diff options
| author | django-bot <ops@djangoproject.com> | 2022-02-03 20:24:19 +0100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-02-07 20:37:05 +0100 |
| commit | 9c19aff7c7561e3a82978a272ecdaad40dda5c00 (patch) | |
| tree | f0506b668a013d0063e5fba3dbf4863b466713ba /tests/sessions_tests | |
| parent | f68fa8b45dfac545cfc4111d4e52804c86db68d3 (diff) | |
| download | django-9c19aff7c7561e3a82978a272ecdaad40dda5c00.tar.gz | |
Refs #33476 -- Reformatted code with Black.
Diffstat (limited to 'tests/sessions_tests')
| -rw-r--r-- | tests/sessions_tests/models.py | 4 | ||||
| -rw-r--r-- | tests/sessions_tests/no_clear_expired.py | 1 | ||||
| -rw-r--r-- | tests/sessions_tests/tests.py | 308 |
3 files changed, 168 insertions, 145 deletions
diff --git a/tests/sessions_tests/models.py b/tests/sessions_tests/models.py index 557dbf7865..6eda26f22a 100644 --- a/tests/sessions_tests/models.py +++ b/tests/sessions_tests/models.py @@ -12,6 +12,7 @@ class CustomSession(AbstractBaseSession): """ A session model with a column for an account ID. """ + account_id = models.IntegerField(null=True, db_index=True) @classmethod @@ -24,6 +25,7 @@ class SessionStore(DBStore): A database session store, that handles updating the account ID column inside the custom session model. """ + @classmethod def get_model_class(cls): return CustomSession @@ -32,7 +34,7 @@ class SessionStore(DBStore): obj = super().create_model_instance(data) try: - account_id = int(data.get('_auth_user_id')) + account_id = int(data.get("_auth_user_id")) except (ValueError, TypeError): account_id = None obj.account_id = account_id diff --git a/tests/sessions_tests/no_clear_expired.py b/tests/sessions_tests/no_clear_expired.py index 0bdfcab6da..4a229868ce 100644 --- a/tests/sessions_tests/no_clear_expired.py +++ b/tests/sessions_tests/no_clear_expired.py @@ -3,4 +3,5 @@ from django.contrib.sessions.backends.base import SessionBase class SessionStore(SessionBase): """Session store without support for clearing expired sessions.""" + pass diff --git a/tests/sessions_tests/tests.py b/tests/sessions_tests/tests.py index 367c40fcc3..42e68df420 100644 --- a/tests/sessions_tests/tests.py +++ b/tests/sessions_tests/tests.py @@ -12,17 +12,13 @@ from unittest import mock from django.conf import settings from django.contrib.sessions.backends.base import UpdateError from django.contrib.sessions.backends.cache import SessionStore as CacheSession -from django.contrib.sessions.backends.cached_db import ( - SessionStore as CacheDBSession, -) +from django.contrib.sessions.backends.cached_db import SessionStore as CacheDBSession from django.contrib.sessions.backends.db import SessionStore as DatabaseSession from django.contrib.sessions.backends.file import SessionStore as FileSession from django.contrib.sessions.backends.signed_cookies import ( SessionStore as CookieSession, ) -from django.contrib.sessions.exceptions import ( - InvalidSessionKey, SessionInterrupted, -) +from django.contrib.sessions.exceptions import InvalidSessionKey, SessionInterrupted from django.contrib.sessions.middleware import SessionMiddleware from django.contrib.sessions.models import Session from django.contrib.sessions.serializers import JSONSerializer @@ -33,7 +29,10 @@ from django.core.exceptions import ImproperlyConfigured from django.core.signing import TimestampSigner from django.http import HttpResponse from django.test import ( - RequestFactory, SimpleTestCase, TestCase, ignore_warnings, + RequestFactory, + SimpleTestCase, + TestCase, + ignore_warnings, override_settings, ) from django.utils import timezone @@ -62,63 +61,66 @@ class SessionTestsMixin: self.assertIs(self.session.accessed, False) def test_get_empty(self): - self.assertIsNone(self.session.get('cat')) + self.assertIsNone(self.session.get("cat")) def