diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-03 12:07:33 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-01-03 12:07:33 +0300 |
| commit | c0d8f9f3f962df6bfcc70440432da55d67307189 (patch) | |
| tree | 457666705fbbd4f517d201680113406163829fcc /spec/models/active_session_spec.rb | |
| parent | 2cfa1fc75dd4bd6d1f70d5fee1a824410694f297 (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'spec/models/active_session_spec.rb')
| -rw-r--r-- | spec/models/active_session_spec.rb | 50 |
1 files changed, 48 insertions, 2 deletions
diff --git a/spec/models/active_session_spec.rb b/spec/models/active_session_spec.rb index 6930f743c2f..bff3ac313c4 100644 --- a/spec/models/active_session_spec.rb +++ b/spec/models/active_session_spec.rb @@ -44,6 +44,19 @@ RSpec.describe ActiveSession, :clean_gitlab_redis_shared_state do end end + describe '#public_id' do + it 'returns an encrypted, url-encoded session id' do + original_session_id = "!*'();:@&\n=+$,/?%abcd#123[4567]8" + active_session = ActiveSession.new(session_id: original_session_id) + encrypted_encoded_id = active_session.public_id + + encrypted_id = CGI.unescape(encrypted_encoded_id) + derived_session_id = Gitlab::CryptoHelper.aes256_gcm_decrypt(encrypted_id) + + expect(original_session_id).to eq derived_session_id + end + end + describe '.list' do it 'returns all sessions by user' do Gitlab::Redis::SharedState.with do |redis| @@ -173,8 +186,7 @@ RSpec.describe ActiveSession, :clean_gitlab_redis_shared_state do device_name: 'iPhone 6', device_type: 'smartphone', created_at: Time.zone.parse('2018-03-12 09:06'), - updated_at: Time.zone.parse('2018-03-12 09:06'), - session_id: '6919a6f1bb119dd7396fadc38fd18d0d' + updated_at: Time.zone.parse('2018-03-12 09:06') ) end end @@ -244,6 +256,40 @@ RSpec.describe ActiveSession, :clean_gitlab_redis_shared_state do end end + describe '.destroy_with_public_id' do + it 'receives a user and public id and destroys the associated session' do + ActiveSession.set(user, request) + session = ActiveSession.list(user).first + + ActiveSession.destroy_with_public_id(user, session.public_id) + + total_sessions = ActiveSession.list(user).count + expect(total_sessions).to eq 0 + end + + it 'handles invalid input for public id' do + expect do + ActiveSession.destroy_with_public_id(user, nil) + end.not_to raise_error + + expect do + ActiveSession.destroy_with_public_id(user, "") + end.not_to raise_error + + expect do + ActiveSession.destroy_with_public_id(user, "aaaaaaaa") + end.not_to raise_error + end + + it 'does not attempt to destroy session when given invalid input for public id' do + expect(ActiveSession).not_to receive(:destroy) + + ActiveSession.destroy_with_public_id(user, nil) + ActiveSession.destroy_with_public_id(user, "") + ActiveSession.destroy_with_public_id(user, "aaaaaaaa") + end + end + describe '.cleanup' do before do stub_const("ActiveSession::ALLOWED_NUMBER_OF_ACTIVE_SESSIONS", 5) |