f3f888ed13
- If the session doesn't exist, it shouldn't be expected that the variable is non-nil. Define the session variable instead and insert that. - Add unit tests to test the behavior of the database sessions code . - Regression caused bydd30d9d5c0. - Resolves https://codeberg.org/forgejo/forgejo/issues/2042 (cherry picked from commit 90307ad2004a9a9ddda30af4038224fedf0e6ca3) (cherry picked from commit 874ef1978d7db5e8ba1482d4c8190b914fa110b3) (cherry picked from commit 27d5f035fc744d932d1e4c95c55d98479fccf368) (cherry picked from commit 65dbc4303ba8afdef70c573aaf782b76aaf0bbad) [GITEA] Fix session generation for database (squash) timeutil.Mock because ofe743570f65* Refactor timeutil package (#28623) (cherry picked from commit acc6b51be2b6d676129f653a8949b2c06aa2ad94) (cherry picked from commit 02b74317f2d8120a705599d6ae908634a1fa2b44) (cherry picked from commit 63b9b624bd203b7b5eff7439dbc09eeb9bc52ade) (cherry picked from commit 7752ff8baa525918e00193606048e3c2dd5a4999) (cherry picked from commit c0af4d943854ce3a77eaa75c06b04394301f45c4)
142 lines
3.9 KiB
Go
142 lines
3.9 KiB
Go
// Copyright 2023 The Forgejo Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package auth_test
|
|
|
|
import (
|
|
"testing"
|
|
"time"
|
|
|
|
"code.gitea.io/gitea/models/auth"
|
|
"code.gitea.io/gitea/models/db"
|
|
"code.gitea.io/gitea/models/unittest"
|
|
"code.gitea.io/gitea/modules/timeutil"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestAuthSession(t *testing.T) {
|
|
assert.NoError(t, unittest.PrepareTestDatabase())
|
|
defer timeutil.MockUnset()
|
|
|
|
key := "I-Like-Free-Software"
|
|
|
|
t.Run("Create Session", func(t *testing.T) {
|
|
// Ensure it doesn't exist.
|
|
ok, err := auth.ExistSession(db.DefaultContext, key)
|
|
assert.NoError(t, err)
|
|
assert.False(t, ok)
|
|
|
|
preCount, err := auth.CountSessions(db.DefaultContext)
|
|
assert.NoError(t, err)
|
|
|
|
now := time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC)
|
|
timeutil.MockSet(now)
|
|
|
|
// New session is created.
|
|
sess, err := auth.ReadSession(db.DefaultContext, key)
|
|
assert.NoError(t, err)
|
|
assert.EqualValues(t, key, sess.Key)
|
|
assert.Empty(t, sess.Data)
|
|
assert.EqualValues(t, now.Unix(), sess.Expiry)
|
|
|
|
// Ensure it exists.
|
|
ok, err = auth.ExistSession(db.DefaultContext, key)
|
|
assert.NoError(t, err)
|
|
assert.True(t, ok)
|
|
|
|
// Ensure the session is taken into account for count..
|
|
postCount, err := auth.CountSessions(db.DefaultContext)
|
|
assert.NoError(t, err)
|
|
assert.Greater(t, postCount, preCount)
|
|
})
|
|
|
|
t.Run("Update session", func(t *testing.T) {
|
|
data := []byte{0xba, 0xdd, 0xc0, 0xde}
|
|
now := time.Date(2022, 1, 1, 0, 0, 0, 0, time.UTC)
|
|
timeutil.MockSet(now)
|
|
|
|
// Update session.
|
|
err := auth.UpdateSession(db.DefaultContext, key, data)
|
|
assert.NoError(t, err)
|
|
|
|
timeutil.MockSet(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC))
|
|
|
|
// Read updated session.
|
|
// Ensure data is updated and expiry is set from the update session call.
|
|
sess, err := auth.ReadSession(db.DefaultContext, key)
|
|
assert.NoError(t, err)
|
|
assert.EqualValues(t, key, sess.Key)
|
|
assert.EqualValues(t, data, sess.Data)
|
|
assert.EqualValues(t, now.Unix(), sess.Expiry)
|
|
|
|
timeutil.MockSet(now)
|
|
})
|
|
|
|
t.Run("Delete session", func(t *testing.T) {
|
|
// Ensure it't exist.
|
|
ok, err := auth.ExistSession(db.DefaultContext, key)
|
|
assert.NoError(t, err)
|
|
assert.True(t, ok)
|
|
|
|
preCount, err := auth.CountSessions(db.DefaultContext)
|
|
assert.NoError(t, err)
|
|
|
|
err = auth.DestroySession(db.DefaultContext, key)
|
|
assert.NoError(t, err)
|
|
|
|
// Ensure it doens't exists.
|
|
ok, err = auth.ExistSession(db.DefaultContext, key)
|
|
assert.NoError(t, err)
|
|
assert.False(t, ok)
|
|
|
|
// Ensure the session is taken into account for count..
|
|
postCount, err := auth.CountSessions(db.DefaultContext)
|
|
assert.NoError(t, err)
|
|
assert.Less(t, postCount, preCount)
|
|
})
|
|
|
|
t.Run("Cleanup sessions", func(t *testing.T) {
|
|
timeutil.MockSet(time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC))
|
|
|
|
_, err := auth.ReadSession(db.DefaultContext, "sess-1")
|
|
assert.NoError(t, err)
|
|
|
|
// One minute later.
|
|
timeutil.MockSet(time.Date(2023, 1, 1, 0, 1, 0, 0, time.UTC))
|
|
_, err = auth.ReadSession(db.DefaultContext, "sess-2")
|
|
assert.NoError(t, err)
|
|
|
|
// 5 minutes, shouldn't clean up anything.
|
|
err = auth.CleanupSessions(db.DefaultContext, 5*60)
|
|
assert.NoError(t, err)
|
|
|
|
ok, err := auth.ExistSession(db.DefaultContext, "sess-1")
|
|
assert.NoError(t, err)
|
|
assert.True(t, ok)
|
|
|
|
ok, err = auth.ExistSession(db.DefaultContext, "sess-2")
|
|
assert.NoError(t, err)
|
|
assert.True(t, ok)
|
|
|
|
// 1 minute, should clean up sess-1.
|
|
err = auth.CleanupSessions(db.DefaultContext, 60)
|
|
assert.NoError(t, err)
|
|
|
|
ok, err = auth.ExistSession(db.DefaultContext, "sess-1")
|
|
assert.NoError(t, err)
|
|
assert.False(t, ok)
|
|
|
|
ok, err = auth.ExistSession(db.DefaultContext, "sess-2")
|
|
assert.NoError(t, err)
|
|
assert.True(t, ok)
|
|
|
|
// Now, should clean up sess-2.
|
|
err = auth.CleanupSessions(db.DefaultContext, 0)
|
|
assert.NoError(t, err)
|
|
|
|
ok, err = auth.ExistSession(db.DefaultContext, "sess-2")
|
|
assert.NoError(t, err)
|
|
assert.False(t, ok)
|
|
})
|
|
}
|