0001-misc-expose-session-identifier-in-substitution-varia.patch
| tests/test_form_pages.py | ||
|---|---|---|
| 4239 | 4239 |
formdef = create_formdef() |
| 4240 | 4240 |
app = get_app(pub) |
| 4241 | 4241 |
resp = app.get('/test/', status=200)
|
| 4242 |
resp = resp.form.submit('submit')
|
|
| 4243 | 4242 |
assert resp.headers['Set-Cookie'].startswith('wcs-')
|
| 4244 | 4243 |
assert 'httponly' in resp.headers['Set-Cookie'] |
| 4245 | 4244 |
assert not 'secure' in resp.headers['Set-Cookie'] |
| 4246 | 4245 | |
| 4247 | 4246 |
app = get_app(pub, https=True) |
| 4248 | 4247 |
resp = app.get('/test/', status=200)
|
| 4249 |
resp = resp.form.submit('submit')
|
|
| 4250 | 4248 |
assert resp.headers['Set-Cookie'].startswith('wcs-')
|
| 4251 | 4249 |
assert 'httponly' in resp.headers['Set-Cookie'] |
| 4252 | 4250 |
assert 'secure' in resp.headers['Set-Cookie'] |
| tests/test_sessions.py | ||
|---|---|---|
| 7 | 7 | |
| 8 | 8 |
from wcs.qommon.ident.password_accounts import PasswordAccount |
| 9 | 9 |
from wcs.qommon.http_request import HTTPRequest |
| 10 |
from wcs.formdef import FormDef |
|
| 11 |
from wcs import fields |
|
| 10 | 12 | |
| 11 | 13 |
from utilities import create_temporary_pub, clean_temporary_pub, get_app, login |
| 12 | 14 | |
| ... | ... | |
| 159 | 161 |
resp = login_form.submit() |
| 160 | 162 |
assert resp.status_int == 302 |
| 161 | 163 |
assert pub.session_manager.session_class.count() == 2 |
| 164 | ||
| 165 |
def test_session_substitution_variables(pub, user, app): |
|
| 166 |
pub.session_manager.session_class.wipe() |
|
| 167 |
resp = app.get('/')
|
|
| 168 | ||
| 169 |
formdef = FormDef() |
|
| 170 |
formdef.name = 'foobar' |
|
| 171 |
formdef.fields = [fields.CommentField(id='7', label='Hello [session_var_id]', type='comment')] |
|
| 172 |
formdef.store() |
|
| 173 | ||
| 174 |
resp = app.get('/foobar/')
|
|
| 175 |
assert pub.session_manager.session_class.count() == 1 |
|
| 176 |
session_id = pub.session_manager.session_class.select()[0].id |
|
| 177 |
assert 'Hello %s' % session_id in resp.body |
|
| 178 | ||
| 179 |
login(app, username='foo', password='foo') |
|
| 180 |
assert pub.session_manager.session_class.count() == 2 |
|
| 181 |
session_id = [x for x in pub.session_manager.session_class.select() if x.id != session_id][0].id |
|
| 182 |
resp = app.get('/foobar/')
|
|
| 183 |
assert 'Hello %s' % session_id in resp.body |
|
| wcs/forms/root.py | ||
|---|---|---|
| 286 | 286 |
displayed_fields = [] |
| 287 | 287 | |
| 288 | 288 |
session = get_session() |
| 289 |
if not session.id: |
|
| 290 |
# force session to be written down, this is required so |
|
| 291 |
# [session_var_id] is available on the first page. |
|
| 292 |
session.force() |
|
| 289 | 293 | |
| 290 | 294 |
if page_no > self.formdef.get_start_page(): |
| 291 | 295 |
magictoken = get_request().form['magictoken'] |
| wcs/qommon/sessions.py | ||
|---|---|---|
| 89 | 89 |
jsonp_display_values = None |
| 90 | 90 |
extra_variables = None |
| 91 | 91 |
expire = None |
| 92 |
forced = False |
|
| 92 | 93 |
# should only be overwritten by authentication methods |
| 93 | 94 |
extra_user_variables = None |
| 94 | 95 | |
| 95 | 96 |
username = None # only set on password authentication |
| 96 | 97 | |
| 98 |
def force(self): |
|
| 99 |
# add some data in the session, it will force a cookie to be set, this |
|
| 100 |
# is used so we get a session identifier fixed even on the first page |
|
| 101 |
# of a form. |
|
| 102 |
self.forced = True |
|
| 103 |
get_session_manager().maintain_session(self) |
|
| 104 | ||
| 97 | 105 |
def set_expire(self, expire): |
| 98 | 106 |
self.expire = expire |
| 99 | 107 | |
| ... | ... | |
| 126 | 134 |
CaptchaSession.has_info(self) or \ |
| 127 | 135 |
self.expire or \ |
| 128 | 136 |
self.extra_user_variables or \ |
| 137 |
self.forced or \ |
|
| 129 | 138 |
QuixoteSession.has_info(self) |
| 130 | 139 |
is_dirty = has_info |
| 131 | 140 | |
| ... | ... | |
| 315 | 324 | |
| 316 | 325 |
def get_substitution_variables(self, prefix='session_var_'): |
| 317 | 326 |
d = {}
|
| 327 |
d[prefix + 'id'] = self.id |
|
| 318 | 328 |
if self.extra_variables: |
| 319 | 329 |
for k, v in self.extra_variables.items(): |
| 320 | 330 |
d[prefix + k] = v |
| 321 |
- |
|