test_store(self): - self.session['cat'] = "dog" + self.session["cat"] = "dog" self.assertIs(self.session.modified, True) - self.assertEqual(self.session.pop('cat'), 'dog') + self.assertEqual(self.session.pop("cat"), "dog") def test_pop(self): - self.session['some key'] = 'exists' + self.session["some key"] = "exists" # Need to reset these to pretend we haven't accessed it: self.accessed = False self.modified = False - self.assertEqual(self.session.pop('some key'), 'exists') + self.assertEqual(self.session.pop("some key"), "exists") self.assertIs(self.session.accessed, True) self.assertIs(self.session.modified, True) - self.assertIsNone(self.session.get('some key')) + self.assertIsNone(self.session.get("some key")) def test_pop_default(self): - self.assertEqual(self.session.pop('some key', 'does not exist'), - 'does not exist') + self.assertEqual( + self.session.pop("some key", "does not exist"), "does not exist" + ) self.assertIs(self.session.accessed, True) self.assertIs(self.session.modified, False) def test_pop_default_named_argument(self): - self.assertEqual(self.session.pop('some key', default='does not exist'), 'does not exist') + self.assertEqual( + self.session.pop("some key", default="does not exist"), "does not exist" + ) self.assertIs(self.session.accessed, True) self.assertIs(self.session.modified, False) def test_pop_no_default_keyerror_raised(self): with self.assertRaises(KeyError): - self.session.pop('some key') + self.session.pop("some key") def test_setdefault(self): - self.assertEqual(self.session.setdefault('foo', 'bar'), 'bar') - self.assertEqual(self.session.setdefault('foo', 'baz'), 'bar') + self.assertEqual(self.session.setdefault("foo", "bar"), "bar") + self.assertEqual(self.session.setdefault("foo", "baz"), "bar") self.assertIs(self.session.accessed, True) self.assertIs(self.session.modified, True) def test_update(self): - self.session.update({'update key': 1}) + self.session.update({"update key": 1}) self.assertIs(self.session.accessed, True) self.assertIs(self.session.modified, True) - self.assertEqual(self.session.get('update key', None), 1) + self.assertEqual(self.session.get("update key", None), 1) def test_has_key(self): - self.session['some key'] = 1 + self.session["some key"] = 1 self.session.modified = False self.session.accessed = False - self.assertIn('some key', self.session) + self.assertIn("some key", self.session) self.assertIs(self.session.accessed, True) self.assertIs(self.session.modified, False) def test_values(self): self.assertEqual(list(self.session.values()), []) self.assertIs(self.session.accessed, True) - self.session['some key'] = 1 + self.session["some key"] = 1 self.session.modified = False self.session.accessed = False self.assertEqual(list(self.session.values()), [1]) @@ -126,26 +128,26 @@ class SessionTestsMixin: self.assertIs(self.session.modified, False) def test_keys(self): - self.session['x'] = 1 + self.session["x"] = 1 self.session.modified = False self.session.accessed = False - self.assertEqual(list(self.session.keys()), ['x']) + self.assertEqual(list(self.session.keys()), ["x"]) self.assertIs(self.session.accessed, True) self.assertIs(self.session.modified, False) def test_items(self): - self.session['x'] = 1 + self.session["x"] = 1 self.session.modified = False self.session.accessed = False - self.assertEqual(list(self.session.items()), [('x', 1)]) + self.assertEqual(list(self.session.items()), [("x", 1)]) self.assertIs(self.session.accessed, True) self.assertIs(self.session.modified, False) def test_clear(self): - self.session['x'] = 1 + self.session["x"] = 1 self.session.modified = False self.session.accessed = False - self.assertEqual(list(self.session.items()), [('x', 1)]) + self.assertEqual(list(self.session.items()), [("x", 1)]) self.session.clear() self.assertEqual(list(self.session.items()), []) self.assertIs(self.session.accessed, True) @@ -161,7 +163,7 @@ class SessionTestsMixin: self.assertIs(self.session.exists(self.session.session_key), False) def test_flush(self): - self.session['foo'] = 'bar' + self.session["foo"] = "bar" self.session.save() prev_key = self.session.session_key self.session.flush() @@ -172,7 +174,7 @@ class SessionTestsMixin: self.assertIs(self.session.accessed, True) def test_cycle(self): - self.session['a'], self.session['b'] = 'c', 'd' + self.session["a"], self.session["b"] = "c", "d" self.session.save() prev_key = self.session.session_key prev_data = list(self.session.items()) @@ -182,51 +184,52 @@ class SessionTestsMixin: self.assertEqual(list(self.session.items()), prev_data) def test_cycle_with_no_session_cache(self): - self.session['a'], self.session['b'] = 'c', 'd' + self.session["a"], self.session["b"] = "c", "d" self.session.save() prev_data = self.session.items() self.session = self.backend(self.session.session_key) - self.assertIs(hasattr(self.session, '_session_cache'), False) + self.assertIs(hasattr(self.session, "_session_cache"), False) self.session.cycle_key() self.assertCountEqual(self.session.items(), prev_data) def test_save_doesnt_clear_data(self): - self.session['a'] = 'b' + self.session["a"] = "b" self.session.save() - self.assertEqual(self.session['a'], 'b') + self.assertEqual(self.session["a"], "b") def test_invalid_key(self): # Submitting an invalid session key (either by guessing, or if the db has # removed the key) results in a new key being generated. try: - session = self.backend('1') + session = self.backend("1") session.save() - self.assertNotEqual(session.session_key, '1') - self.assertIsNone(session.get('cat')) + self.assertNotEqual(session.session_key, "1") + self.assertIsNone(session.get("cat")) session.delete() finally: # Some backends leave a stale cache entry for the invalid # session key; make sure that entry is manually deleted - session.delete('1') + session.delete("1") def test_session_key_empty_string_invalid(self): """Falsey values (Such as an empty string) are rejected.""" - self.session._session_key = '' + self.session._session_key = "" self.assertIsNone(self.session.session_key) def test_session_key_too_short_invalid(self): """Strings shorter than 8 characters are rejected.""" - self.session._session_key = '1234567' + self.session._session_key = "1234567" self.assertIsNone(self.session.session_key) def test_session_key_valid_string_saved(self): """Strings of length 8 and up are accepted and stored.""" - self.session._session_key = '12345678' - self.assertEqual(self.session.session_key, '12345678') + self.session._session_key = "12345678" + self.assertEqual(self.session.session_key, "12345678") def test_session_key_is_read_only(self): def set_session_key(session): session.session_key = session._get_new_session_key() + with self.assertRaises(AttributeError): set_session_key(self.session) @@ -310,39 +313,41 @@ class SessionTestsMixin: def test_decode(self): # Ensure we can decode what we encode - data = {'a test key': 'a test value'} + data = {"a test key": "a test value"} encoded = self.session.encode(data) self.assertEqual(self.session.decode(encoded), data) def test_decode_failure_logged_to_security(self): tests = [ - base64.b64encode(b'flaskdj:alkdjf').decode('ascii'), - 'bad:encoded:value', + base64.b64encode(b"flaskdj:alkdjf").decode("ascii"), + "bad:encoded:value", ] for encoded in tests: with self.subTest(encoded=encoded): - with self.assertLogs('django.security.SuspiciousSession', 'WARNING') as cm: + with self.assertLogs( + "django.security.SuspiciousSession", "WARNING" + ) as cm: self.assertEqual(self.session.decode(encoded), {}) # The failed decode is logged. - self.assertIn('Session data corrupted', cm.output[0]) + self.assertIn("Session data