Skip to content

Commit

Permalink
add checking for session expired (aio-libs#297)
Browse files Browse the repository at this point in the history
  • Loading branch information
alexpantyukhin authored and asvetlov committed Jun 18, 2018
1 parent 6ae6c60 commit fa10335
Show file tree
Hide file tree
Showing 3 changed files with 80 additions and 2 deletions.
26 changes: 26 additions & 0 deletions tests/test_memcached_storage.py
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import json
import uuid
import time
import asyncio

from aiohttp import web
from aiohttp_session import Session, session_middleware, get_session
Expand Down Expand Up @@ -227,3 +228,28 @@ async def logout(request):
client.session.cookie_jar.update_cookies({'AIOHTTP_SESSION': evil_cookie})
resp = await client.get('/')
assert resp.cookies['AIOHTTP_SESSION'].value != evil_cookie


async def test_load_session_dont_load_expired_session(aiohttp_client,
memcached):
async def handler(request):
session = await get_session(request)
exp_param = request.rel_url.query.get('exp', None)
if exp_param is None:
session['a'] = 1
session['b'] = 2
else:
assert {} == session

return web.Response(body=b'OK')

client = await aiohttp_client(
create_app(handler, memcached, 2)
)
resp = await client.get('/')
assert resp.status == 200

await asyncio.sleep(5)

resp = await client.get('/?exp=yes')
assert resp.status == 200
30 changes: 28 additions & 2 deletions tests/test_nacl_storage.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import json
import time
import asyncio

import pytest
import nacl.secret
Expand Down Expand Up @@ -30,8 +31,8 @@ def make_cookie(client, secretbox, data):
client.session.cookie_jar.update_cookies({'AIOHTTP_SESSION': data})


def create_app(handler, key):
middleware = session_middleware(NaClCookieStorage(key))
def create_app(handler, key, max_age=None):
middleware = session_middleware(NaClCookieStorage(key, max_age=max_age))
app = web.Application(middlewares=[middleware])
app.router.add_route('GET', '/', handler)
return app
Expand Down Expand Up @@ -153,3 +154,28 @@ async def logout(request):
client.session.cookie_jar.update_cookies({'AIOHTTP_SESSION': evil_cookie})
resp = await client.get('/')
assert resp.cookies['AIOHTTP_SESSION'].value != evil_cookie


async def test_load_session_dont_load_expired_session(aiohttp_client,
key):
async def handler(request):
session = await get_session(request)
exp_param = request.rel_url.query.get('exp', None)
if exp_param is None:
session['a'] = 1
session['b'] = 2
else:
assert {} == session

return web.Response(body=b'OK')

client = await aiohttp_client(
create_app(handler, key, 2)
)
resp = await client.get('/')
assert resp.status == 200

await asyncio.sleep(5)

resp = await client.get('/?exp=yes')
assert resp.status == 200
26 changes: 26 additions & 0 deletions tests/test_redis_storage.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import pytest
import uuid
import time
import asyncio

from aiohttp import web
from aiohttp_session import Session, session_middleware, get_session
Expand Down Expand Up @@ -310,3 +311,28 @@ def __init__(self, *args, **kwargs):
mocker.patch('aiohttp_session.redis_storage.StrictVersion', Dummy)
with pytest.raises(RuntimeError):
create_app(handler=handler, redis=None)


async def test_load_session_dont_load_expired_session(aiohttp_client,
redis):
async def handler(request):
session = await get_session(request)
exp_param = request.rel_url.query.get('exp', None)
if exp_param is None:
session['a'] = 1
session['b'] = 2
else:
assert {} == session

return web.Response(body=b'OK')

client = await aiohttp_client(
create_app(handler, redis, 2)
)
resp = await client.get('/')
assert resp.status == 200

await asyncio.sleep(5)

resp = await client.get('/?exp=yes')
assert resp.status == 200

0 comments on commit fa10335

Please sign in to comment.