From 0f65e98566727148a37abf803aae0f2a3fe09988 Mon Sep 17 00:00:00 2001 From: Shane Kilkelly Date: Mon, 10 Oct 2016 10:55:45 +0100 Subject: [PATCH] add acceptance test for clearing sessions --- .../acceptance/coffee/SessionTests.coffee | 112 ++++++++++++++++++ 1 file changed, 112 insertions(+) diff --git a/services/web/test/acceptance/coffee/SessionTests.coffee b/services/web/test/acceptance/coffee/SessionTests.coffee index cff5b66406..56783b5b85 100644 --- a/services/web/test/acceptance/coffee/SessionTests.coffee +++ b/services/web/test/acceptance/coffee/SessionTests.coffee @@ -251,3 +251,115 @@ describe "Sessions", -> throw err done() ) + + describe 'three sessions, sessions page', -> + + before -> + # set up second session for this user + @user2 = new User() + @user2.email = @user1.email + @user2.password = @user1.password + @user3 = new User() + @user3.email = @user1.email + @user3.password = @user1.password + + + it "should allow the user to erase the other two sessions", (done) -> + async.series( + [ + (next) => + redis.clearUserSessions @user1, next + + # login, should add session to set + , (next) => + @user1.login (err) -> + next(err) + + , (next) => + redis.getUserSessions @user1, (err, sessions) => + expect(sessions.length).to.equal 1 + expect(sessions[0].slice(0, 5)).to.equal 'sess:' + next() + + # login again, should add the second session to set + , (next) => + @user2.login (err) -> + next(err) + + , (next) => + redis.getUserSessions @user1, (err, sessions) => + expect(sessions.length).to.equal 2 + expect(sessions[0].slice(0, 5)).to.equal 'sess:' + expect(sessions[1].slice(0, 5)).to.equal 'sess:' + next() + + # login third session, should add the second session to set + , (next) => + @user3.login (err) -> + next(err) + + , (next) => + redis.getUserSessions @user1, (err, sessions) => + expect(sessions.length).to.equal 3 + expect(sessions[0].slice(0, 5)).to.equal 'sess:' + expect(sessions[1].slice(0, 5)).to.equal 'sess:' + next() + + # check the sessions page + , (next) => + @user2.request.get { + uri: '/user/sessions' + }, (err, response, body) => + expect(err).to.be.oneOf [null, undefined] + expect(response.statusCode).to.equal 200 + next() + + # clear sessions from second session, should erase two of the three sessions + , (next) => + @user2.getCsrfToken (err) => + expect(err).to.be.oneOf [null, undefined] + @user2.request.post { + uri: '/user/sessions/clear' + }, (err) -> + next(err) + + , (next) => + redis.getUserSessions @user2, (err, sessions) => + expect(sessions.length).to.equal 1 + next() + + # users one and three should not be able to access settings page + , (next) => + @user1.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 302 + next() + + , (next) => + @user3.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 302 + next() + + # user two should still be logged in, and able to access settings page + , (next) => + @user2.getUserSettingsPage (err, statusCode) => + expect(err).to.equal null + expect(statusCode).to.equal 200 + next() + + # logout second session, should remove last session from set + , (next) => + @user2.logout (err) -> + next(err) + + , (next) => + redis.getUserSessions @user1, (err, sessions) => + expect(sessions.length).to.equal 0 + next() + + ], (err, result) => + if err + throw err + done() + )