forgejo/models/auth/session_test.go
Gusted f3f888ed13
[GITEA] Fix session generation for database
- If the session doesn't exist, it shouldn't be expected that the
variable is non-nil. Define the session variable instead and insert that.
- Add unit tests to test the behavior of the database sessions code .
- Regression caused by dd30d9d5c0.
- Resolves https://codeberg.org/forgejo/forgejo/issues/2042

(cherry picked from commit 90307ad2004a9a9ddda30af4038224fedf0e6ca3)
(cherry picked from commit 874ef1978d7db5e8ba1482d4c8190b914fa110b3)
(cherry picked from commit 27d5f035fc744d932d1e4c95c55d98479fccf368)
(cherry picked from commit 65dbc4303ba8afdef70c573aaf782b76aaf0bbad)

[GITEA] Fix session generation for database (squash) timeutil.Mock

because of e743570f65 * Refactor timeutil package (#28623)

(cherry picked from commit acc6b51be2b6d676129f653a8949b2c06aa2ad94)
(cherry picked from commit 02b74317f2d8120a705599d6ae908634a1fa2b44)
(cherry picked from commit 63b9b624bd203b7b5eff7439dbc09eeb9bc52ade)
(cherry picked from commit 7752ff8baa525918e00193606048e3c2dd5a4999)
(cherry picked from commit c0af4d943854ce3a77eaa75c06b04394301f45c4)
2024-02-05 16:09:41 +01:00

143 lines
3.9 KiB
Go

// Copyright 2023 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package auth_test
import (
"testing"
"time"
"code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/db"
"code.gitea.io/gitea/models/unittest"
"code.gitea.io/gitea/modules/timeutil"
"github.com/stretchr/testify/assert"
)
func TestAuthSession(t *testing.T) {
assert.NoError(t, unittest.PrepareTestDatabase())
defer timeutil.MockUnset()
key := "I-Like-Free-Software"
t.Run("Create Session", func(t *testing.T) {
// Ensure it doesn't exist.
ok, err := auth.ExistSession(db.DefaultContext, key)
assert.NoError(t, err)
assert.False(t, ok)
preCount, err := auth.CountSessions(db.DefaultContext)
assert.NoError(t, err)
now := time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC)
timeutil.MockSet(now)
// New session is created.
sess, err := auth.ReadSession(db.DefaultContext, key)
assert.NoError(t, err)
assert.EqualValues(t, key, sess.Key)
assert.Empty(t, sess.Data)
assert.EqualValues(t, now.Unix(), sess.Expiry)
// Ensure it exists.
ok, err = auth.ExistSession(db.DefaultContext, key)
assert.NoError(t, err)
assert.True(t, ok)
// Ensure the session is taken into account for count..
postCount, err := auth.CountSessions(db.DefaultContext)
assert.NoError(t, err)
assert.Greater(t, postCount, preCount)
})
t.Run("Update session", func(t *testing.T) {
data := []byte{0xba, 0xdd, 0xc0, 0xde}
now := time.Date(2022, 1, 1, 0, 0, 0, 0, time.UTC)
timeutil.MockSet(now)
// Update session.
err := auth.UpdateSession(db.DefaultContext, key, data)
assert.NoError(t, err)
timeutil.MockSet(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC))
// Read updated session.
// Ensure data is updated and expiry is set from the update session call.
sess, err := auth.ReadSession(db.DefaultContext, key)
assert.NoError(t, err)
assert.EqualValues(t, key, sess.Key)
assert.EqualValues(t, data, sess.Data)
assert.EqualValues(t, now.Unix(), sess.Expiry)
timeutil.MockSet(now)
})
t.Run("Delete session", func(t *testing.T) {
// Ensure it't exist.
ok, err := auth.ExistSession(db.DefaultContext, key)
assert.NoError(t, err)
assert.True(t, ok)
preCount, err := auth.CountSessions(db.DefaultContext)
assert.NoError(t, err)
err = auth.DestroySession(db.DefaultContext, key)
assert.NoError(t, err)
// Ensure it doens't exists.
ok, err = auth.ExistSession(db.DefaultContext, key)
assert.NoError(t, err)
assert.False(t, ok)
// Ensure the session is taken into account for count..
postCount, err := auth.CountSessions(db.DefaultContext)
assert.NoError(t, err)
assert.Less(t, postCount, preCount)
})
t.Run("Cleanup sessions", func(t *testing.T) {
timeutil.MockSet(time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC))
_, err := auth.ReadSession(db.DefaultContext, "sess-1")
assert.NoError(t, err)
// One minute later.
timeutil.MockSet(time.Date(2023, 1, 1, 0, 1, 0, 0, time.UTC))
_, err = auth.ReadSession(db.DefaultContext, "sess-2")
assert.NoError(t, err)
// 5 minutes, shouldn't clean up anything.
err = auth.CleanupSessions(db.DefaultContext, 5*60)
assert.NoError(t, err)
ok, err := auth.ExistSession(db.DefaultContext, "sess-1")
assert.NoError(t, err)
assert.True(t, ok)
ok, err = auth.ExistSession(db.DefaultContext, "sess-2")
assert.NoError(t, err)
assert.True(t, ok)
// 1 minute, should clean up sess-1.
err = auth.CleanupSessions(db.DefaultContext, 60)
assert.NoError(t, err)
ok, err = auth.ExistSession(db.DefaultContext, "sess-1")
assert.NoError(t, err)
assert.False(t, ok)
ok, err = auth.ExistSession(db.DefaultContext, "sess-2")
assert.NoError(t, err)
assert.True(t, ok)
// Now, should clean up sess-2.
err = auth.CleanupSessions(db.DefaultContext, 0)
assert.NoError(t, err)
ok, err = auth.ExistSession(db.DefaultContext, "sess-2")
assert.NoError(t, err)
assert.False(t, ok)
})
}