xevion/linkpulse
1
0
Fork 0
mirror of https://github.com/Xevion/linkpulse.git synced 2025-12-06 05:15:35 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add additional logs, finish test_auth_logout_expired

Browse Source
This commit is contained in:
Xevion
2024-11-10 13:02:02 -06:00
parent 4d6c46a309
commit 1ea3bc20db
4 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
backend/linkpulse/dependencies.py
View File

@@ -59,6 +59,7 @@ class SessionDependency:
# If not present, raise 401 if required # If not present, raise 401 if required
if session_token is None: if session_token is None:
logger.debug("No session cookie found", required=self.required)
if self.required: if self.required:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorized") raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Unauthorized")
return None return None

1
backend/linkpulse/models.py
View File

@@ -91,6 +91,7 @@ class Session(BaseModel):
now = utc_now() now = utc_now()
if self.expiry_utc < now: if self.expiry_utc < now:
logger.debug("Session expired", token=self.token, user=self.user.email, revoke=revoke)
if revoke: if revoke:
self.delete_instance() self.delete_instance()
return True return True

3
backend/linkpulse/routers/auth.py
View File

@@ -121,9 +121,10 @@ async def logout(
# We can assume the session is valid via the dependency # We can assume the session is valid via the dependency
if not all: if not all:
session.delete_instance() session.delete_instance()
logger.debug("Session deleted", user=session.user.email, token=session.token)
else: else:
count = Session.delete().where(Session.user == session.user).execute() count = Session.delete().where(Session.user == session.user).execute()
logger.debug("All sessions deleted", user=session.user.email, count=count) logger.debug("All sessions deleted", user=session.user.email, count=count, source_token=session.token)
response.set_cookie("session", "", max_age=0) response.set_cookie("session", "", max_age=0)

12
backend/linkpulse/tests/test_auth.py
View File

@@ -64,6 +64,18 @@ def test_auth_login_logout(user):
def test_auth_logout_expired(expired_session): def test_auth_logout_expired(expired_session):
# Test that an expired session cannot be used to logout, but still removes the cookie
with TestClient(app) as client: with TestClient(app) as client:
response = client.post("/api/logout") response = client.post("/api/logout")
assert response.status_code == status.HTTP_401_UNAUTHORIZED assert response.status_code == status.HTTP_401_UNAUTHORIZED
# Add expired session cookie
client.cookies.set("session", expired_session.token)
assert client.cookies.get("session") is not None
# Attempt to logout
response = client.post("/api/logout")
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert client.cookies.get("session") is None
# TODO: Ensure ?all=True doesn't do anything either