Fixed CSRF errors for stale sessions by increasing the session expiration time for desktop mode. Fixes #6369

2024-11-25 10:10:19 -06:00 · 2021-07-15 17:49:42 +05:30 · 2021-07-15 17:49:42 +05:30 · b0727cc532
commit b0727cc532
parent 9e8af67202
3 changed files with 54 additions and 0 deletions
--- a/docs/en_US/release_notes_5_6.rst
+++ b/docs/en_US/release_notes_5_6.rst
@ -17,4 +17,5 @@ Housekeeping
 Bug fixes
 *********

+| `Issue #6369 <https://redmine.postgresql.org/issues/6369>`_ -  Fixed CSRF errors for stale sessions by increasing the session expiration time for desktop mode.
 | `Issue #6580 <https://redmine.postgresql.org/issues/6580>`_ -  Fixed TypeError 'NoneType' object is not sub scriptable.
--- a/web/config.py
+++ b/web/config.py
@ -513,6 +513,10 @@ SESSION_SKIP_PATHS = [
 # expire after the specified number of *days*.
 SESSION_EXPIRATION_TIME = 1

+# Make SESSION_EXPIRATION_TIME to 1 week in DESKTOP mode
+if not SERVER_MODE:
+    SESSION_EXPIRATION_TIME = 7
+
 # CHECK_SESSION_FILES_INTERVAL is interval in Hours. Application will check
 # the session files for cleanup after specified number of *hours*.
 CHECK_SESSION_FILES_INTERVAL = 24
--- a/web/pgadmin/browser/tests/test_set_session_expiration_time.py
+++ b/web/pgadmin/browser/tests/test_set_session_expiration_time.py
@ -0,0 +1,49 @@
+##########################################################################
+#
+# pgAdmin 4 - PostgreSQL Tools
+#
+# Copyright (C) 2013 - 2021, The pgAdmin Development Team
+# This software is released under the PostgreSQL Licence
+#
+##########################################################################
+
+from pgadmin.utils.route import BaseTestGenerator
+import config
+
+
+class SetSessionExpirationTimeTestCase(BaseTestGenerator):
+    """
+    This class verifies whether session expire time has been appropriately
+    set to desktop & server mode respectively.
+    """
+    SESSION_EXP_TIME_DESKTOP = 7
+    SESSION_EXP_TIME_SERVER = 1
+
+    scenarios = [
+        (
+            'TestCase for verifying session expire time is set to {0} days for '
+            'desktop mode'.format(SESSION_EXP_TIME_DESKTOP),
+            dict(
+                session_expiration_time=SESSION_EXP_TIME_DESKTOP,
+                is_desktop_mode=True
+            )),
+        (
+            'TestCase for verifying session expire time is set to {0} day for '
+            'server mode'.format(SESSION_EXP_TIME_SERVER),
+            dict(
+                session_expiration_time=SESSION_EXP_TIME_SERVER,
+                is_desktop_mode=False
+            )),
+    ]
+
+    def runTest(self):
+
+        if config.SERVER_MODE and not self.is_desktop_mode or \
+                not config.SERVER_MODE and self.is_desktop_mode:
+            self.assertEqual(
+                self.session_expiration_time, config.SESSION_EXPIRATION_TIME)
+        else:
+            self.skipTest(
+                'Not recommended to run in {0}'.format(
+                    'Server Mode' if config.SERVER_MODE is True
+                    else 'Desktop Mode'))