sinon = require('sinon') chai = require('chai') should = chai.should() expect = chai.expect modulePath = "../../../../app/js/Features/User/UserSessionsManager.js" SandboxedModule = require('sandboxed-module') Async = require('async') describe 'UserSessionsManager', -> beforeEach -> @user = _id: "abcd" email: "user@example.com" @sessionId = 'some_session_id' @rclient = multi: sinon.stub() exec: sinon.stub() get: sinon.stub() del: sinon.stub() sadd: sinon.stub() srem: sinon.stub() smembers: sinon.stub() mget: sinon.stub() expire: sinon.stub() @rclient.multi.returns(@rclient) @rclient.get.returns(@rclient) @rclient.del.returns(@rclient) @rclient.sadd.returns(@rclient) @rclient.srem.returns(@rclient) @rclient.smembers.returns(@rclient) @rclient.expire.returns(@rclient) @rclient.exec.callsArgWith(0, null) @UserSessionsRedis = client: () => @rclient sessionSetKey: (user) => "UserSessions:{#{user._id}}" @logger = err: sinon.stub() error: sinon.stub() log: sinon.stub() @settings = redis: web: {} @UserSessionsManager = SandboxedModule.require modulePath, requires: "logger-sharelatex": @logger "settings-sharelatex": @settings './UserSessionsRedis': @UserSessionsRedis 'async': Async describe '_sessionKey', -> it 'should build the correct key', -> result = @UserSessionsManager._sessionKey(@sessionId) result.should.equal 'sess:some_session_id' describe 'trackSession', -> beforeEach -> @call = (callback) => @UserSessionsManager.trackSession @user, @sessionId, callback @rclient.exec.callsArgWith(0, null) @_checkSessions = sinon.stub(@UserSessionsManager, '_checkSessions').returns(null) afterEach -> @_checkSessions.restore() it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error done() it 'should call the appropriate redis methods', (done) -> @call (err) => @rclient.multi.callCount.should.equal 1 @rclient.sadd.callCount.should.equal 1 @rclient.expire.callCount.should.equal 1 @rclient.exec.callCount.should.equal 1 done() it 'should call _checkSessions', (done) -> @call (err) => @_checkSessions.callCount.should.equal 1 done() describe 'when rclient produces an error', -> beforeEach -> @rclient.exec.callsArgWith(0, new Error('woops')) it 'should produce an error', (done) -> @call (err) => expect(err).to.be.instanceof Error done() it 'should not call _checkSessions', (done) -> @call (err) => @_checkSessions.callCount.should.equal 0 done() describe 'when no user is supplied', -> beforeEach -> @call = (callback) => @UserSessionsManager.trackSession null, @sessionId, callback it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should not call the appropriate redis methods', (done) -> @call (err) => @rclient.multi.callCount.should.equal 0 @rclient.sadd.callCount.should.equal 0 @rclient.expire.callCount.should.equal 0 @rclient.exec.callCount.should.equal 0 done() it 'should not call _checkSessions', (done) -> @call (err) => @_checkSessions.callCount.should.equal 0 done() describe 'when no sessionId is supplied', -> beforeEach -> @call = (callback) => @UserSessionsManager.trackSession @user, null, callback it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should not call the appropriate redis methods', (done) -> @call (err) => @rclient.multi.callCount.should.equal 0 @rclient.sadd.callCount.should.equal 0 @rclient.expire.callCount.should.equal 0 @rclient.exec.callCount.should.equal 0 done() it 'should not call _checkSessions', (done) -> @call (err) => @_checkSessions.callCount.should.equal 0 done() describe 'untrackSession', -> beforeEach -> @call = (callback) => @UserSessionsManager.untrackSession @user, @sessionId, callback @rclient.exec.callsArgWith(0, null) @_checkSessions = sinon.stub(@UserSessionsManager, '_checkSessions').returns(null) afterEach -> @_checkSessions.restore() it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal undefined done() it 'should call the appropriate redis methods', (done) -> @call (err) => @rclient.multi.callCount.should.equal 1 @rclient.srem.callCount.should.equal 1 @rclient.expire.callCount.should.equal 1 @rclient.exec.callCount.should.equal 1 done() it 'should call _checkSessions', (done) -> @call (err) => @_checkSessions.callCount.should.equal 1 done() describe 'when rclient produces an error', -> beforeEach -> @rclient.exec.callsArgWith(0, new Error('woops')) it 'should produce an error', (done) -> @call (err) => expect(err).to.be.instanceof Error done() it 'should not call _checkSessions', (done) -> @call (err) => @_checkSessions.callCount.should.equal 0 done() describe 'when no user is supplied', -> beforeEach -> @call = (callback) => @UserSessionsManager.untrackSession null, @sessionId, callback it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should not call the appropriate redis methods', (done) -> @call (err) => @rclient.multi.callCount.should.equal 0 @rclient.srem.callCount.should.equal 0 @rclient.expire.callCount.should.equal 0 @rclient.exec.callCount.should.equal 0 done() it 'should not call _checkSessions', (done) -> @call (err) => @_checkSessions.callCount.should.equal 0 done() describe 'when no sessionId is supplied', -> beforeEach -> @call = (callback) => @UserSessionsManager.untrackSession @user, null, callback it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should not call the appropriate redis methods', (done) -> @call (err) => @rclient.multi.callCount.should.equal 0 @rclient.srem.callCount.should.equal 0 @rclient.expire.callCount.should.equal 0 @rclient.exec.callCount.should.equal 0 done() it 'should not call _checkSessions', (done) -> @call (err) => @_checkSessions.callCount.should.equal 0 done() describe 'revokeAllUserSessions', -> beforeEach -> @sessionKeys = ['sess:one', 'sess:two'] @retain = [] @rclient.smembers.callsArgWith(1, null, @sessionKeys) @rclient.del = sinon.stub().callsArgWith(1, null) @rclient.srem = sinon.stub().callsArgWith(2, null) @call = (callback) => @UserSessionsManager.revokeAllUserSessions @user, @retain, callback it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should call the appropriate redis methods', (done) -> @call (err) => @rclient.smembers.callCount.should.equal 1 @rclient.del.callCount.should.equal 2 expect(@rclient.del.firstCall.args[0]).to.deep.equal @sessionKeys[0] expect(@rclient.del.secondCall.args[0]).to.deep.equal @sessionKeys[1] @rclient.srem.callCount.should.equal 1 expect(@rclient.srem.firstCall.args[1]).to.deep.equal @sessionKeys done() describe 'when a session is retained', -> beforeEach -> @sessionKeys = ['sess:one', 'sess:two', 'sess:three', 'sess:four'] @retain = ['two'] @rclient.smembers.callsArgWith(1, null, @sessionKeys) @rclient.del = sinon.stub().callsArgWith(1, null) @call = (callback) => @UserSessionsManager.revokeAllUserSessions @user, @retain, callback it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should call the appropriate redis methods', (done) -> @call (err) => @rclient.smembers.callCount.should.equal 1 @rclient.del.callCount.should.equal @sessionKeys.length - 1 @rclient.srem.callCount.should.equal 1 done() it 'should remove all sessions except for the retained one', (done) -> @call (err) => expect(@rclient.del.firstCall.args[0]).to.deep.equal('sess:one') expect(@rclient.del.secondCall.args[0]).to.deep.equal('sess:three') expect(@rclient.del.thirdCall.args[0]).to.deep.equal('sess:four') expect(@rclient.srem.firstCall.args[1]).to.deep.equal(['sess:one', 'sess:three', 'sess:four']) done() describe 'when rclient produces an error', -> beforeEach -> @rclient.del = sinon.stub().callsArgWith(1, new Error('woops')) it 'should produce an error', (done) -> @call (err) => expect(err).to.be.instanceof Error done() it 'should not call rclient.srem', (done) -> @call (err) => @rclient.srem.callCount.should.equal 0 done() describe 'when no user is supplied', -> beforeEach -> @call = (callback) => @UserSessionsManager.revokeAllUserSessions null, @retain, callback it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should not call the appropriate redis methods', (done) -> @call (err) => @rclient.smembers.callCount.should.equal 0 @rclient.del.callCount.should.equal 0 @rclient.srem.callCount.should.equal 0 done() describe 'when there are no keys to delete', -> beforeEach -> @rclient.smembers.callsArgWith(1, null, []) it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should not do the delete operation', (done) -> @call (err) => @rclient.smembers.callCount.should.equal 1 @rclient.del.callCount.should.equal 0 @rclient.srem.callCount.should.equal 0 done() describe 'touch', -> beforeEach -> @rclient.expire.callsArgWith(2, null) @call = (callback) => @UserSessionsManager.touch @user, callback it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should call rclient.expire', (done) -> @call (err) => @rclient.expire.callCount.should.equal 1 done() describe 'when rclient produces an error', -> beforeEach -> @rclient.expire.callsArgWith(2, new Error('woops')) it 'should produce an error', (done) -> @call (err) => expect(err).to.be.instanceof Error done() describe 'when no user is supplied', -> beforeEach -> @call = (callback) => @UserSessionsManager.touch