mirror of
https://github.com/zulip/zulip.git
synced 2025-11-11 01:16:19 +00:00
Django 1.8 compatibility: extracting the user from a session
django commit 596564e80808 stores the user id in the session as a string, which broke our code that extracts the user id and compares it to the id of a UserProfile object. (imported from commit 99defd7fea96553550fa19e0b2f3e91a1baac123)
This commit is contained in:
Reid Barton
@@ -53,6 +53,7 @@ from zerver.lib.push_notifications import num_push_devices_for_user, \
|
||||
send_apple_push_notification, send_android_push_notification
|
||||
from zerver.lib.notifications import clear_followup_emails_queue
|
||||
from zerver.lib.narrow import check_supported_events_narrow_filter
|
||||
from zerver.lib.session_user import get_session_user
|
||||
|
||||
import DNS
|
||||
import ujson
|
||||
@@ -166,21 +167,21 @@ def do_create_user(email, password, realm, full_name, short_name,
|
||||
|
||||
def user_sessions(user_profile):
|
||||
return [s for s in Session.objects.all()
|
||||
if s.get_decoded().get('_auth_user_id') == user_profile.id]
|
||||
if get_session_user(s) == user_profile.id]
|
||||
|
||||
def delete_session(session):
|
||||
return session_engine.SessionStore(session.session_key).delete()
|
||||
|
||||
def delete_user_sessions(user_profile):
|
||||
for session in Session.objects.all():
|
||||
if session.get_decoded().get('_auth_user_id') == user_profile.id:
|
||||
if get_session_user(session) == user_profile.id:
|
||||
delete_session(session)
|
||||
|
||||
def delete_realm_user_sessions(realm):
|
||||
realm_user_ids = [user_profile.id for user_profile in
|
||||
UserProfile.objects.filter(realm=realm)]
|
||||
for session in Session.objects.filter(expire_date__gte=datetime.datetime.now()):
|
||||
if session.get_decoded().get('_auth_user_id') in realm_user_ids:
|
||||
if get_session_user(session) in realm_user_ids:
|
||||
delete_session(session)
|
||||
|
||||
def delete_all_user_sessions():
|
||||
|
||||
13
zerver/lib/session_user.py
Normal file
13
zerver/lib/session_user.py
Normal file
@@ -0,0 +1,13 @@
|
||||
from __future__ import absolute_import
|
||||
|
||||
from django.contrib.auth import SESSION_KEY, get_user_model
|
||||
|
||||
def get_session_dict_user(session_dict):
|
||||
# Compare django.contrib.auth._get_user_session_key
|
||||
try:
|
||||
return get_user_model()._meta.pk.to_python(session_dict[SESSION_KEY])
|
||||
except KeyError:
|
||||
return None
|
||||
|
||||
def get_session_user(session):
|
||||
return get_session_dict_user(session.get_decoded())
|
||||
@@ -20,6 +20,7 @@ from zerver.lib.event_queue import get_client_descriptor
|
||||
from zerver.middleware import record_request_start_data, record_request_stop_data, \
|
||||
record_request_restart_data, write_log_line, format_timedelta
|
||||
from zerver.lib.redis_utils import get_redis_client
|
||||
from zerver.lib.session_user import get_session_user
|
||||
|
||||
logger = logging.getLogger('zulip.socket')
|
||||
|
||||
@@ -34,10 +35,8 @@ def get_user_profile(session_id):
|
||||
except djSession.DoesNotExist:
|
||||
return None
|
||||
|
||||
session_store = djsession_engine.SessionStore(djsession.session_key)
|
||||
|
||||
try:
|
||||
return UserProfile.objects.get(pk=session_store['_auth_user_id'])
|
||||
return UserProfile.objects.get(pk=get_session_user(djsession))
|
||||
except (UserProfile.DoesNotExist, KeyError):
|
||||
return None
|
||||
|
||||
|
||||
@@ -19,6 +19,7 @@ from zerver.lib.digest import send_digest_email
|
||||
from zerver.lib.notifications import enqueue_welcome_emails, one_click_unsubscribe_link
|
||||
