2019-05-29 05:21:06 -04:00
|
|
|
const { expect } = require('chai')
|
|
|
|
const async = require('async')
|
|
|
|
const User = require('./helpers/User')
|
|
|
|
const redis = require('./helpers/redis')
|
|
|
|
|
|
|
|
describe('Sessions', function() {
|
2019-08-06 08:20:31 -04:00
|
|
|
beforeEach(function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.timeout(20000)
|
|
|
|
this.user1 = new User()
|
|
|
|
this.site_admin = new User({ email: 'admin@example.com' })
|
2020-07-27 10:33:57 -04:00
|
|
|
async.series(
|
2019-05-29 05:21:06 -04:00
|
|
|
[cb => this.user1.login(cb), cb => this.user1.logout(cb)],
|
|
|
|
done
|
|
|
|
)
|
|
|
|
})
|
|
|
|
|
2019-08-07 10:04:04 -04:00
|
|
|
describe('one session', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
it('should have one session in UserSessions set', function(done) {
|
2020-07-27 10:33:57 -04:00
|
|
|
async.series(
|
2019-05-29 05:21:06 -04:00
|
|
|
[
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.clearUserSessions(this.user1, next)
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
// login, should add session to set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.login(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(1)
|
|
|
|
expect(sessions[0].slice(0, 5)).to.equal('sess:')
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// should be able to access project list page
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(200)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// logout, should remove session from set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.logout(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(0)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
}
|
|
|
|
],
|
|
|
|
(err, result) => {
|
|
|
|
if (err) {
|
|
|
|
throw err
|
|
|
|
}
|
2020-07-27 10:33:57 -04:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
)
|
2019-08-07 10:04:04 -04:00
|
|
|
})
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
|
|
|
|
describe('two sessions', function() {
|
2019-08-06 08:20:31 -04:00
|
|
|
beforeEach(function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
// set up second session for this user
|
|
|
|
this.user2 = new User()
|
|
|
|
this.user2.email = this.user1.email
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.password = this.user1.password
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should have two sessions in UserSessions set', function(done) {
|
2020-07-27 10:33:57 -04:00
|
|
|
async.series(
|
2019-05-29 05:21:06 -04:00
|
|
|
[
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.clearUserSessions(this.user1, next)
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
// login, should add session to set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.login(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(1)
|
|
|
|
expect(sessions[0].slice(0, 5)).to.equal('sess:')
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// login again, should add the second session to set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.login(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(2)
|
|
|
|
expect(sessions[0].slice(0, 5)).to.equal('sess:')
|
|
|
|
expect(sessions[1].slice(0, 5)).to.equal('sess:')
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// both should be able to access project list page
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(200)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(200)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// logout first session, should remove session from set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.logout(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(1)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// first session should not have access to project list page
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(302)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// second session should still have access to settings
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(200)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// logout second session, should remove last session from set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.logout(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(0)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// second session should not have access to project list page
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(302)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
}
|
|
|
|
],
|
|
|
|
(err, result) => {
|
|
|
|
if (err) {
|
|
|
|
throw err
|
|
|
|
}
|
2020-07-27 10:33:57 -04:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('three sessions, password reset', function() {
|
2019-08-06 08:20:31 -04:00
|
|
|
beforeEach(function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
// set up second session for this user
|
|
|
|
this.user2 = new User()
|
|
|
|
this.user2.email = this.user1.email
|
|
|
|
this.user2.password = this.user1.password
|
|
|
|
this.user3 = new User()
|
|
|
|
this.user3.email = this.user1.email
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user3.password = this.user1.password
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should erase both sessions when password is reset', function(done) {
|
2020-07-27 10:33:57 -04:00
|
|
|
async.series(
|
2019-05-29 05:21:06 -04:00
|
|
|
[
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.clearUserSessions(this.user1, next)
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
// login, should add session to set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.login(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(1)
|
|
|
|
expect(sessions[0].slice(0, 5)).to.equal('sess:')
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// login again, should add the second session to set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.login(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(2)
|
|
|
|
expect(sessions[0].slice(0, 5)).to.equal('sess:')
|
|
|
|
expect(sessions[1].slice(0, 5)).to.equal('sess:')
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// login third session, should add the second session to set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user3.login(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(3)
|
|
|
|
expect(sessions[0].slice(0, 5)).to.equal('sess:')
|
|
|
|
expect(sessions[1].slice(0, 5)).to.equal('sess:')
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// password reset from second session, should erase two of the three sessions
