mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
added example session invalidation code
This commit is contained in:
parent
e7984a90d7
commit
e5ab40c911
2 changed files with 83 additions and 0 deletions
|
@ -0,0 +1,26 @@
|
|||
Settings = require("settings-sharelatex")
|
||||
redis = require("redis-sharelatex")
|
||||
rclient = redis.createClient(Settings.redis.web)
|
||||
crypto = require("crypto")
|
||||
async = require("async")
|
||||
|
||||
|
||||
module.exports =
|
||||
|
||||
_getEmailKey : (email)->
|
||||
hash = crypto.createHash("md5").update(email).digest("hex")
|
||||
return "e_sess:#{hash}"
|
||||
|
||||
tracksession:(sessionId, email, callback = ->)->
|
||||
session_lookup_key = @_getEmailKey(email)
|
||||
rclient.set session_lookup_key, sessionId, callback
|
||||
|
||||
invalidateSession:(email, callback = ->)->
|
||||
session_lookup_key = @_getEmailKey(email)
|
||||
rclient.get session_lookup_key, (err, sessionId)->
|
||||
async.series [
|
||||
(cb)-> rclient.del sessionId, cb
|
||||
(cb)-> rclient.del session_lookup_key, cb
|
||||
], callback
|
||||
|
||||
|
|
@ -0,0 +1,57 @@
|
|||
should = require('chai').should()
|
||||
SandboxedModule = require('sandboxed-module')
|
||||
assert = require('assert')
|
||||
path = require('path')
|
||||
sinon = require('sinon')
|
||||
modulePath = path.join __dirname, "../../../../app/js/Features/Security/SessionInvalidator"
|
||||
expect = require("chai").expect
|
||||
|
||||
describe "SessionInvaildator", ->
|
||||
|
||||
beforeEach ->
|
||||
@settings =
|
||||
redis:
|
||||
web:{}
|
||||
@rclient =
|
||||
del:sinon.stub()
|
||||
set:sinon.stub().callsArgWith(2)
|
||||
get:sinon.stub()
|
||||
@SessionInvaildator = SandboxedModule.require modulePath, requires:
|
||||
"settings-sharelatex":@settings
|
||||
"logger-sharelatex": log:->
|
||||
"redis-sharelatex": createClient:=>
|
||||
return @rclient
|
||||
@emailAddress = "bob@smith"
|
||||
@sessionId = "sess:123456"
|
||||
@stubbedKey = "e_sess:7890"
|
||||
|
||||
describe "_getEmailKey", ->
|
||||
|
||||
it "should get the email key by hashing it", ->
|
||||
result = @SessionInvaildator._getEmailKey "bob@smith.com"
|
||||
result.should.equal "e_sess:6815b961bfb8f83dd4cecd357e55e62d"
|
||||
|
||||
describe "tracksession", ->
|
||||
|
||||
it "should save the session in redis", (done)->
|
||||
|
||||
@SessionInvaildator._getEmailKey = sinon.stub().returns(@stubbedKey)
|
||||
@SessionInvaildator.tracksession @sessionId, @emailAddress, =>
|
||||
@rclient.set.calledWith(@stubbedKey).should.equal true
|
||||
done()
|
||||
|
||||
|
||||
describe "invalidateSession", (done)->
|
||||
|
||||
beforeEach ->
|
||||
@SessionInvaildator._getEmailKey = sinon.stub().returns(@stubbedKey)
|
||||
@rclient.del.callsArgWith(1)
|
||||
|
||||
it "get the session key and delete it", (done)->
|
||||
@rclient.get.callsArgWith 1, null, @sessionId
|
||||
@SessionInvaildator.invalidateSession @emailAddress, =>
|
||||
@rclient.del.calledWith(@sessionId).should.equal true
|
||||
@rclient.del.calledWith(@stubbedKey).should.equal true
|
||||
|
||||
done()
|
||||
|
Loading…
Reference in a new issue