Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions tests/publisher/tests_account_logout.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import responses
from tests.publisher.endpoint_testing import BaseTestCases
from webapp.authentication import SESSION_DATA_KEYS

# Make sure tests fail on stray responses.
responses.mock.assert_all_requests_are_fired = True
Expand All @@ -13,8 +14,14 @@ def setUp(self):

@responses.activate
def test_logout(self):
with self.client.session_transaction() as session:
for key in SESSION_DATA_KEYS:
session[key] = "MOCK VALUE"

response = self.client.get(self.endpoint_url)

self.assertEqual(302, response.status_code)

self.assertEqual("/", response.location)

self.assertIn("session=;", response.headers.get("Set-Cookie"))
19 changes: 14 additions & 5 deletions webapp/authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,18 @@
]


SESSION_DATA_KEYS = [
"macaroons",
"macaroon_root",
"macaroon_discharge",
"publisher",
"github_auth_secret",
"developer_token",
"exchanged_developer_token",
"csrf_token",
] # keys for data stored in the session that should be cleared on logout


def get_authorization_header(root, discharge):
"""
Bind root and discharge macaroons and return the authorization header.
Expand Down Expand Up @@ -52,11 +64,8 @@ def empty_session(session):
"""
Empty the session, used to logout.
"""
session.pop("macaroons", None)
session.pop("macaroon_root", None)
session.pop("macaroon_discharge", None)
session.pop("publisher", None)
session.pop("github_auth_secret", None)
for key in SESSION_DATA_KEYS:
session.pop(key, None)


def get_caveat_id(root):
Expand Down