corrupted", cm.output[0]) def test_decode_serializer_exception(self): signer = TimestampSigner(salt=self.session.key_salt) - encoded = signer.sign(b'invalid data') + encoded = signer.sign(b"invalid data") self.assertEqual(self.session.decode(encoded), {}) def test_actual_expiry(self): old_session_key = None new_session_key = None try: - self.session['foo'] = 'bar' + self.session["foo"] = "bar" self.session.set_expiry(-timedelta(seconds=10)) self.session.save() old_session_key = self.session.session_key # With an expiry date in the past, the session expires instantly. new_session = self.backend(self.session.session_key) new_session_key = new_session.session_key - self.assertNotIn('foo', new_session) + self.assertNotIn("foo", new_session) finally: self.session.delete(old_session_key) self.session.delete(new_session_key) @@ -353,13 +358,13 @@ class SessionTestsMixin: Creating session records on load is a DOS vulnerability. """ - session = self.backend('someunknownkey') + session = self.backend("someunknownkey") session.load() self.assertIsNone(session.session_key) self.assertIs(session.exists(session.session_key), False) # provided unknown key was cycled, not reused - self.assertNotEqual(session.session_key, 'someunknownkey') + self.assertNotEqual(session.session_key, "someunknownkey") def test_session_save_does_not_resurrect_session_logged_out_in_other_context(self): """ @@ -367,7 +372,7 @@ class SessionTestsMixin: """ # Create new session. s1 = self.backend() - s1['test_data'] = 'value1' + s1["test_data"] = "value1" s1.save(must_create=True) # Logout in another context. @@ -375,7 +380,7 @@ class SessionTestsMixin: s2.delete() # Modify session in first context. - s1['test_data'] = 'value2' + s1["test_data"] = "value2" with self.assertRaises(UpdateError): # This should throw an exception as the session is deleted, not # resurrect the session. @@ -387,7 +392,7 @@ class SessionTestsMixin: class DatabaseSessionTests(SessionTestsMixin, TestCase): backend = DatabaseSession - session_engine = 'django.contrib.sessions.backends.db' + session_engine = "django.contrib.sessions.backends.db" @property def model(self): @@ -395,7 +400,7 @@ class DatabaseSessionTests(SessionTestsMixin, TestCase): def test_session_str(self): "Session repr should be the session key." - self.session['x'] = 1 + self.session["x"] = 1 self.session.save() session_key = self.session.session_key @@ -408,27 +413,27 @@ class DatabaseSessionTests(SessionTestsMixin, TestCase): Test we can use Session.get_decoded to retrieve data stored in normal way """ - self.session['x'] = 1 + self.session["x"] = 1 self.session.save() s = self.model.objects.get(session_key=self.session.session_key) - self.assertEqual(s.get_decoded(), {'x': 1}) + self.assertEqual(s.get_decoded(), {"x": 1}) def test_sessionmanager_save(self): """ Test SessionManager.save method """ # Create a session - self.session['y'] = 1 + self.session["y"] = 1 self.session.save() s = self.model.objects.get(session_key=self.session.session_key) # Change it - self.model.objects.save(s.session_key, {'y': 2}, s.expire_date) + self.model.objects.save(s.session_key, {"y": 2}, s.expire_date) # Clear cache, so that it will be retrieved from DB del self.session._session_cache - self.assertEqual(self.session['y'], 2) + self.assertEqual(self.session["y"], 2) def test_clearsessions_command(self): """ @@ -437,20 +442,20 @@ class DatabaseSessionTests(SessionTestsMixin, TestCase): self.assertEqual(0, self.model.objects.count()) # One object in the future - self.session['foo'] = 'bar' + self.session["foo"] = "bar" self.session.set_expiry(3600) self.session.save() # One object in the past other_session = self.backend() - other_session['foo'] = 'bar' + other_session["foo"] = "bar" other_session.set_expiry(-3600) other_session.save() # Two sessions are in the