add acceptance test for clearing sessions

2025-03-22 02:04:31 +00:00 · 2016-10-10 10:55:45 +01:00 · 2016-10-10 10:55:45 +01:00 · 0f65e98566
commit 0f65e98566
parent 25dd998107
1 changed files with 112 additions and 0 deletions
--- a/services/web/test/acceptance/coffee/SessionTests.coffee
+++ b/services/web/test/acceptance/coffee/SessionTests.coffee
@ -251,3 +251,115 @@ describe "Sessions", ->
 						throw err
 					done()
 			)
+
+	describe 'three sessions, sessions page', ->
+
+		before ->
+			# set up second session for this user
+			@user2 = new User()
+			@user2.email = @user1.email
+			@user2.password = @user1.password
+			@user3 = new User()
+			@user3.email = @user1.email
+			@user3.password = @user1.password
+
+
+		it "should allow the user to erase the other two sessions", (done) ->
+			async.series(
+				[
+					(next) =>
+						redis.clearUserSessions @user1, next
+
+					# login, should add session to set
+					, (next) =>
+						@user1.login (err) ->
+							next(err)
+
+					, (next) =>
+						redis.getUserSessions @user1, (err, sessions) =>
+							expect(sessions.length).to.equal 1
+							expect(sessions[0].slice(0, 5)).to.equal 'sess:'
+							next()
+
+					# login again, should add the second session to set
+					, (next) =>
+						@user2.login (err) ->
+							next(err)
+
+					, (next) =>
+						redis.getUserSessions @user1, (err, sessions) =>
+							expect(sessions.length).to.equal 2
+							expect(sessions[0].slice(0, 5)).to.equal 'sess:'
+							expect(sessions[1].slice(0, 5)).to.equal 'sess:'
+							next()
+
+					# login third session, should add the second session to set
+					, (next) =>
+						@user3.login (err) ->
+							next(err)
+
+					, (next) =>
+						redis.getUserSessions @user1, (err, sessions) =>
+							expect(sessions.length).to.equal 3
+							expect(sessions[0].slice(0, 5)).to.equal 'sess:'
+							expect(sessions[1].slice(0, 5)).to.equal 'sess:'
+							next()
+
+					# check the sessions page
+					, (next) =>
+						@user2.request.get {
+							uri: '/user/sessions'
+						}, (err, response, body) =>
+							expect(err).to.be.oneOf [null, undefined]
+							expect(response.statusCode).to.equal 200
+							next()
+
+					# clear sessions from second session, should erase two of the three sessions
+					, (next) =>
+						@user2.getCsrfToken (err) =>
+							expect(err).to.be.oneOf [null, undefined]
+							@user2.request.post {
+								uri: '/user/sessions/clear'
+							}, (err) ->
+								next(err)
+
+					, (next) =>
+						redis.getUserSessions @user2, (err, sessions) =>
+							expect(sessions.length).to.equal 1
+							next()
+
+					# users one and three should not be able to access settings page
+					, (next) =>
+						@user1.getUserSettingsPage (err, statusCode) =>
+							expect(err).to.equal null
+							expect(statusCode).to.equal 302
+							next()
+
+					, (next) =>
+						@user3.getUserSettingsPage (err, statusCode) =>
+							expect(err).to.equal null
+							expect(statusCode).to.equal 302
+							next()
+
+					# user two should still be logged in, and able to access settings page
+					, (next) =>
+						@user2.getUserSettingsPage (err, statusCode) =>
+							expect(err).to.equal null
+							expect(statusCode).to.equal 200
+							next()
+
+					# logout second session, should remove last session from set
+					, (next) =>
+						@user2.logout (err) ->
+							next(err)
+
+					, (next) =>
+						redis.getUserSessions @user1, (err, sessions) =>
+							expect(sessions.length).to.equal 0
+							next()
+
+				], (err, result) =>
+					if err
+						throw err
+					done()
+			)