from zerver.lib.test_helpers import AuthedTestCase, find_key_by_email, queries_captured
|
||||
from zerver.lib.test_runner import slow
|
||||
from zerver.lib.session_user import get_session_dict_user
|
||||
|
||||
import re
|
||||
import ujson
|
||||
@@ -90,11 +91,11 @@ class LoginTest(AuthedTestCase):
|
||||
def test_login(self):
|
||||
self.login("hamlet@zulip.com")
|
||||
user_profile = get_user_profile_by_email('hamlet@zulip.com')
|
||||
self.assertEqual(self.client.session['_auth_user_id'], user_profile.id)
|
||||
self.assertEqual(get_session_dict_user(self.client.session), user_profile.id)
|
||||
|
||||
def test_login_bad_password(self):
|
||||
self.login("hamlet@zulip.com", "wrongpassword")
|
||||
self.assertIsNone(self.client.session.get('_auth_user_id', None))
|
||||
self.assertIsNone(get_session_dict_user(self.client.session))
|
||||
|
||||
def test_login_nonexist_user(self):
|
||||
result = self.login("xxx@zulip.com", "xxx")
|
||||
@@ -112,7 +113,7 @@ class LoginTest(AuthedTestCase):
|
||||
# Ensure the number of queries we make is not O(streams)
|
||||
self.assert_length(queries, 67)
|
||||
user_profile = get_user_profile_by_email('test@zulip.com')
|
||||
self.assertEqual(self.client.session['_auth_user_id'], user_profile.id)
|
||||
self.assertEqual(get_session_dict_user(self.client.session), user_profile.id)
|
||||
|
||||
def test_register_deactivated(self):
|
||||
"""
|
||||
@@ -143,7 +144,7 @@ class LoginTest(AuthedTestCase):
|
||||
def test_logout(self):
|
||||
self.login("hamlet@zulip.com")
|
||||
self.client.post('/accounts/logout/')
|
||||
self.assertIsNone(self.client.session.get('_auth_user_id', None))
|
||||
self.assertIsNone(get_session_dict_user(self.client.session))
|
||||
|
||||
def test_non_ascii_login(self):
|
||||
"""
|
||||
@@ -155,14 +156,14 @@ class LoginTest(AuthedTestCase):
|
||||
# Registering succeeds.
|
||||
self.register("test", password)
|
||||
user_profile = get_user_profile_by_email(email)
|
||||
self.assertEqual(self.client.session['_auth_user_id'], user_profile.id)
|
||||
self.assertEqual(get_session_dict_user(self.client.session), user_profile.id)
|
||||
self.client.post('/accounts/logout/')
|
||||
self.assertIsNone(self.client.session.get('_auth_user_id', None))
|
||||
self.assertIsNone(get_session_dict_user(self.client.session))
|
||||
|
||||
# Logging in succeeds.
|
||||
self.client.post('/accounts/logout/')
|
||||
self.login(email, password)
|
||||
self.assertEqual(self.client.session['_auth_user_id'], user_profile.id)
|
||||
self.assertEqual(get_session_dict_user(self.client.session), user_profile.id)
|
||||
|
||||
def test_register_first_user_with_invites(self):
|
||||
"""
|
||||
|
||||
@@ -24,6 +24,7 @@ from zerver.lib.actions import \
|
||||
from zerver.lib.alert_words import alert_words_in_realm, user_alert_words, \
|
||||
add_user_alert_words, remove_user_alert_words
|
||||
from zerver.lib.notifications import handle_missedmessage_emails
|
||||
from zerver.lib.session_user import get_session_dict_user
|
||||
from zerver.middleware import is_slow_query
|
||||
|
||||
from zerver.worker import queue_processors
|
||||
@@ -951,7 +952,7 @@ class ChangeSettingsTest(AuthedTestCase):
|
||||
self.client.post('/accounts/logout/')
|
||||
self.login("hamlet@zulip.com", "foobar1")
|
||||
user_profile = get_user_profile_by_email('hamlet@zulip.com')
|
||||
self.assertEqual(self.client.session['_auth_user_id'], user_profile.id)
|
||||
self.assertEqual(get_session_dict_user(self.client.session), user_profile.id)
|
||||
|
||||
def test_notify_settings(self):
|
||||
# This is basically a don't-explode test.
|
||||
|
||||
Reference in New Issue
Block a user