From cda8e533865474a069c0034ed0f7a65f6c69ddb6 Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Fri, 9 Dec 2022 11:54:23 +0000 Subject: [PATCH] feat: add test for max sessions --- app/controllers/shared/api.php | 24 ++-- .../Projects/ProjectsConsoleClientTest.php | 105 ++++++++++++++++++ 2 files changed, 120 insertions(+), 9 deletions(-) diff --git a/app/controllers/shared/api.php b/app/controllers/shared/api.php index a0212f7700..20d5976efa 100644 --- a/app/controllers/shared/api.php +++ b/app/controllers/shared/api.php @@ -325,23 +325,29 @@ App::shutdown() ->inject('response') ->inject('project') ->inject('dbForProject') - ->action(function(App $utopia, Request $request, Response $response, Document $project, Database $dbForProject) { + ->action(function (App $utopia, Request $request, Response $response, Document $project, Database $dbForProject) { $route = $utopia->match($request); $event = $route->getLabel('event', ''); - if($event === 'users.[userId].sessions.[sessionId].create' && $project->getId() != 'console') { + if ($event === 'users.[userId].sessions.[sessionId].create' && $project->getId() != 'console') { $sessionLimit = $project->getAttribute('auth', [])['maxSessions'] ?? APP_LIMIT_USER_SESSIONS; $session = $response->getPayload(); $userId = $session['userId'] ?? ''; - if(empty($userId)) return; - + if (empty($userId)) { + return; + } + $user = $dbForProject->getDocument('users', $userId); - if($user->isEmpty()) return; - + if ($user->isEmpty()) { + return; + } + $sessions = $user->getAttribute('sessions', []); $count = \count($sessions); - if($count <= $sessionLimit) return; - - for($i = 0; $i < ($count - $sessionLimit); $i++) { + if ($count <= $sessionLimit) { + return; + } + + for ($i = 0; $i < ($count - $sessionLimit); $i++) { $session = array_pop($sessions); $dbForProject->deleteDocument('sessions', $session->getId()); } diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php index 413b665897..9501cc3af0 100644 --- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php +++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php @@ -874,6 +874,111 @@ class ProjectsConsoleClientTest extends Scope return $data; } + /** + * @depends testUpdateProjectAuthLimit + */ + public function testUpdateProjectAuthSessionLimit($data): array + { + $id = $data['projectId'] ?? ''; + + /** + * Test for failure + */ + $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id . '/auth/max-sessions', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'limit' => 0, + ]); + + $this->assertEquals(400, $response['headers']['status-code']); + + /** + * Test for SUCCESS + */ + $response = $this->client->call(Client::METHOD_PATCH, '/projects/' . $id . '/auth/max-sessions', array_merge([ + 'content-type' => 'application/json', + 'x-appwrite-project' => $this->getProject()['$id'], + ], $this->getHeaders()), [ + 'limit' => 1, + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $this->assertNotEmpty($response['body']['$id']); + + $email = uniqid() . 'user@localhost.test'; + $password = 'password'; + $name = 'User Name'; + + /** + * Create new user + */ + $response = $this->client->call(Client::METHOD_POST, '/account', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $id, + ]), [ + 'userId' => ID::unique(), + 'email' => $email, + 'password' => $password, + 'name' => $name, + ]); + + $this->assertEquals($response['headers']['status-code'], 501); + + /** + * create new session + */ + $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $id, + ]), [ + 'email' => $email, + 'password' => $password, + ]); + + + $this->assertEquals(200, $response['headers']['status-code']); + $sessionId1 = $response['body']['$id']; + + /** + * create new session + */ + $response = $this->client->call(Client::METHOD_POST, '/account/sessions/email', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $id, + ]), [ + 'email' => $email, + 'password' => $password, + ]); + + + $this->assertEquals(200, $response['headers']['status-code']); + $sessionCookie = $response['headers']['set-cookie']; + $sessionId2 = $response['body']['$id']; + + /** + * List sessions + */ + $response = $this->client->call(Client::METHOD_GET, '/account/sessions', [ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $id, + 'Cookie' => $sessionCookie, + ]); + + $this->assertEquals(200, $response['headers']['status-code']); + $sessions = $response['body']['sessions']; + + $this->assertEquals(1, count($sessions)); + $this->assertEquals($sessionId2, $sessions[0]['$id']); + + + return $data; + } + public function testUpdateProjectServiceStatusAdmin(): array { $team = $this->client->call(Client::METHOD_POST, '/teams', array_merge([