database before clearsessions... self.assertEqual(2, self.model.objects.count()) with override_settings(SESSION_ENGINE=self.session_engine): - management.call_command('clearsessions') + management.call_command("clearsessions") # ... and one is deleted. self.assertEqual(1, self.model.objects.count()) @@ -462,13 +467,13 @@ class DatabaseSessionWithTimeZoneTests(DatabaseSessionTests): class CustomDatabaseSessionTests(DatabaseSessionTests): backend = CustomDatabaseSession - session_engine = 'sessions_tests.models' + session_engine = "sessions_tests.models" custom_session_cookie_age = 60 * 60 * 24 # One day. def test_extra_session_field(self): # Set the account ID to be picked up by a custom session storage # and saved to a custom session model database column. - self.session['_auth_user_id'] = 42 + self.session["_auth_user_id"] = 42 self.session.save() # Make sure that the customized create_model_instance() was called. @@ -476,7 +481,7 @@ class CustomDatabaseSessionTests(DatabaseSessionTests): self.assertEqual(s.account_id, 42) # Make the session "anonymous". - self.session.pop('_auth_user_id') + self.session.pop("_auth_user_id") self.session.save() # Make sure that save() on an existing session did the right job. @@ -510,7 +515,7 @@ class CacheDBSessionTests(SessionTestsMixin, TestCase): self.session._session_key = (string.ascii_letters + string.digits) * 20 self.assertEqual(self.session.load(), {}) - @override_settings(SESSION_CACHE_ALIAS='sessions') + @override_settings(SESSION_CACHE_ALIAS="sessions") def test_non_default_cache(self): # 21000 - CacheDB backend should respect SESSION_CACHE_ALIAS. with self.assertRaises(InvalidCacheBackendError): @@ -531,7 +536,7 @@ class FileSessionTests(SessionTestsMixin, SimpleTestCase): self.original_session_file_path = settings.SESSION_FILE_PATH self.temp_session_store = settings.SESSION_FILE_PATH = self.mkdtemp() # Reset the file session backend's internal caches - if hasattr(self.backend, '_storage_path'): + if hasattr(self.backend, "_storage_path"): del self.backend._storage_path super().setUp() @@ -544,7 +549,7 @@ class FileSessionTests(SessionTestsMixin, SimpleTestCase): return tempfile.mkdtemp() @override_settings( - SESSION_FILE_PATH='/if/this/directory/exists/you/have/a/weird/computer', + SESSION_FILE_PATH="/if/this/directory/exists/you/have/a/weird/computer", ) def test_configuration_check(self): del self.backend._storage_path @@ -577,21 +582,24 @@ class FileSessionTests(SessionTestsMixin, SimpleTestCase): file_prefix = settings.SESSION_COOKIE_NAME def count_sessions(): - return len([ - session_file for session_file in os.listdir(storage_path) - if session_file.startswith(file_prefix) - ]) + return len( + [ + session_file + for session_file in os.listdir(storage_path) + if session_file.startswith(file_prefix) + ] + ) self.assertEqual(0, count_sessions()) # One object in the future - self.session['foo'] = 'bar' + self.session["foo"] = "bar" self.session.set_expiry(3600) self.session.save() # One object in the past other_session = self.backend() - other_session['foo'] = 'bar' + other_session["foo"] = "bar" other_session.set_expiry(-3600) other_session.save() @@ -599,12 +607,12 @@ class FileSessionTests(SessionTestsMixin, SimpleTestCase): # its modification time + SESSION_COOKIE_AGE will be in the past when # clearsessions runs). other_session2 = self.backend() - other_session2['foo'] = 'bar' + other_session2["foo"] = "bar" other_session2.save() # Three sessions are in the filesystem before clearsessions... self.assertEqual(3, count_sessions()) - management.call_command('clearsessions') + management.call_command("clearsessions") # ... and two are deleted. self.assertEqual(1, count_sessions()) @@ -627,30 +635,33 @@ class CacheSessionTests(SessionTestsMixin, SimpleTestCase): def