@@ -91,37 +91,42 @@ def tf_in_session(session):
9191 )
9292
9393
94- @pytest .mark .settings (two_factor_always_validate = False )
95- def test_always_validate (app , client , get_message ):
94+ @pytest .mark .settings (
95+ two_factor_always_validate = False , two_factor_validity_cookie_name = "tfv"
96+ )
97+ def test_validity_cookie (app , client , get_message ):
9698 tf_authenticate (app , client , remember = True )
97- assert client .get_cookie ("tf_validity " )
99+ assert client .get_cookie ("tfv " )
98100
101+ # logout shouldn't delete cookie so we can log in again with just password
99102 logout (client )
100103
101104 data = dict (email = "gal@lp.com" , password = "password" )
102105 response = client .post ("/login" , data = data , follow_redirects = True )
103106 assert b"Welcome gal@lp.com" in response .data
104107 assert response .status_code == 200
105-
106108 logout (client )
109+
110+ # ensure the cookie is for a specific user
107111 data = dict (email = "gal2@lp.com" , password = "password" )
108112 response = client .post ("/login" , data = data , follow_redirects = True )
109113 assert b"Please enter your authentication code" in response .data
110114
111- # make sure the cookie doesn't affect the JSON request
112- client . delete_cookie ( "tf_validity" )
113- # Test JSON (this authenticates gal@lp.com)
115+ client . delete_cookie ( "tfv" )
116+
117+ # Same tests as above with JSON (this authenticates gal@lp.com)
114118 tf_authenticate (app , client , json = True , remember = True )
119+ assert client .get_cookie ("tfv" )
115120 logout (client )
116121
122+ # shouldn't require tf
117123 data = dict (email = "gal@lp.com" , password = "password" )
118124 response = client .post (
119125 "/login" ,
120126 json = data ,
121127 follow_redirects = True ,
122128 )
123129 assert response .status_code == 200
124- # verify logged in
125130 is_authenticated (client , get_message )
126131 logout (client )
127132
@@ -139,7 +144,10 @@ def test_always_validate(app, client, get_message):
139144
140145@pytest .mark .settings (two_factor_always_validate = False )
141146def test_do_not_remember_tf_validity (app , client ):
147+ # If 'remember' not set during login - no cookie should be sent
148+ # and tf should be required every time.
142149 tf_authenticate (app , client )
150+ assert not client .get_cookie ("tf_validity" )
143151 logout (client )
144152
145153 data = dict (email = "gal@lp.com" , password = "password" )
0 commit comments