 | 6 | import orjson |
7 | 7 | from django.conf import settings |
8 | 8 | from django.contrib.contenttypes.models import ContentType |
| 9 | +from django.contrib.sessions.models import Session |
9 | 10 | from django.core.exceptions import ValidationError |
10 | 11 | from django.test import override_settings |
11 | 12 | from django.utils.timezone import now as timezone_now |
@@ -1393,6 +1394,24 @@ def test_api_with_insufficient_permissions(self) -> None: |
1393 | 1394 | ) |
1394 | 1395 | self.assert_json_error(result, "Insufficient permission") |
1395 | 1396 |
|
| 1397 | + def test_clear_sessions(self) -> None: |
| 1398 | + user = self.example_user("hamlet") |
| 1399 | + self.login_user(user) |
| 1400 | + session_key = self.client.session.session_key |
| 1401 | + self.assertTrue(session_key) |
| 1402 | + |
| 1403 | + result = self.client_get("/json/users") |
| 1404 | + self.assert_json_success(result) |
| 1405 | + self.assertEqual(Session.objects.filter(pk=session_key).count(), 1) |
| 1406 | + |
| 1407 | + do_deactivate_user(user, acting_user=None) |
| 1408 | + self.assertEqual(Session.objects.filter(pk=session_key).count(), 0) |
| 1409 | + |
| 1410 | + result = self.client_get("/json/users") |
| 1411 | + self.assert_json_error( |
| 1412 | + result, "Not logged in: API authentication or user session required", 401 |
| 1413 | + ) |
| 1414 | + |
1396 | 1415 | def test_clear_scheduled_jobs(self) -> None: |
1397 | 1416 | user = self.example_user("hamlet") |
1398 | 1417 | send_future_email( |
|
0 commit comments