null, callback it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should not call expire', (done) -> @call (err) => @rclient.expire.callCount.should.equal 0 done() describe 'getAllUserSessions', -> beforeEach -> @sessionKeys = ['sess:one', 'sess:two', 'sess:three'] @sessions = [ '{"user": {"ip_address": "a", "session_created": "b"}}', '{"passport": {"user": {"ip_address": "c", "session_created": "d"}}}' ] @exclude = ['two'] @rclient.smembers.callsArgWith(1, null, @sessionKeys) @rclient.get = sinon.stub() @rclient.get.onCall(0).callsArgWith(1, null, @sessions[0]) @rclient.get.onCall(1).callsArgWith(1, null, @sessions[1]) @call = (callback) => @UserSessionsManager.getAllUserSessions @user, @exclude, callback it 'should not produce an error', (done) -> @call (err, sessions) => expect(err).to.equal null done() it 'should get sessions', (done) -> @call (err, sessions) => expect(sessions).to.deep.equal [ { ip_address: 'a', session_created: 'b' }, { ip_address: 'c', session_created: 'd' } ] done() it 'should have called rclient.smembers', (done) -> @call (err, sessions) => @rclient.smembers.callCount.should.equal 1 done() it 'should have called rclient.get', (done) -> @call (err, sessions) => @rclient.get.callCount.should.equal @sessionKeys.length - 1 done() describe 'when there are no other sessions', -> beforeEach -> @sessionKeys = ['sess:two'] @rclient.smembers.callsArgWith(1, null, @sessionKeys) it 'should not produce an error', (done) -> @call (err, sessions) => expect(err).to.equal null done() it 'should produce an empty list of sessions', (done) -> @call (err, sessions) => expect(sessions).to.deep.equal [] done() it 'should have called rclient.smembers', (done) -> @call (err, sessions) => @rclient.smembers.callCount.should.equal 1 done() it 'should not have called rclient.mget', (done) -> @call (err, sessions) => @rclient.mget.callCount.should.equal 0 done() describe 'when smembers produces an error', -> beforeEach -> @rclient.smembers.callsArgWith(1, new Error('woops')) it 'should produce an error', (done) -> @call (err, sessions) => expect(err).to.not.equal null expect(err).to.be.instanceof Error done() it 'should not have called rclient.mget', (done) -> @call (err, sessions) => @rclient.mget.callCount.should.equal 0 done() describe 'when get produces an error', -> beforeEach -> @rclient.get = sinon.stub().callsArgWith(1, new Error('woops')) it 'should produce an error', (done) -> @call (err, sessions) => expect(err).to.not.equal null expect(err).to.be.instanceof Error done() describe '_checkSessions', -> beforeEach -> @call = (callback) => @UserSessionsManager._checkSessions @user, callback @sessionKeys = ['one', 'two'] @rclient.smembers.callsArgWith(1, null, @sessionKeys) @rclient.get.callsArgWith(1, null, 'some-value') @rclient.srem.callsArgWith(2, null, {}) it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal undefined done() it 'should call the appropriate redis methods', (done) -> @call (err) => @rclient.smembers.callCount.should.equal 1 @rclient.get.callCount.should.equal 2 @rclient.srem.callCount.should.equal 0 done() describe 'when one of the keys is not present in redis', -> beforeEach -> @rclient.get.onCall(0).callsArgWith(1, null, 'some-val') @rclient.get.onCall(1).callsArgWith(1, null, null) it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal undefined done() it 'should remove that key from the set', (done) -> @call (err) => @rclient.smembers.callCount.should.equal 1 @rclient.get.callCount.should.equal 2 @rclient.srem.callCount.should.equal 1 @rclient.srem.firstCall.args[1].should.equal 'two' done() describe 'when no user is supplied', -> beforeEach -> @call = (callback) => @UserSessionsManager._checkSessions null, callback it 'should not produce an error', (done) -> @call (err) => expect(err).to.not.be.instanceof Error expect(err).to.equal null done() it 'should not call redis methods', (done) -> @call (err) => @rclient.smembers.callCount.should.equal 0 @rclient.get.callCount.should.equal 0 done() describe 'when one of the get operations produces an error', -> beforeEach -> @rclient.get.onCall(0).callsArgWith(1, new Error('woops'), null) @rclient.get.onCall(1).callsArgWith(1, null, null) it 'should produce an error', (done) -> @call (err) => expect(err).to.be.instanceof Error done() it 'should call the right redis methods, bailing out early', (done) -> @call (err) => @rclient.smembers.callCount.should.equal 1 @rclient.get.callCount.should.equal 1 @rclient.srem.callCount.should.equal 0 done()