59 lines
2.3 KiB
Python
59 lines
2.3 KiB
Python
# django-mellon - SAML2 authentication for Django
|
|
# Copyright (C) 2014-2022 Entr'ouvert
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU Affero General Public License as
|
|
# published by the Free Software Foundation, either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU Affero General Public License for more details.
|
|
|
|
# You should have received a copy of the GNU Affero General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
import datetime
|
|
from importlib import import_module
|
|
|
|
import pytest
|
|
from django.utils.timezone import now
|
|
|
|
from mellon import models
|
|
|
|
|
|
@pytest.mark.parametrize(
|
|
'session_engine_path',
|
|
[
|
|
'mellon.sessions_backends.db',
|
|
'django.contrib.sessions.backends.cache',
|
|
],
|
|
)
|
|
def test_session_index_cleaning(session_engine_path, db, settings, django_user_model, freezer):
|
|
settings.SESSION_ENGINE = session_engine_path
|
|
session_engine = import_module(settings.SESSION_ENGINE)
|
|
store = session_engine.SessionStore(None)
|
|
user = django_user_model.objects.create(username='user')
|
|
issuer = models.Issuer.objects.create(entity_id='https://idp.example.com/', slug='idp')
|
|
usi = models.UserSAMLIdentifier.objects.create(user=user, issuer=issuer, name_id='1234')
|
|
store['x'] = 1
|
|
store.set_expiry(86400 * 31) # expire session after one month
|
|
store.save()
|
|
models.SessionIndex.objects.create(
|
|
session_index='abcd', session_key=store.session_key, saml_identifier=usi
|
|
)
|
|
assert models.SessionIndex.objects.count() == 1
|
|
|
|
# check SessionIndex is only cleaned if the session is dead,
|
|
# logout_timestamp being only used as a hint
|
|
freezer.move_to(datetime.timedelta(days=10))
|
|
models.SessionIndex.cleanup()
|
|
assert models.SessionIndex.objects.count() == 1
|
|
models.SessionIndex.objects.update(logout_timestamp=now())
|
|
models.SessionIndex.cleanup()
|
|
assert models.SessionIndex.objects.count() == 1
|
|
|
|
store.flush() # delete the session
|
|
models.SessionIndex.cleanup()
|
|
assert models.SessionIndex.objects.count() == 0
|