mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
added example session invalidation code
This commit is contained in:
Henry Oswald
parent
e7984a90d7
commit
e5ab40c911
2 changed files with 83 additions and 0 deletions
|
|
@ -0,0 +1,26 @@
|
||||||
|
Settings = require("settings-sharelatex")
|
||||||
|
redis = require("redis-sharelatex")
|
||||||
|
rclient = redis.createClient(Settings.redis.web)
|
||||||
|
crypto = require("crypto")
|
||||||
|
async = require("async")
|
||||||
|
|
||||||
|
|
||||||
|
module.exports =
|
||||||
|
|
||||||
|
_getEmailKey : (email)->
|
||||||
|
hash = crypto.createHash("md5").update(email).digest("hex")
|
||||||
|
return "e_sess:#{hash}"
|
||||||
|
|
||||||
|
tracksession:(sessionId, email, callback = ->)->
|
||||||
|
session_lookup_key = @_getEmailKey(email)
|
||||||
|
rclient.set session_lookup_key, sessionId, callback
|
||||||
|
|
||||||
|
invalidateSession:(email, callback = ->)->
|
||||||
|
session_lookup_key = @_getEmailKey(email)
|
||||||
|
rclient.get session_lookup_key, (err, sessionId)->
|
||||||
|
async.series [
|
||||||
|
(cb)-> rclient.del sessionId, cb
|
||||||
|
(cb)-> rclient.del session_lookup_key, cb
|
||||||
|
], callback
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -0,0 +1,57 @@
|
||||||
|
should = require('chai').should()
|
||||||
|
SandboxedModule = require('sandboxed-module')
|
||||||
|
assert = require('assert')
|
||||||
|
path = require('path')
|
||||||
|
sinon = require('sinon')
|
||||||
|
modulePath = path.join __dirname, "../../../../app/js/Features/Security/SessionInvalidator"
|
||||||
|
expect = require("chai").expect
|
||||||
|
|
||||||
|
describe "SessionInvaildator", ->
|
||||||
|
|
||||||
|
beforeEach ->
|
||||||
|
@settings =
|
||||||
|
redis:
|
||||||
|
web:{}
|
||||||
|
@rclient =
|
||||||
|
del:sinon.stub()
|
||||||
|
set:sinon.stub().callsArgWith(2)
|
||||||
|
get:sinon.stub()
|
||||||
|
@SessionInvaildator = SandboxedModule.require modulePath, requires:
|
||||||
|
"settings-sharelatex":@settings
|
||||||
|
"logger-sharelatex": log:->
|
||||||
|
"redis-sharelatex": createClient:=>
|
||||||
|
return @rclient
|
||||||
|
@emailAddress = "bob@smith"
|
||||||
|
@sessionId = "sess:123456"
|
||||||
|
@stubbedKey = "e_sess:7890"
|
||||||
|
|
||||||
|
describe "_getEmailKey", ->
|
||||||
|
|
||||||
|
it "should get the email key by hashing it", ->
|
||||||
|
result = @SessionInvaildator._getEmailKey "bob@smith.com"
|
||||||
|
result.should.equal "e_sess:6815b961bfb8f83dd4cecd357e55e62d"
|
||||||
|
|
||||||
|
describe "tracksession", ->
|
||||||
|
|
||||||
|
it "should save the session in redis", (done)->
|
||||||
|
|
||||||
|
@SessionInvaildator._getEmailKey = sinon.stub().returns(@stubbedKey)
|
||||||
|
@SessionInvaildator.tracksession @sessionId, @emailAddress, =>
|
||||||
|
@rclient.set.calledWith(@stubbedKey).should.equal true
|
||||||
|
done()
|
||||||
|
|
||||||
|
|
||||||
|
describe "invalidateSession", (done)->
|
||||||
|
|
||||||
|
beforeEach ->
|
||||||
|
@SessionInvaildator._getEmailKey = sinon.stub().returns(@stubbedKey)
|
||||||
|
@rclient.del.callsArgWith(1)
|
||||||
|
|
||||||
|
it "get the session key and delete it", (done)->
|
||||||
|
@rclient.get.callsArgWith 1, null, @sessionId
|
||||||
|
@SessionInvaildator.invalidateSession @emailAddress, =>
|
||||||
|
@rclient.del.calledWith(@sessionId).should.equal true
|
||||||
|
@rclient.del.calledWith(@stubbedKey).should.equal true
|
||||||
|
|
||||||
|
done()
|
||||||
|
|
||||||
Loading…
Reference in a new issue