From 5dc8a2dee071d2ccc81498c77e2244271467fdf5 Mon Sep 17 00:00:00 2001
From: Bradley Schofield <bradley@appwrite.io>
Date: Tue, 1 Nov 2022 11:15:45 +0000
Subject: [PATCH] Add Tests and fix bugs

---
 app/controllers/api/account.php               | 10 +-
 app/controllers/api/projects.php              |  2 +-
 app/controllers/api/teams.php                 |  2 +-
 .../Projects/ProjectsConsoleClientTest.php    | 91 +++++++++++++++++++
 4 files changed, 98 insertions(+), 7 deletions(-)

diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php
index 177e968f36..ff0461f2f8 100644
--- a/app/controllers/api/account.php
+++ b/app/controllers/api/account.php
@@ -186,7 +186,7 @@ App::post('/v1/account/sessions/email')
             throw new Exception(Exception::USER_BLOCKED); // User is in status blocked
         }
 
-        $sessionDuration = ($project->getAttribute('sessionDuration', null) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $sessionDuration = ($project->getAttribute('sessionDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
 
         $detector = new Detector($request->getUserAgent('UNKNOWN'));
         $record = $geodb->get($request->getIP());
@@ -528,7 +528,7 @@ App::get('/v1/account/sessions/oauth2/:provider/redirect')
         }
 
         // Create session token, verify user account and update OAuth2 ID and Access Token
-        $sessionDuration = ($project->getAttribute('sessionDuration', null) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $sessionDuration = ($project->getAttribute('sessionDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
         $detector = new Detector($request->getUserAgent('UNKNOWN'));
         $record = $geodb->get($request->getIP());
         $secret = Auth::tokenGenerator();
@@ -783,7 +783,7 @@ App::put('/v1/account/sessions/magic-url')
             throw new Exception(Exception::USER_INVALID_TOKEN);
         }
 
-        $sessionDuration = ($project->getAttribute('sessionDuration', null) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $sessionDuration = ($project->getAttribute('sessionDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
         $detector = new Detector($request->getUserAgent('UNKNOWN'));
         $record = $geodb->get($request->getIP());
         $secret = Auth::tokenGenerator();
@@ -1020,7 +1020,7 @@ App::put('/v1/account/sessions/phone')
             throw new Exception(Exception::USER_INVALID_TOKEN);
         }
 
-        $sessionDuration = ($project->getAttribute('sessionDuration', null) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $sessionDuration = ($project->getAttribute('sessionDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
         $detector = new Detector($request->getUserAgent('UNKNOWN'));
         $record = $geodb->get($request->getIP());
         $secret = Auth::tokenGenerator();
@@ -1172,7 +1172,7 @@ App::post('/v1/account/sessions/anonymous')
         ])));
 
         // Create session token
-        $sessionDuration = ($project->getAttribute('sessionDuration', null) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $sessionDuration = ($project->getAttribute('sessionDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
         $detector = new Detector($request->getUserAgent('UNKNOWN'));
         $record = $geodb->get($request->getIP());
         $secret = Auth::tokenGenerator();
diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php
index d5655b423f..d1ffcc4964 100644
--- a/app/controllers/api/projects.php
+++ b/app/controllers/api/projects.php
@@ -377,7 +377,7 @@ App::patch('/v1/projects/:projectId')
     ->param('legalCity', '', new Text(256), 'Project legal city. Max length: 256 chars.', true)
     ->param('legalAddress', '', new Text(256), 'Project legal address. Max length: 256 chars.', true)
     ->param('legalTaxId', '', new Text(256), 'Project legal tax ID. Max length: 256 chars.', true)
-    ->param('sessionDuration', null, new Integer(true), 'Project session length in minutes. Max length: 525600 minutes.', true)
+    ->param('sessionDuration', 525600, new Integer(true), 'Project session length in minutes. Max length: 525600 minutes.', true)
     ->inject('response')
     ->inject('dbForConsole')
     ->action(function (string $projectId, string $name, string $description, string $logo, string $url, string $legalName, string $legalCountry, string $legalState, string $legalCity, string $legalAddress, string $legalTaxId, int $sessionDuration, Response $response, Database $dbForConsole) {
diff --git a/app/controllers/api/teams.php b/app/controllers/api/teams.php
index 67c3151ac6..54e2bb37f5 100644
--- a/app/controllers/api/teams.php
+++ b/app/controllers/api/teams.php
@@ -732,7 +732,7 @@ App::patch('/v1/teams/:teamId/memberships/:membershipId/status')
 