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.changePassword(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user2, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(1)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// users one and three should not be able to access project list page
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(302)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user3.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(302)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// user two should still be logged in, and able to access project list page
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(200)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// logout second session, should remove last session from set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.logout(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(0)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
}
|
|
|
|
],
|
|
|
|
(err, result) => {
|
|
|
|
if (err) {
|
|
|
|
throw err
|
|
|
|
}
|
2020-07-27 10:33:57 -04:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
describe('three sessions, sessions page', function() {
|
2019-08-06 08:20:31 -04:00
|
|
|
beforeEach(function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
// set up second session for this user
|
|
|
|
this.user2 = new User()
|
|
|
|
this.user2.email = this.user1.email
|
|
|
|
this.user2.password = this.user1.password
|
|
|
|
this.user3 = new User()
|
|
|
|
this.user3.email = this.user1.email
|
|
|
|
this.user3.password = this.user1.password
|
2020-07-27 10:33:57 -04:00
|
|
|
async.series(
|
2019-05-29 05:21:06 -04:00
|
|
|
[
|
|
|
|
this.user2.login.bind(this.user2),
|
|
|
|
this.user2.activateSudoMode.bind(this.user2)
|
|
|
|
],
|
|
|
|
done
|
|
|
|
)
|
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should allow the user to erase the other two sessions', function(done) {
|
2020-07-27 10:33:57 -04:00
|
|
|
async.series(
|
2019-05-29 05:21:06 -04:00
|
|
|
[
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.clearUserSessions(this.user1, next)
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
// login, should add session to set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.login(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(1)
|
|
|
|
expect(sessions[0].slice(0, 5)).to.equal('sess:')
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// login again, should add the second session to set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.login(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(2)
|
|
|
|
expect(sessions[0].slice(0, 5)).to.equal('sess:')
|
|
|
|
expect(sessions[1].slice(0, 5)).to.equal('sess:')
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// login third session, should add the second session to set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user3.login(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(3)
|
|
|
|
expect(sessions[0].slice(0, 5)).to.equal('sess:')
|
|
|
|
expect(sessions[1].slice(0, 5)).to.equal('sess:')
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// enter sudo-mode
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.getCsrfToken(err => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.be.oneOf([null, undefined])
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.request.post(
|
2019-05-29 05:21:06 -04:00
|
|
|
{
|
|
|
|
uri: '/confirm-password',
|
|
|
|
json: {
|
|
|
|
password: this.user2.password
|
|
|
|
}
|
|
|
|
},
|
|
|
|
(err, response, body) => {
|
|
|
|
expect(err).to.be.oneOf([null, undefined])
|
|
|
|
expect(response.statusCode).to.equal(200)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
)
|
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// check the sessions page
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.request.get(
|
2019-05-29 05:21:06 -04:00
|
|
|
{
|
|
|
|
uri: '/user/sessions'
|
|
|
|
},
|
|
|
|
(err, response, body) => {
|
|
|
|
expect(err).to.be.oneOf([null, undefined])
|
|
|
|
expect(response.statusCode).to.equal(200)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
)
|
|
|
|
},
|
|
|
|
|
|
|
|
// clear sessions from second session, should erase two of the three sessions
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.getCsrfToken(err => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.be.oneOf([null, undefined])
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.request.post(
|
2019-05-29 05:21:06 -04:00
|
|
|
{
|
|
|
|
uri: '/user/sessions/clear'
|
|
|
|
},
|
|
|
|
err => next(err)
|
|
|
|
)
|
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user2, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(1)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// users one and three should not be able to access project list page
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user1.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(302)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user3.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(302)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// user two should still be logged in, and able to access project list page
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.getProjectListPage((err, statusCode) => {
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(err).to.equal(null)
|
|
|
|
expect(statusCode).to.equal(200)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// logout second session, should remove last session from set
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
this.user2.logout(err => next(err))
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
|
|
|
|
next => {
|
2020-07-27 10:33:57 -04:00
|
|
|
redis.getUserSessions(this.user1, (err, sessions) => {
|
|
|
|
expect(err).to.not.exist
|
2019-05-29 05:21:06 -04:00
|
|
|
expect(sessions.length).to.equal(0)
|
2020-07-27 10:33:57 -04:00
|
|
|
next()
|
|
|
|
})
|
|
|
|
},
|
|
|
|
|
|
|
|
// the user audit log should have been updated
|
|
|
|
next => {
|
|
|
|
this.user1.get((error, user) => {
|
|
|
|
expect(error).not.to.exist
|
|
|
|
expect(user.auditLog).to.exist
|
|
|
|
expect(user.auditLog[0].operation).to.equal('clear-sessions')
|
|
|
|
expect(user.auditLog[0].ipAddress).to.exist
|
|
|
|
expect(user.auditLog[0].initiatorId).to.exist
|
|
|
|
expect(user.auditLog[0].timestamp).to.exist
|
|
|
|
expect(user.auditLog[0].info.sessions.length).to.equal(2)
|
|
|
|
next()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
}
|
|
|
|
],
|
|
|
|
(err, result) => {
|
|
|
|
if (err) {
|
|
|
|
throw err
|
|
|
|
}
|
2020-07-27 10:33:57 -04:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|