test_default_cache(self): self.session.save() - self.assertIsNotNone(caches['default'].get(self.session.cache_key)) + self.assertIsNotNone(caches["default"].get(self.session.cache_key)) - @override_settings(CACHES={ - 'default': { - 'BACKEND': 'django.core.cache.backends.dummy.DummyCache', - }, - 'sessions': { - 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', - 'LOCATION': 'session', + @override_settings( + CACHES={ + "default": { + "BACKEND": "django.core.cache.backends.dummy.DummyCache", + }, + "sessions": { + "BACKEND": "django.core.cache.backends.locmem.LocMemCache", + "LOCATION": "session", + }, }, - }, SESSION_CACHE_ALIAS='sessions') + SESSION_CACHE_ALIAS="sessions", + ) def test_non_default_cache(self): # Re-initialize the session backend to make use of overridden settings. self.session = self.backend() self.session.save() - self.assertIsNone(caches['default'].get(self.session.cache_key)) - self.assertIsNotNone(caches['sessions'].get(self.session.cache_key)) + self.assertIsNone(caches["default"].get(self.session.cache_key)) + self.assertIsNotNone(caches["sessions"].get(self.session.cache_key)) def test_create_and_save(self): self.session = self.backend() self.session.create() self.session.save() - self.assertIsNotNone(caches['default'].get(self.session.cache_key)) + self.assertIsNotNone(caches["default"].get(self.session.cache_key)) class SessionMiddlewareTests(TestCase): @@ -658,61 +669,63 @@ class SessionMiddlewareTests(TestCase): @staticmethod def get_response_touching_session(request): - request.session['hello'] = 'world' - return HttpResponse('Session test') + request.session["hello"] = "world" + return HttpResponse("Session test") @override_settings(SESSION_COOKIE_SECURE=True) def test_secure_session_cookie(self): - request = self.request_factory.get('/') + request = self.request_factory.get("/") middleware = SessionMiddleware(self.get_response_touching_session) # Handle the response through the middleware response = middleware(request) - self.assertIs(response.cookies[settings.SESSION_COOKIE_NAME]['secure'], True) + self.assertIs(response.cookies[settings.SESSION_COOKIE_NAME]["secure"], True) @override_settings(SESSION_COOKIE_HTTPONLY=True) def test_httponly_session_cookie(self): - request = self.request_factory.get('/') + request = self.request_factory.get("/") middleware = SessionMiddleware(self.get_response_touching_session) # Handle the response through the middleware response = middleware(request) - self.assertIs(response.cookies[settings.SESSION_COOKIE_NAME]['httponly'], True) + self.assertIs(response.cookies[settings.SESSION_COOKIE_NAME]["httponly"], True) self.assertIn( - cookies.Morsel._reserved['httponly'], - str(response.cookies[settings.SESSION_COOKIE_NAME]) + cookies.Morsel._reserved["httponly"], + str(response.cookies[settings.SESSION_COOKIE_NAME]), ) - @override_settings(SESSION_COOKIE_SAMESITE='Strict') + @override_settings(SESSION_COOKIE_SAMESITE="Strict") def test_samesite_session_cookie(self): - request = self.request_factory.get('/') + request = self.request_factory.get("/") middleware = SessionMiddleware(self.get_response_touching_session) response = middleware(request) - self.assertEqual(response.cookies[settings.SESSION_COOKIE_NAME]['samesite'], 'Strict') + self.assertEqual( + response.cookies[settings.SESSION_COOKIE_NAME]["samesite"], "Strict" + ) @override_settings(SESSION_COOKIE_HTTPONLY=False) def test_no_httponly_session_cookie(self): - request = self.request_factory.get('/') + request = self.request_factory.get("/") middleware = SessionMiddleware(self.get_response_touching_session) response = middleware(request) - self.assertEqual(response.cookies[settings.SESSION_COOKIE_NAME]['httponly'], '') + self.assertEqual(response.cookies[settings.SESSION_COOKIE_NAME]["httponly"], "") self.assertNotIn( - cookies.Morsel._reserved['httponly'], - str(response.cookies[settings.SESSION_COOKIE_NAME]) + cookies.Morsel._reserved["httponly"], + str(response.cookies[settings.SESSION_COOKIE_NAME]), ) def