-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: DEV-3397: Added session expiration settings and conditions (#3114)
* fix: DEV-3397: Added session expiration settings and conditions based on last login and last activity. Also made persistent session optional on login. * fix: DEV-3397: Adding option to ignore certain URLs for inactivity timeout reset * fix: DEV-3397: setting last_login to session on user registration Co-authored-by: Wesley Lima <wesley@heartex.com>
- Loading branch information
1 parent
6bd24ca
commit 3a022c7
Showing
9 changed files
with
176 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,123 @@ | ||
--- | ||
test_name: sessions | ||
strict: false | ||
marks: | ||
- usefixtures: | ||
- django_live_url | ||
- testing_session_timeouts | ||
stages: | ||
- id: signup | ||
name: Sign up | ||
request: | ||
url: "{django_live_url}/user/signup" | ||
data: | ||
email: test_suites_user@heartex.com | ||
password: 12345678 | ||
method: POST | ||
response: | ||
status_code: 302 | ||
|
||
- id: login | ||
name: Login | ||
request: | ||
url: "{django_live_url}/user/login" | ||
data: | ||
email: test_suites_user@heartex.com | ||
password: 12345678 | ||
method: POST | ||
response: | ||
status_code: 302 | ||
|
||
# A request right after login should be sucessful | ||
- name: get_projects | ||
request: | ||
method: POST | ||
url: '{django_live_url}/api/projects' | ||
response: | ||
save: | ||
json: | ||
pk: id | ||
status_code: 201 | ||
delay_after: 2 | ||
|
||
# After MAX_TIME_BETWEEN_ACTIVITY has passed, the session will be over and requests will be denied | ||
- name: get_projects | ||
request: | ||
method: POST | ||
url: '{django_live_url}/api/projects' | ||
response: | ||
save: | ||
json: | ||
pk: id | ||
status_code: 401 | ||
|
||
# login again | ||
- id: login | ||
name: Login | ||
request: | ||
url: "{django_live_url}/user/login" | ||
data: | ||
email: test_suites_user@heartex.com | ||
password: 12345678 | ||
method: POST | ||
response: | ||
status_code: 302 | ||
delay_after: 1 | ||
|
||
# make another request within MAX_TIME_BETWEEN_ACTIVITY | ||
- name: get_projects_1 | ||
request: | ||
method: POST | ||
url: '{django_live_url}/api/projects' | ||
response: | ||
save: | ||
json: | ||
pk: id | ||
status_code: 201 | ||
delay_after: 1 | ||
|
||
# and five more | ||
- name: get_projects_2 | ||
request: | ||
method: POST | ||
url: '{django_live_url}/api/projects' | ||
response: | ||
save: | ||
json: | ||
pk: id | ||
status_code: 201 | ||
delay_after: 1 | ||
|
||
- name: get_projects_3 | ||
request: | ||
method: POST | ||
url: '{django_live_url}/api/projects' | ||
response: | ||
save: | ||
json: | ||
pk: id | ||
status_code: 201 | ||
delay_after: 1 | ||
|
||
- name: get_projects_4 | ||
request: | ||
method: POST | ||
url: '{django_live_url}/api/projects' | ||
response: | ||
save: | ||
json: | ||
pk: id | ||
status_code: 201 | ||
delay_after: 1 | ||
|
||
# and by now we reach MAX_SESSION_AGE and hte session end even if we were active | ||
- name: get_projects_5 | ||
request: | ||
method: POST | ||
url: '{django_live_url}/api/projects' | ||
response: | ||
save: | ||
json: | ||
pk: id | ||
status_code: 401 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters