FIX: Do not allow new session if one exists

Author: mferrera

src/fmu_settings_api/deps.py

@@ -67,7 +67,9 @@ async def ensure_user_fmu_directory() -> UserFMUDirectory:
 UserFMUDirDep = Annotated[UserFMUDirectory, Depends(ensure_user_fmu_directory)]
 
 
-async def get_session(fmu_settings_session: str | None = Cookie(None)) -> Session:
+async def get_session(
+    fmu_settings_session: Annotated[str | None, Cookie()] = None,
+) -> Session:
     """Gets a session from the session manager."""
     if not fmu_settings_session:
         raise HTTPException(

src/fmu_settings_api/v1/main.py

@@ -2,8 +2,9 @@
 
 import contextlib
 from pathlib import Path
+from typing import Annotated
 
-from fastapi import APIRouter, Depends, HTTPException, Response
+from fastapi import APIRouter, Cookie, Depends, HTTPException, Response
 from fmu.settings import find_nearest_fmu_directory
 from fmu.settings.models.user_config import UserConfig
 
@@ -40,16 +41,22 @@ async def v1_health_check() -> dict[str, str]:
     dependencies=[Depends(verify_auth_token)],
 )
 async def create_session(
-    response: Response, auth_token: AuthTokenDep, user_fmu_dir: UserFMUDirDep
+    response: Response,
+    auth_token: AuthTokenDep,
+    user_fmu_dir: UserFMUDirDep,
+    fmu_settings_session: Annotated[str | None, Cookie()] = None,
 ) -> SessionResponse:
     """Establishes a user session."""
+    if fmu_settings_session:
+        raise HTTPException(status_code=409, detail="A session already exists")
+
     try:
         session_id = await create_fmu_session(user_fmu_dir)
         response.set_cookie(
             key=settings.SESSION_COOKIE_KEY,
             value=session_id,
             httponly=True,
-            secure=True,
+            secure=False,
             samesite="lax",
         )
         config_dict = user_fmu_dir.config.load().model_dump()

tests/test_v1/test_create_session.py

@@ -204,3 +204,28 @@ async def test_get_session_from_project_path_returns_fmu_project(
 
     assert session.project_fmu_directory.path == project_fmu_dir.path
     assert session.project_fmu_directory.config.load() == project_fmu_dir.config.load()
+
+
+async def test_getting_two_sessions_returns_error(
+    tmp_path_mocked_home: Path,
+    mock_token: str,
+    session_manager: SessionManager,
+) -> None:
+    """Tests that user .fmu is created when a session is created."""
+    user_home = tmp_path_mocked_home / "home"
+    response = client.post(ROUTE, headers={settings.TOKEN_HEADER_NAME: mock_token})
+    assert response.status_code == status.HTTP_200_OK, response.json()
+
+    user_fmu_dir = UserFMUDirectory()
+    assert user_fmu_dir.path == user_home / ".fmu"
+
+    session_id = response.cookies.get(settings.SESSION_COOKIE_KEY)
+    assert session_id is not None
+    session = await session_manager.get_session(session_id)
+    assert session is not None
+    assert isinstance(session, Session)
+    assert session.user_fmu_directory.path == user_fmu_dir.path
+
+    response = client.post(ROUTE, headers={settings.TOKEN_HEADER_NAME: mock_token})
+    assert response.status_code == status.HTTP_409_CONFLICT, response.json()
+    assert response.json()["detail"] == "A session already exists"