orbit-oss/flask
4
4
Fork 2
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

enable secret key rotation

Browse source
This commit is contained in:
David Lord 2024-11-08 08:09:01 -08:00
parent 7522c4bcdb
commit e13373f838
No known key found for this signature in database
GPG key ID: 43368A7AA8CC5926
9 changed files with 55 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

22
tests/test_basic.py
View file

@ -1,5 +1,6 @@
import gc
import re
import typing as t
import uuid
import warnings
import weakref
@ -369,6 +370,27 @@ def test_missing_session(app):
expect_exception(flask.session.pop, "foo")
def test_session_secret_key_fallbacks(app, client) -> None:
@app.post("/")
def set_session() -> str:
flask.session["a"] = 1
return ""
@app.get("/")
def get_session() -> dict[str, t.Any]:
return dict(flask.session)
# Set session with initial secret key
client.post()
assert client.get().json == {"a": 1}
# Change secret key, session can't be loaded and appears empty
app.secret_key = "new test key"
assert client.get().json == {}
# Add initial secret key as fallback, session can be loaded
app.config["SECRET_KEY_FALLBACKS"] = ["test key"]
assert client.get().json == {"a": 1}
def test_session_expiration(app, client):
permanent = True