Remove keys from session and inject Session class into Jinja (#1456)

* Closes #1362 * Reduces the session object to just an id, nonce, and security hash
2025-12-17 22:14:25 +01:00 · 2020-06-03 02:09:48 -04:00
parent 2a8d7ed349
commit 52c65ced55
7 changed files with 27 additions and 22 deletions
--- a/tests/challenges/test_dynamic.py
+++ b/tests/challenges/test_dynamic.py
@@ -212,9 +212,8 @@ def test_dynamic_challenge_loses_value_properly():
                # We need to bypass rate-limiting so creating a fake user instead of logging in
                with client.session_transaction() as sess:
                    sess["id"] = team_id
-                    sess["name"] = name
-                    sess["email"] = email
                    sess["nonce"] = "fake-nonce"
+                    sess["hash"] = "fake-hash"

                data = {"submission": "flag", "challenge_id": 1}

@@ -304,9 +303,8 @@ def test_dynamic_challenge_value_isnt_affected_by_hidden_users():
                # We need to bypass rate-limiting so creating a fake user instead of logging in
                with client.session_transaction() as sess:
                    sess["id"] = team_id
-                    sess["name"] = name
-                    sess["email"] = email
                    sess["nonce"] = "fake-nonce"
+                    sess["hash"] = "fake-hash"

                data = {"submission": "flag", "challenge_id": 1}