Implement session renewal test

2024-07-01 04:30:59 +12:00 · 2024-01-15 20:04:36 +00:00 · 2024-01-15 20:04:36 +00:00 · 12a0596c6e
parent 98d84a6887
commit 12a0596c6e
2 changed files with 55 additions and 1 deletions
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@ -2442,7 +2442,6 @@ App::patch('/v1/account/sessions/:sessionId')
    ->inject('queueForEvents')
    ->action(function (?string $sessionId, bool $identity, Response $response, Document $user, Database $dbForProject, Document $project, Event $queueForEvents) {

-        $authDuration = $project->getAttribute('auths', [])['duration'] ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
        $sessionId = ($sessionId === 'current')
            ? Auth::sessionVerify($user->getAttribute('sessions'), Auth::$secret)
            : $sessionId;
--- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
+++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
@ -765,6 +765,61 @@ class ProjectsConsoleClientTest extends Scope

        $this->assertEquals(401, $response['headers']['status-code']);

+        // Set session duration to 15s
+        $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id . '/auth/duration', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ], $this->getHeaders()), [
+            'duration' => 15, // seconds
+        ]);
+
+        $this->assertEquals(200, $response['headers']['status-code']);
+        $this->assertEquals(15, $response['body']['authDuration']);
+
+        // Create session
+        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $projectId,
+        ]), [
+            'email' => $userEmail,
+            'password' => 'password',
+        ]);
+
+        $this->assertEquals(201, $response['headers']['status-code']);
+
+        $sessionCookie = $response['headers']['set-cookie'];
+
+        // Wait 10 seconds, ensure valid session, extend session
+        \sleep(10);
+
+        $response = $this->client->call(Client::METHOD_GET, '/account', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $projectId,
+            'Cookie' => $sessionCookie,
+        ]));
+
+        $this->assertEquals(200, $response['headers']['status-code']);
+
+        $response = $this->client->call(Client::METHOD_PATCH, '/account/sessions/current', array_merge([
+            'origin' => 'http://localhost',
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $projectId,
+            'cookie' => $sessionCookie,
+        ]));
+
+        $this->assertEquals(200, $response['headers']['status-code']);
+
+        // Wait 20 seconds, ensure non-valid session
+        \sleep(20);
+
+        $response = $this->client->call(Client::METHOD_GET, '/account', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $projectId,
+            'Cookie' => $sessionCookie,
+        ]));
+
+        $this->assertEquals(401, $response['headers']['status-code']);
+
        // Return project back to normal
        $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id . '/auth/duration', array_merge([
            'content-type' => 'application/json',