0001-add-a-remember-me-button-fixes-25579.patch
| src/authentic2/app_settings.py | ||
|---|---|---|
| 193 | 193 |
default={},
|
| 194 | 194 |
definition='Exclusion filter (as in QuerySet.exclude() to apply to User queryset before ' |
| 195 | 195 |
'authentication'), |
| 196 |
A2_USER_REMEMBER_ME=Setting( |
|
| 197 |
default=None, |
|
| 198 |
definition='Session duration as seconds when using the remember me ' |
|
| 199 |
'checkbox. Truthiness activates the checkbox.'), |
|
| 196 | 200 |
A2_LOGIN_REDIRECT_AUTHENTICATED_USERS_TO_HOMEPAGE=Setting( |
| 197 | 201 |
default=False, |
| 198 | 202 |
definition='Redirect authenticated users to homepage'), |
| src/authentic2/auth_frontends.py | ||
|---|---|---|
| 34 | 34 |
how = 'password-on-https' |
| 35 | 35 |
else: |
| 36 | 36 |
how = 'password' |
| 37 |
if form.cleaned_data.get('remember_me'):
|
|
| 38 |
request.session['remember_me'] = True |
|
| 39 |
request.session.set_expiry(app_settings.A2_USER_REMEMBER_ME) |
|
| 37 | 40 |
return utils.login(request, form.get_user(), how, |
| 38 | 41 |
service_slug=request.GET.get(constants.SERVICE_FIELD_NAME)) |
| 39 | 42 |
context['form'] = form |
| src/authentic2/forms/__init__.py | ||
|---|---|---|
| 159 | 159 | |
| 160 | 160 |
class AuthenticationForm(auth_forms.AuthenticationForm): |
| 161 | 161 |
password = PasswordField(label=_('Password'))
|
| 162 |
remember_me = forms.BooleanField( |
|
| 163 |
initial=False, |
|
| 164 |
required=False, |
|
| 165 |
label=_('Remember me'),
|
|
| 166 |
help_text=_('Do not ask for authentication next time'))
|
|
| 162 | 167 | |
| 163 | 168 |
def __init__(self, *args, **kwargs): |
| 164 | 169 |
super(AuthenticationForm, self).__init__(*args, **kwargs) |
| ... | ... | |
| 167 | 172 |
duration=app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_DURATION, |
| 168 | 173 |
factor=app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_FACTOR) |
| 169 | 174 | |
| 175 |
if not app_settings.A2_USER_REMEMBER_ME: |
|
| 176 |
del self.fields['remember_me'] |
|
| 177 | ||
| 170 | 178 |
if self.request: |
| 171 | 179 |
self.remote_addr = self.request.META['REMOTE_ADDR'] |
| 172 | 180 |
else: |
| tests/test_login.py | ||
|---|---|---|
| 76 | 76 |
response = response.follow() |
| 77 | 77 |
needle = 'next=%s' % quote(url) |
| 78 | 78 |
assert needle in response.content |
| 79 | ||
| 80 | ||
| 81 |
def test_session_expire(app, simple_user, freezer): |
|
| 82 |
freezer.move_to('2018-01-01')
|
|
| 83 |
# Verify session work as usual |
|
| 84 |
login(app, simple_user) |
|
| 85 |
response = app.get('/')
|
|
| 86 |
assert simple_user.first_name in response |
|
| 87 |
freezer.move_to('2018-01-15')
|
|
| 88 |
response = app.get('/')
|
|
| 89 |
assert simple_user.first_name not in response |
|
| 90 | ||
| 91 | ||
| 92 |
def test_session_remember_me_ok(app, settings, simple_user, freezer): |
|
| 93 |
settings.A2_USER_REMEMBER_ME = 3600 * 24 * 30 |
|
| 94 |
freezer.move_to('2018-01-01')
|
|
| 95 |
# Verify session are longer |
|
| 96 |
login(app, simple_user, remember_me=True) |
|
| 97 | ||
| 98 |
response = app.get('/')
|
|
| 99 |
assert simple_user.first_name in response |
|
| 100 | ||
| 101 |
# less than 30 days, session is still alive |
|
| 102 |
freezer.move_to('2018-01-30')
|
|
| 103 |
response = app.get('/')
|
|
| 104 |
assert simple_user.first_name in response |
|
| 105 | ||
| 106 | ||
| 107 |
def test_session_remember_me_nok(app, settings, simple_user, freezer): |
|
| 108 |
settings.A2_USER_REMEMBER_ME = 3600 * 24 * 30 |
|
| 109 |
freezer.move_to('2018-01-01')
|
|
| 110 |
# Verify session are longer |
|
| 111 |
login(app, simple_user, remember_me=True) |
|
| 112 | ||
| 113 |
response = app.get('/')
|
|
| 114 |
assert simple_user.first_name in response |
|
| 115 | ||
| 116 |
# more than 30 days, session is dead |
|
| 117 |
freezer.move_to('2018-01-31')
|
|
| 118 |
response = app.get('/')
|
|
| 119 |
assert simple_user.first_name not in response |
|
| tests/utils.py | ||
|---|---|---|
| 16 | 16 |
reason='this test does not work with sqlite') |
| 17 | 17 | |
| 18 | 18 | |
| 19 |
def login(app, user, path=None, password=None): |
|
| 19 |
def login(app, user, path=None, password=None, remember_me=None):
|
|
| 20 | 20 |
if path: |
| 21 | 21 |
login_page = app.get(path, status=302).maybe_follow() |
| 22 | 22 |
else: |
| ... | ... | |
| 26 | 26 |
form.set('username', user.username if hasattr(user, 'username') else user)
|
| 27 | 27 |
# password is supposed to be the same as username |
| 28 | 28 |
form.set('password', password or user.username)
|
| 29 |
if remember_me is not None: |
|
| 30 |
form.set('remember_me', bool(remember_me))
|
|
| 29 | 31 |
response = form.submit(name='login-password-submit').follow() |
| 30 | 32 |
if path: |
| 31 | 33 |
assert response.request.path == path |
| tox.ini | ||
|---|---|---|
| 43 | 43 |
pyquery |
| 44 | 44 |
httmock |
| 45 | 45 |
pytz |
| 46 |
pytest-freezegun |
|
| 46 | 47 |
commands = |
| 47 | 48 |
./getlasso.sh |
| 48 | 49 |
authentic: py.test {env:FAST:} {env:REUSEDB:} {env:COVERAGE:} {posargs:tests/ --random}
|
| 49 |
- |
|