Coverage for src/local_deep_research/web/auth/session

1"""

2Session cleanup middleware to handle stale sessions.

3"""

5from flask import session

6from loguru import logger

8from ...database.encrypted_db import db_manager

9from .middleware_optimizer import should_skip_session_cleanup

12def cleanup_stale_sessions():

13 """

14 Clean up stale sessions where user is authenticated but has no database connection.

15 This runs as a before_request handler.

16 """

17 # Only run cleanup occasionally, not on every request

18 if should_skip_session_cleanup():

19 return

21 username = session.get("username")

22 if username and not db_manager.connections.get(username): 22 ↛ 24line 22 didn't jump to line 24 because the condition on line 22 was never true

23 # Check if we have any way to recover the session

24 temp_auth_token = session.get("temp_auth_token")

25 session_id = session.get("session_id")

27 # If we have no recovery mechanism and the database is encrypted,

28 # clear the session to force re-login

29 if not temp_auth_token and db_manager.has_encryption:

30 # Check if we have a session password stored

31 if session_id:

32 from ...database.session_passwords import session_password_store

34 password = session_password_store.get_session_password(

35 username, session_id

37 if not password:

38 # No way to recover - clear the session

39 logger.info(

40 f"Clearing stale session for user {username} - no database connection available"

42 session.clear()

43 else:

44 # No session ID, can't recover

45 logger.info(

46 f"Clearing stale session for user {username} - no recovery mechanism available"

48 session.clear()

Coverage for src / local_deep_research / web / auth / session_cleanup.py: 40%