Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b839b048ee600aa83aa4c19a38e01cd86ed583ee
edx-platform/common/djangoapps/cache_toolbox/tests/test_middleware.py
Peter Fogg 524e229245 Expire sessions after a password change. 
This is slightly more complicated than it should be since we're using
custom authentication middleware (i.e., not Django's standard
middleware class). We have to check that the session auth hash we have
stored is equal to the request's session auth hash (since the stored
hash is a function of the password). Normally this gets handled in
`django.contrib.auth.get_user`, but due to our caching we don't go
through that function, even in the cache miss case.

ECOM-4288
2016-05-12 16:44:56 -04:00

47 lines
1.9 KiB
Python
Raw Blame History

"""Tests for cached authentication middleware."""
import unittest
from django.conf import settings
from django.contrib.auth.models import User
from django.core.urlresolvers import reverse
from django.test import TestCase
from mock import patch
from student.tests.factories import UserFactory
class CachedAuthMiddlewareTestCase(TestCase):
"""Tests for CacheBackedAuthenticationMiddleware class."""
def setUp(self):
super(CachedAuthMiddlewareTestCase, self).setUp()
password = 'test-password'
self.user = UserFactory(password=password)
self.client.login(username=self.user.username, password=password)
def _test_change_session_hash(self, test_url, redirect_url):
"""
Verify that if a user's session auth hash and the request's hash
differ, the user is logged out. The URL to test and the
expected redirect are passed in, since we want to test this
behavior in both LMS and CMS, but the two systems have
different URLconfs.
"""
response = self.client.get(test_url)
self.assertEqual(response.status_code, 200)
with patch.object(User, 'get_session_auth_hash', return_value='abc123'):
response = self.client.get(test_url)
self.assertRedirects(response, redirect_url)
@unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
def test_session_change_lms(self):
"""Test session verification with LMS-specific URLs."""
dashboard_url = reverse('dashboard')
self._test_change_session_hash(dashboard_url, reverse('signin_user') + '?next=' + dashboard_url)
@unittest.skipUnless(settings.ROOT_URLCONF == 'cms.urls', 'Test only valid in cms')
def test_session_change_cms(self):
"""Test session verification with CMS-specific URLs."""
home_url = reverse('home')
self._test_change_session_hash(home_url, reverse('login') + '?next=' + home_url)
Reference in New Issue View Git Blame Copy Permalink