0001-add-a-remember-me-button-fixes-25579.patch
src/authentic2/app_settings.py | ||
---|---|---|
193 | 193 |
default={}, |
194 | 194 |
definition='Exclusion filter (as in QuerySet.exclude() to apply to User queryset before ' |
195 | 195 |
'authentication'), |
196 |
A2_USER_REMEMBER_ME=Setting( |
|
197 |
default=None, |
|
198 |
definition='Session duration as seconds when using the remember me ' |
|
199 |
'checkbox. Truthiness activates the checkbox.'), |
|
196 | 200 |
A2_LOGIN_REDIRECT_AUTHENTICATED_USERS_TO_HOMEPAGE=Setting( |
197 | 201 |
default=False, |
198 | 202 |
definition='Redirect authenticated users to homepage'), |
src/authentic2/auth_frontends.py | ||
---|---|---|
34 | 34 |
how = 'password-on-https' |
35 | 35 |
else: |
36 | 36 |
how = 'password' |
37 |
if form.cleaned_data.get('remember_me'): |
|
38 |
request.session['remember_me'] = True |
|
39 |
request.session.set_expiry(app_settings.A2_USER_REMEMBER_ME) |
|
37 | 40 |
return utils.login(request, form.get_user(), how, |
38 | 41 |
service_slug=request.GET.get(constants.SERVICE_FIELD_NAME)) |
39 | 42 |
context['form'] = form |
src/authentic2/forms/__init__.py | ||
---|---|---|
159 | 159 | |
160 | 160 |
class AuthenticationForm(auth_forms.AuthenticationForm): |
161 | 161 |
password = PasswordField(label=_('Password')) |
162 |
remember_me = forms.BooleanField( |
|
163 |
initial=False, |
|
164 |
required=False, |
|
165 |
label=_('Remember me'), |
|
166 |
help_text=_('Do not ask for authentication next time')) |
|
162 | 167 | |
163 | 168 |
def __init__(self, *args, **kwargs): |
164 | 169 |
super(AuthenticationForm, self).__init__(*args, **kwargs) |
... | ... | |
167 | 172 |
duration=app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_DURATION, |
168 | 173 |
factor=app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_FACTOR) |
169 | 174 | |
175 |
if not app_settings.A2_USER_REMEMBER_ME: |
|
176 |
del self.fields['remember_me'] |
|
177 | ||
170 | 178 |
if self.request: |
171 | 179 |
self.remote_addr = self.request.META['REMOTE_ADDR'] |
172 | 180 |
else: |
tests/test_login.py | ||
---|---|---|
76 | 76 |
response = response.follow() |
77 | 77 |
needle = 'next=%s' % quote(url) |
78 | 78 |
assert needle in response.content |
79 | ||
80 | ||
81 |
def test_session_expire(app, simple_user, freezer): |
|
82 |
freezer.move_to('2018-01-01') |
|
83 |
# Verify session work as usual |
|
84 |
login(app, simple_user) |
|
85 |
response = app.get('/') |
|
86 |
assert simple_user.first_name in response |
|
87 |
freezer.move_to('2018-01-15') |
|
88 |
response = app.get('/') |
|
89 |
assert simple_user.first_name not in response |
|
90 | ||
91 | ||
92 |
def test_session_remember_me_ok(app, settings, simple_user, freezer): |
|
93 |
settings.A2_USER_REMEMBER_ME = 3600 * 24 * 30 |
|
94 |
freezer.move_to('2018-01-01') |
|
95 |
# Verify session are longer |
|
96 |
login(app, simple_user, remember_me=True) |
|
97 | ||
98 |
response = app.get('/') |
|
99 |
assert simple_user.first_name in response |
|
100 | ||
101 |
# less than 30 days, session is still alive |
|
102 |
freezer.move_to('2018-01-30') |
|
103 |
response = app.get('/') |
|
104 |
assert simple_user.first_name in response |
|
105 | ||
106 | ||
107 |
def test_session_remember_me_nok(app, settings, simple_user, freezer): |
|
108 |
settings.A2_USER_REMEMBER_ME = 3600 * 24 * 30 |
|
109 |
freezer.move_to('2018-01-01') |
|
110 |
# Verify session are longer |
|
111 |
login(app, simple_user, remember_me=True) |
|
112 | ||
113 |
response = app.get('/') |
|
114 |
assert simple_user.first_name in response |
|
115 | ||
116 |
# more than 30 days, session is dead |
|
117 |
freezer.move_to('2018-01-31') |
|
118 |
response = app.get('/') |
|
119 |
assert simple_user.first_name not in response |
tests/utils.py | ||
---|---|---|
16 | 16 |
reason='this test does not work with sqlite') |
17 | 17 | |
18 | 18 | |
19 |
def login(app, user, path=None, password=None): |
|
19 |
def login(app, user, path=None, password=None, remember_me=None):
|
|
20 | 20 |
if path: |
21 | 21 |
login_page = app.get(path, status=302).maybe_follow() |
22 | 22 |
else: |
... | ... | |
26 | 26 |
form.set('username', user.username if hasattr(user, 'username') else user) |
27 | 27 |
# password is supposed to be the same as username |
28 | 28 |
form.set('password', password or user.username) |
29 |
if remember_me is not None: |
|
30 |
form.set('remember_me', bool(remember_me)) |
|
29 | 31 |
response = form.submit(name='login-password-submit').follow() |
30 | 32 |
if path: |
31 | 33 |
assert response.request.path == path |
tox.ini | ||
---|---|---|
43 | 43 |
pyquery |
44 | 44 |
httmock |
45 | 45 |
pytz |
46 |
pytest-freezegun |
|
46 | 47 |
commands = |
47 | 48 |
./getlasso.sh |
48 | 49 |
authentic: py.test {env:FAST:} {env:REUSEDB:} {env:COVERAGE:} {posargs:tests/ --random} |
49 |
- |