Allow for SiteConfiguration override of SESSION_COOKIE_DOMAIN setting in Studio

65f04205 · Douglas Hall · 6de2535e · 65f04205 · 65f04205
Commit 65f04205 authored Dec 18, 2016 by Douglas Hall
Hide whitespace changes
Inline Side-by-side

Showing with 35 additions and 2 deletions

cms/envs/common.py
+3 -0

openedx/core/djangoapps/site_configuration/tests/test_middleware.py
+32 -2

No files found.
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -389,6 +389,9 @@ MIDDLEWARE_CLASSES = (

    # use Django built in clickjacking protection
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+
+    # This must be last so that it runs first in the process_response chain
+    'openedx.core.djangoapps.site_configuration.middleware.SessionCookieDomainOverrideMiddleware',
 )

 # Clickjacking protection can be enabled by setting this to 'DENY'

--- a/openedx/core/djangoapps/site_configuration/tests/test_middleware.py
+++ b/openedx/core/djangoapps/site_configuration/tests/test_middleware.py
@@ -7,6 +7,7 @@ import unittest
 from mock import patch

 from django.conf import settings
+from django.test import TestCase
 from django.test.client import Client
 from django.test.utils import override_settings

@@ -29,13 +30,13 @@ from openedx.core.djangoapps.site_configuration.tests.factories import SiteConfi
 @ddt.ddt
 @override_settings(SESSION_SAVE_EVERY_REQUEST=True)
 @unittest.skipUnless(settings.ROOT_URLCONF == 'lms.urls', 'Test only valid in lms')
-class SessionCookieDomainOverrideTests(DatabaseMicrositeTestCase):
+class SessionCookieDomainMicrositeOverrideTests(DatabaseMicrositeTestCase):
    """
    Tests regarding the session cookie management in the middlware for Microsites
    """

    def setUp(self):
-        super(SessionCookieDomainOverrideTests, self).setUp()
+        super(SessionCookieDomainMicrositeOverrideTests, self).setUp()
        # Create a test client, and log it in so that it will save some session
        # data.
        self.user = UserFactory.create()
@@ -91,6 +92,35 @@ class SessionCookieDomainOverrideTests(DatabaseMicrositeTestCase):
                self.assertNotIn('test_site.localhost', str(response.cookies['sessionid']))
                self.assertNotIn('Domain', str(response.cookies['sessionid']))

+
+# NOTE: We set SESSION_SAVE_EVERY_REQUEST to True in order to make sure
+# Sessions are always started on every request
+# pylint: disable=no-member, protected-access
+@override_settings(SESSION_SAVE_EVERY_REQUEST=True)
+class SessionCookieDomainSiteConfigurationOverrideTests(TestCase):
+    """
+    Tests regarding the session cookie management in the middlware for Microsites
+    """
+
+    def setUp(self):
+        super(SessionCookieDomainSiteConfigurationOverrideTests, self).setUp()
+        # Create a test client, and log it in so that it will save some session data.
+        self.user = UserFactory.create()
+        self.user.set_password('password')
+        self.user.save()
+        self.site = SiteFactory.create(
+            domain='testserver.fake',
+            name='testserver.fake'
+        )
+        self.site_configuration = SiteConfigurationFactory.create(
+            site=self.site,
+            values={
+                "SESSION_COOKIE_DOMAIN": self.site.domain,
+            }
+        )
+        self.client = Client()
+        self.client.login(username=self.user.username, password="password")
+
    def test_session_cookie_domain_with_site_configuration_override(self):
        """
        Makes sure that the cookie being set is for the overridden domain