mirror of
https://github.com/benbusby/whoogle-search
synced 2024-11-04 18:00:25 +00:00
e06ff85579
This introduces a new approach to handling user sessions, which should allow for users to set more reliable config settings on public instances. Previously, when a user with cookies disabled would update their config, this would modify the app's default config file, which would in turn cause new users to inherit these settings when visiting the app for the first time and cause users to inherit these settings when their current session cookie expired (which was after 30 days by default I believe). There was also some half-baked logic for determining on the backend whether or not a user had cookies disabled, which lead to some issues with out of control session file creation by Flask. Now, when a user visits the site, their initial request is forwarded to a session/<session id> endpoint, and during that subsequent request their current session id is matched against the one found in the url. If the ids match, the user has cookies enabled. If not, their original request is modified with a 'cookies_disabled' query param that tells Flask not to bother trying to set up a new session for that user, and instead just use the app's fallback Fernet key for encryption and the default config. Since attempting to create a session for a user with cookies disabled creates a new session file, there is now also a clean-up routine included in the new session decorator, which will remove all sessions that don't include a valid key in the dict. NOTE!!! This means that current user sessions on public instances will be cleared once this update is merged in. In the long run that's a good thing though, since this will allow session mgmt to be a lot more reliable overall for users regardless of their cookie preference. Individual user sessions still use a unique Fernet key for encrypting queries, but users with cookies disabled will use the default app key for encryption and decryption. Sessions are also now (semi)permanent and have a lifetime of 1 year.
52 lines
1.8 KiB
Python
52 lines
1.8 KiB
Python
from cryptography.fernet import Fernet
|
|
|
|
from app import app
|
|
from app.models.endpoint import Endpoint
|
|
from app.utils.session import generate_user_key, valid_user_session
|
|
|
|
|
|
def test_generate_user_keys():
|
|
key = generate_user_key()
|
|
assert Fernet(key)
|
|
assert generate_user_key() != key
|
|
|
|
|
|
def test_valid_session(client):
|
|
assert not valid_user_session({'key': '', 'config': {}})
|
|
with client.session_transaction() as session:
|
|
assert valid_user_session(session)
|
|
|
|
|
|
def test_valid_translation_keys(client):
|
|
valid_lang_keys = [_['value'] for _ in app.config['LANGUAGES']]
|
|
en_keys = app.config['TRANSLATIONS']['lang_en'].keys()
|
|
for translation_key in app.config['TRANSLATIONS']:
|
|
# Ensure the translation is using a valid language value
|
|
assert translation_key in valid_lang_keys
|
|
|
|
# Ensure all translations match the same size/content of the original
|
|
# English translation
|
|
assert app.config['TRANSLATIONS'][translation_key].keys() == en_keys
|
|
|
|
|
|
def test_query_decryption(client):
|
|
# FIXME: Handle decryption errors in search.py and rewrite test
|
|
# This previously was used to test swapping decryption keys between
|
|
# queries. While this worked in theory and usually didn't cause problems,
|
|
# they were tied to session IDs and those are really unreliable (meaning
|
|
# that occasionally page navigation would break).
|
|
rv = client.get('/')
|
|
cookie = rv.headers['Set-Cookie']
|
|
|
|
rv = client.get(f'/{Endpoint.search}?q=test+1', headers={'Cookie': cookie})
|
|
assert rv._status_code == 200
|
|
|
|
with client.session_transaction() as session:
|
|
assert valid_user_session(session)
|
|
|
|
rv = client.get(f'/{Endpoint.search}?q=test+2', headers={'Cookie': cookie})
|
|
assert rv._status_code == 200
|
|
|
|
with client.session_transaction() as session:
|
|
assert valid_user_session(session)
|