overleaf/services/real-time/test/acceptance/js/SessionSocketsTests.js

141 lines
3.7 KiB
JavaScript
Raw Normal View History

const RealTimeClient = require('./helpers/RealTimeClient')
const FixturesManager = require('./helpers/FixturesManager')
const Settings = require('@overleaf/settings')
const signature = require('cookie-signature')
const { expect } = require('chai')
describe('SessionSockets', function () {
beforeEach(function (done) {
FixturesManager.setUpProject(
{
privilegeLevel: 'owner',
},
(err, options) => {
if (err) return done(err)
this.checkSocket = function (fn) {
RealTimeClient.connect(options.project_id, fn)
}
done()
}
)
})
describe('without cookies', function () {
beforeEach(function () {
RealTimeClient.cookie = null
})
it('should return a lookup error', function (done) {
this.checkSocket(error => {
expect(error).to.exist
expect(error.message).to.equal('invalid session')
done()
})
})
})
describe('with a different cookie', function () {
beforeEach(function () {
RealTimeClient.cookie = 'some.key=someValue'
})
it('should return a lookup error', function (done) {
this.checkSocket(error => {
expect(error).to.exist
expect(error.message).to.equal('invalid session')
done()
})
})
})
describe('with an invalid cookie', function () {
beforeEach(function (done) {
2021-07-13 07:04:45 -04:00
RealTimeClient.setSession({}, error => {
if (error) {
return done(error)
}
RealTimeClient.cookie = `${
Settings.cookieName
}=${RealTimeClient.cookie.slice(17, 49)}`
done()
})
})
it('should return a lookup error', function (done) {
this.checkSocket(error => {
expect(error).to.exist
expect(error.message).to.equal('invalid session')
done()
})
})
})
describe('with a valid cookie and no matching session', function () {
beforeEach(function () {
RealTimeClient.cookie = `${Settings.cookieName}=unknownId`
})
it('should return a lookup error', function (done) {
this.checkSocket(error => {
expect(error).to.exist
expect(error.message).to.equal('invalid session')
done()
})
})
})
describe('with a valid cookie and a matching session', function () {
it('should not return an error', function (done) {
this.checkSocket(error => {
expect(error).to.not.exist
done()
})
})
})
describe('with a cookie signed by the fallback key and a matching session', function () {
beforeEach(function () {
RealTimeClient.cookie =
RealTimeClient.cookieSignedWith.sessionSecretFallback
})
it('should not return an error', function (done) {
this.checkSocket(error => {
expect(error).to.not.exist
done()
})
})
})
describe('with a cookie signed by the upcoming key and a matching session', function () {
beforeEach(function () {
RealTimeClient.cookie =
RealTimeClient.cookieSignedWith.sessionSecretUpcoming
})
it('should not return an error', function (done) {
this.checkSocket(error => {
expect(error).to.not.exist
done()
})
})
})
describe('with a cookie signed with an unrecognized secret and a matching session', function () {
beforeEach(function () {
const [sessionKey] = RealTimeClient.cookie.split('.')
// sign the session key with a unrecognized secret
RealTimeClient.cookie = signature.sign(
sessionKey,
'unrecognised-session-secret'
)
})
it('should return a lookup error', function (done) {
this.checkSocket(error => {
expect(error).to.exist
expect(error.message).to.equal('invalid session')
done()
})
})
})
})