Merged
Conversation
fb59be6 to
6a85ed6
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #2813 +/- ##
==========================================
+ Coverage 57.10% 57.14% +0.03%
==========================================
Files 567 567
Lines 41275 41275
==========================================
+ Hits 23570 23585 +15
+ Misses 17705 17690 -15 ☔ View full report in Codecov by Sentry. |
f99a74c to
7737eab
Compare
Closed
9c07866 to
d4916f8
Compare
Contributor
Author
|
The codecov complaints are irrelevant for this pr |
stveit
commented
Feb 27, 2024
hmpf
approved these changes
Feb 28, 2024
lunkwill42
requested changes
Feb 28, 2024
Member
lunkwill42
left a comment
There was a problem hiding this comment.
Looks great to me!
Just naming nitpicks, and one potential corner case for cycling a session id.
Does not do antyhing for logging out(i.e. removing account) just when changing from either no account to an account or from one account to another
97c62c4 to
fd4883e
Compare
this func is imported alot of places, makes no sense for this to be marked as private
have to mock away the cycle_key thingy else existing tests fail. Will probably need separate integration tests to test session ID cycling
Avoids session id changing on every request. session will still be cycled on login by the functions that directly handle login. ensure_account either just sets the request.account field to the match the already logged in user, or sets the account to be the anonymous user. Neither should trigger a session_id.
got some issues testing session stuff when the client was shared amongst all tests, maybe it got old or something as well. Getting a fresh client for each test was a lot better
Co-authored-by: Morten Brekkevold <morten.brekkevold@sikt.no>
Co-authored-by: Morten Brekkevold <morten.brekkevold@sikt.no>
fd4883e to
19c5d84
Compare
|
Contributor
Author
|
Rebased on master to get in #2835 |
lunkwill42
approved these changes
Feb 29, 2024
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For #2804 (might not solve it fully depending on how many changes to session id we want to do)
Cycles session ID on login. Or more generally, every time a different user is made into the active account for the session, so this includes the sudo/desudo functions where the logged in account is changed.
Had some issues testing against sessions with a session scoped
clientfixture. Changing this tofunctionscoped and ensuring I get a fresh client for each test was a lot better