cronekorkn/left4me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
left4me/l4d2web/tests
History
mwiegand e75f379dcb
auth: reject sessions older than user.password_changed_at 
load_current_user now treats a session whose pw_changed_at marker
is missing, malformed, or older than the user's current
password_changed_at as logged-out. Same shape as the existing
user.active check.

Forced fan-out updates to every test fixture that forges a session
via session_transaction(): each now stamps a current pw_changed_at
marker. test_deactivated_user_existing_session_invalidated keeps
its meaning — the deactivation still flips the user to inactive,
and load_current_user rejects the session via the user.active
branch before reaching the freshness branch.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-11 21:54:13 +02:00
..
test_admin_users.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00
test_alembic_migrations.py feat(l4d2-web): script overlay schema — add overlay.script + last_build_status, drop globals tables 2026-05-08 15:33:04 +02:00
test_auth.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00
test_blueprints.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00
test_config.py config: allow SESSION_COOKIE_SECURE override and disable on test deploy 2026-05-07 00:56:48 +02:00
test_health.py security: harden boundary inputs and production defaults 2026-05-07 00:53:33 +02:00
test_host_commands.py fix(l4d2-web): keep SSE log stream from pinning gunicorn threads 2026-05-08 11:18:56 +02:00
test_job_logs.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00
test_job_worker.py job_worker: don't duplicate streamed stderr on HostCommandError 2026-05-10 22:52:54 +02:00
test_l4d2_facade.py feat(l4d2-web): per-overlay server.cfg aliases — expose checkbox + auto-exec 2026-05-09 01:26:31 +02:00
test_models.py models: add User.password_changed_at 2026-05-11 21:43:25 +02:00
test_overlay_builders.py feat(files-overlay): user-managed file content as a third overlay type 2026-05-09 18:59:32 +02:00
test_overlay_creation.py feat(l4d2-web): overlay path helpers and creation 2026-05-07 16:38:39 +02:00
test_overlay_files.py feat(files-overlay): user-managed file content as a third overlay type 2026-05-09 18:59:32 +02:00
test_overlay_files_routes.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00
test_overlays.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00
test_pages.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00
test_rate_limit.py rate-limit: extract generic helper, reuse from login 2026-05-11 21:45:51 +02:00
test_script_overlay_routes.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00
test_security.py chore(l4d2): flatten component layout 2026-05-05 23:47:06 +02:00
test_seed_script_overlays.py feat(l4d2-web): seed example script overlays from examples/script-overlays/ 2026-05-08 18:41:08 +02:00
test_servers.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00
test_status_and_server_logs.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00
test_steam_workshop.py feat(l4d2-web): steam workshop API client and downloader 2026-05-07 16:37:39 +02:00
test_workshop_overlay_models.py feat(l4d2-web): script overlay schema — add overlay.script + last_build_status, drop globals tables 2026-05-08 15:33:04 +02:00
test_workshop_paths.py feat(l4d2-web): overlay path helpers and creation 2026-05-07 16:38:39 +02:00
test_workshop_routes.py auth: reject sessions older than user.password_changed_at 2026-05-11 21:54:13 +02:00