test_session_save_on_500(self): def response_500(requset): - response = HttpResponse('Horrible error') + response = HttpResponse("Horrible error") response.status_code = 500 - request.session['hello'] = 'world' + request.session["hello"] = "world" return response - request = self.request_factory.get('/') + request = self.request_factory.get("/") SessionMiddleware(response_500)(request) # The value wasn't saved above. - self.assertNotIn('hello', request.session.load()) + self.assertNotIn("hello", request.session.load()) def test_session_update_error_redirect(self): def response_delete_session(request): @@ -721,7 +734,7 @@ class SessionMiddlewareTests(TestCase): request.session.delete() return HttpResponse() - request = self.request_factory.get('/foo/') + request = self.request_factory.get("/foo/") middleware = SessionMiddleware(response_delete_session) msg = ( @@ -737,13 +750,13 @@ class SessionMiddlewareTests(TestCase): def test_session_delete_on_end(self): def response_ending_session(request): request.session.flush() - return HttpResponse('Session test') + return HttpResponse("Session test") - request = self.request_factory.get('/') + request = self.request_factory.get("/") middleware = SessionMiddleware(response_ending_session) # Before deleting, there has to be an existing cookie - request.COOKIES[settings.SESSION_COOKIE_NAME] = 'abc' + request.COOKIES[settings.SESSION_COOKIE_NAME] = "abc" # Handle the response through the middleware response = middleware(request) @@ -753,27 +766,29 @@ class SessionMiddlewareTests(TestCase): # Set-Cookie: sessionid=; expires=Thu, 01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/ self.assertEqual( 'Set-Cookie: {}=""; expires=Thu, 01 Jan 1970 00:00:00 GMT; ' - 'Max-Age=0; Path=/; SameSite={}'.format( + "Max-Age=0; Path=/; SameSite={}".format( settings.SESSION_COOKIE_NAME, settings.SESSION_COOKIE_SAMESITE, ), - str(response.cookies[settings.SESSION_COOKIE_NAME]) + str(response.cookies[settings.SESSION_COOKIE_NAME]), ) # SessionMiddleware sets 'Vary: Cookie' to prevent the 'Set-Cookie' # from being cached. - self.assertEqual(response.headers['Vary'], 'Cookie') + self.assertEqual(response.headers["Vary"], "Cookie") - @override_settings(SESSION_COOKIE_DOMAIN='.example.local', SESSION_COOKIE_PATH='/example/') + @override_settings( + SESSION_COOKIE_DOMAIN=".example.local", SESSION_COOKIE_PATH="/example/" + ) def test_session_delete_on_end_with_custom_domain_and_path(self): def response_ending_session(request): request.session.flush() - return HttpResponse('Session test') + return HttpResponse("Session test") - request = self.request_factory.get('/') + request = self.request_factory.get("/") middleware = SessionMiddleware(response_ending_session) # Before deleting, there has to be an existing cookie - request.COOKIES[settings.SESSION_COOKIE_NAME] = 'abc' + request.COOKIES[settings.SESSION_COOKIE_NAME] = "abc" # Handle the response through the middleware response = middleware(request) @@ -785,19 +800,19 @@ class SessionMiddlewareTests(TestCase): # Path=/example/ self.assertEqual( 'Set-Cookie: {}=""; Domain=.example.local; expires=Thu, ' - '01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/example/; SameSite={}'.format( + "01 Jan 1970 00:00:00 GMT; Max-Age=0; Path=/example/; SameSite={}".format( settings.SESSION_COOKIE_NAME, settings.SESSION_COOKIE_SAMESITE, ), - str(response.cookies[settings.SESSION_COOKIE_NAME]) + str(response.cookies[settings.SESSION_COOKIE_NAME]), ) def test_flush_empty_without_session_cookie_doesnt_set_cookie(self): def response_ending_session(request): request.session.flush() - return HttpResponse('Session test') + return