Unverified Commit 6f0711ad authored by Marius van den Beek's avatar Marius van den Beek Committed by GitHub
Browse files

Merge pull request #17657 from mvdbeek/limit_new_anon_histories 

[23.2] Limit new anon histories
parents 27feb740 c5839eec

lib/galaxy/webapps/base/webapp.py

+28 −27
Original line number Diff line number Diff line
@@ -650,11 +650,11 @@ class GalaxyWebTransaction(base.DefaultWebTransaction, context.ProvidesHistoryCo 
            galaxy_session = self.__create_new_session(prev_galaxy_session, user_for_new_session)

            galaxy_session_requires_flush = True

            self.galaxy_session = galaxy_session

            if self.webapp.name == "galaxy":

                self.get_or_create_default_history()

            self.__update_session_cookie(name=session_cookie)

        else:

            self.galaxy_session = galaxy_session

            if self.webapp.name == "galaxy":

                self.get_or_create_default_history()

        # Do we need to flush the session?

        if galaxy_session_requires_flush:

            self.sa_session.add(galaxy_session)
@@ -799,10 +799,10 @@ class GalaxyWebTransaction(base.DefaultWebTransaction, context.ProvidesHistoryCo 
            and not users_last_session.current_history.deleted

        ):

            history = users_last_session.current_history

        elif not history:

            history = self.get_history(create=True, most_recent=True)

        if history not in self.galaxy_session.histories:

            self.galaxy_session.add_history(history)

        if not history:

            history = self.new_history()

        if history.user is None:

            history.user = user

        self.galaxy_session.current_history = history
@@ -912,16 +912,17 @@ class GalaxyWebTransaction(base.DefaultWebTransaction, context.ProvidesHistoryCo 
        Gets or creates a default history and associates it with the current

        session.

        """

        history = self.galaxy_session.current_history

        if history and not history.deleted:

            return history



        # There must be a user to fetch a default history.

        if not self.galaxy_session.user:

            return self.new_history()



        user = self.galaxy_session.user

        if user:

            # Look for default history that (a) has default name + is not deleted and

            # (b) has no datasets. If suitable history found, use it; otherwise, create

            # new history.

            stmt = select(self.app.model.History).filter_by(

            user=self.galaxy_session.user, name=self.app.model.History.default_name, deleted=False

                user=user, name=self.app.model.History.default_name, deleted=False

            )

            unnamed_histories = self.sa_session.scalars(stmt)

            default_history = None

lib/galaxy_test/api/test_authenticate.py

+22 −0
Original line number Diff line number Diff line
@@ -53,3 +53,25 @@ class TestAuthenticateApi(ApiTestCase): 
        current_history_json_response.raise_for_status()

        current_history = current_history_json_response.json()

        assert current_history["contents_active"]["active"] == 1



    def test_anon_history_creation(self):

        # First request:

        # We don't create any histories, just return a session cookie

        response = get(self.url)

        cookie = {"galaxysession": response.cookies["galaxysession"]}

        # Check that we don't have any histories (API doesn't auto-create new histories)

        histories_response = get(

            urljoin(

                self.url,

                "api/histories",

            )

        )

        assert not histories_response.json()

        # Second request, we know client follows conventions by including cookies,

        # default history is created.

        get(self.url, cookies=cookie)

        second_histories_response = get(

            urljoin(self.url, "history/current_history_json"),

            cookies=cookie,

        )

        assert second_histories_response.json()