         $detector = new Detector($request->getUserAgent('UNKNOWN'));
         $record = $geodb->get($request->getIP());
-        $sessionDuration = ($project->getAttribute('sessionDuration', null) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
+        $sessionDuration = ($project->getAttribute('sessionDuration', 0) * 60) ?? Auth::TOKEN_EXPIRATION_LOGIN_LONG;
         $expire = DateTime::addSeconds(new \DateTime(), $sessionDuration);
         $secret = Auth::tokenGenerator();
         $session = new Document(array_merge([
diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
index deb672c285..848a273a2f 100644
--- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
+++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php
@@ -395,6 +395,97 @@ class ProjectsConsoleClientTest extends Scope
         return ['projectId' => $projectId];
     }
 
+    /** @depends testGetProjectUsage */
+    public function testUpdateProjectSessionDuration($data): array
+    {
+        $id = $data['projectId'];
+
+        /**
+         * Test for SUCCESS
+         */
+        $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id, array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ], $this->getHeaders()), [
+            'projectId' => ID::unique(),
+            'name' => 'Project Test 2',
+            'sessionDuration' => '1', // Set session duration to 1 minute
+        ]);
+
+        $this->assertEquals(200, $response['headers']['status-code']);
+        $this->assertNotEmpty($response['body']['$id']);
+        $this->assertEquals('Project Test 2', $response['body']['name']);
+        $this->assertArrayHasKey('platforms', $response['body']);
+        $this->assertArrayHasKey('webhooks', $response['body']);
+        $this->assertArrayHasKey('keys', $response['body']);
+        $this->assertEquals(1, $response['body']['sessionDuration']);
+
+        $projectId = $response['body']['$id'];
+
+        // Create New User
+        $response = $this->client->call(Client::METHOD_POST, '/account', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $projectId,
+        ], $this->getHeaders()), [
+            'userId' => 'unique()',
+            'email' => 'test' . rand(0, 9999) . '@example.com',
+            'password' => 'password',
+            'name' => 'Test User',
+        ]);
+
+        $this->assertEquals(201, $response['headers']['status-code']);
+
+        $userEmail = $response['body']['email'];
+
+        // Create New User Session
+        $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $projectId,
+        ]), [
+            'email' => $userEmail,
+            'password' => 'password',
+        ]);
+
+        $this->assertEquals(201, $response['headers']['status-code']);
+
+        $sessionCookie = $response['headers']['set-cookie'];
+
+        // Test for SUCCESS
+        $response = $this->client->call(Client::METHOD_GET, '/account', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $projectId,
+            'Cookie' => $sessionCookie,
+        ]));
+
+        $this->assertEquals(200, $response['headers']['status-code']);
+
+        // Wait just over a minute
+        sleep(65);
+
+        // Get User
+        $response = $this->client->call(Client::METHOD_GET, '/account', array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $projectId,
+            'Cookie' => $sessionCookie,
+        ]));
+
+        $this->assertEquals(401, $response['headers']['status-code']);
+
+        // Return project back to normal
+        $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id, array_merge([
+            'content-type' => 'application/json',
+            'x-appwrite-project' => $this->getProject()['$id'],
+        ], $this->getHeaders()), [
+            'projectId' => ID::unique(),
+            'name' => 'Project Test 2'
+        ]);
+
+        $this->assertEquals(200, $response['headers']['status-code']);
+        $projectId = $response['body']['$id'];
+
+        return ['projectId' => $projectId];
+    }
+
     /**
      * @depends testGetProjectUsage
      */