HttpResponse("Session test") - request = self.request_factory.get('/') + request = self.request_factory.get("/") middleware = SessionMiddleware(response_ending_session) # Handle the response through the middleware @@ -806,35 +821,36 @@ class SessionMiddlewareTests(TestCase): # A cookie should not be set. self.assertEqual(response.cookies, {}) # The session is accessed so "Vary: Cookie" should be set. - self.assertEqual(response.headers['Vary'], 'Cookie') + self.assertEqual(response.headers["Vary"], "Cookie") def test_empty_session_saved(self): """ If a session is emptied of data but still has a key, it should still be updated. """ + def response_set_session(request): # Set a session key and some data. - request.session['foo'] = 'bar' - return HttpResponse('Session test') + request.session["foo"] = "bar" + return HttpResponse("Session test") - request = self.request_factory.get('/') + request = self.request_factory.get("/") middleware = SessionMiddleware(response_set_session) # Handle the response through the middleware. response = middleware(request) - self.assertEqual(tuple(request.session.items()), (('foo', 'bar'),)) + self.assertEqual(tuple(request.session.items()), (("foo", "bar"),)) # A cookie should be set, along with Vary: Cookie. self.assertIn( - 'Set-Cookie: sessionid=%s' % request.session.session_key, - str(response.cookies) + "Set-Cookie: sessionid=%s" % request.session.session_key, + str(response.cookies), ) - self.assertEqual(response.headers['Vary'], 'Cookie') + self.assertEqual(response.headers["Vary"], "Cookie") # Empty the session data. - del request.session['foo'] + del request.session["foo"] # Handle the response through the middleware. - response = HttpResponse('Session test') + response = HttpResponse("Session test") response = middleware.process_response(request, response) self.assertEqual(dict(request.session.values()), {}) session = Session.objects.get(session_key=request.session.session_key) @@ -843,10 +859,10 @@ class SessionMiddlewareTests(TestCase): # still be set, along with Vary: Cookie. self.assertGreater(len(request.session.session_key), 8) self.assertIn( - 'Set-Cookie: sessionid=%s' % request.session.session_key, - str(response.cookies) + "Set-Cookie: sessionid=%s" % request.session.session_key, + str(response.cookies), ) - self.assertEqual(response.headers['Vary'], 'Cookie') + self.assertEqual(response.headers["Vary"], "Cookie") class CookieSessionTests(SessionTestsMixin, SimpleTestCase): @@ -879,14 +895,18 @@ class CookieSessionTests(SessionTestsMixin, SimpleTestCase): # by creating a new session self.assertEqual(self.session.serializer, JSONSerializer) self.session.save() - with mock.patch('django.core.signing.loads', side_effect=ValueError): + with mock.patch("django.core.signing.loads", side_effect=ValueError): self.session.load() - @unittest.skip("Cookie backend doesn't have an external store to create records in.") + @unittest.skip( + "Cookie backend doesn't have an external store to create records in." + ) def test_session_load_does_not_create_record(self): pass - @unittest.skip("CookieSession is stored in the client and there is no way to query it.") + @unittest.skip( + "CookieSession is stored in the client and there is no way to query it." + ) def test_session_save_does_not_resurrect_session_logged_out_in_other_context(self): pass @@ -897,6 +917,6 @@ class ClearSessionsCommandTests(SimpleTestCase): "Session engine 'tests.sessions_tests.no_clear_expired' doesn't " "support clearing expired sessions." ) - with self.settings(SESSION_ENGINE='tests.sessions_tests.no_clear_expired'): + with self.settings(SESSION_ENGINE="tests.sessions_tests.no_clear_expired"): with self.assertRaisesMessage(management.CommandError, msg): - management.call_command('clearsessions') + management.call_command("clearsessions") |