Skip to content

Commit

Permalink
fix session duration and test cookie expire time
Browse files Browse the repository at this point in the history
  • Loading branch information
sdumetz committed Dec 13, 2024
1 parent a49b476 commit 61dbb15
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 3 deletions.
25 changes: 23 additions & 2 deletions source/server/routes/auth/login.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,20 @@ describe("/auth/login", function(){
});

it("sets a cookie", async function(){
const maxAge = this.server.locals.sessionMaxAge;
this.agent = request.agent(this.server);
await this.agent.post("/auth/login")
let res = await this.agent.post("/auth/login")
.send({username: user.username, password: "12345678"})
.set("Content-Type", "application/json")
.set("Accept", "")
.expect(200)
.expect('set-cookie', /session=/);

let expiresText = /expires=([^;]+);/.exec(res.headers["set-cookie"]);
expect(expiresText, `expected regex to match ${res.headers["set-cookie"]}`).to.be.ok;
let expiresDate = new Date((expiresText as any)[1]);
expect(expiresDate.valueOf()).to.be.above(Date.now()+maxAge-2000);
expect(expiresDate.valueOf()).to.be.below(Date.now()+ maxAge + 1);
});

it("can get login status (not connected)", async function(){
Expand Down Expand Up @@ -187,6 +194,7 @@ describe("/auth/login", function(){
});

it("obtains a valid login link (text/plain)", async function(){
const maxAge = this.server.locals.sessionMaxAge;
let res = await request(this.server).get(`/auth/login/${user.username}/link`)
.set("Authorization", `Basic ${Buffer.from(`${admin.username}:12345678`).toString("base64")}`)
.set("Accept", "text/plain")
Expand All @@ -195,10 +203,23 @@ describe("/auth/login", function(){

expect(res.text).to.match(/^http:/);
let url = new URL(res.text);
await request(this.server).get(url.pathname+url.search)

const agent = request.agent(this.server);
res = await agent.get(url.pathname+url.search)
.expect(302)
.expect("Set-Cookie", /session=/)
.expect("Location", "/");

let expiresText = /expires=([^;]+);/.exec(res.headers["set-cookie"]);
expect(expiresText, `expected regex to match ${res.headers["set-cookie"]}`).to.be.ok;
let expiresDate = new Date((expiresText as any)[1]);
expect(expiresDate.valueOf()).to.be.above(Date.now() + maxAge - 1000);

//Verifies that the authentication does actually work
res = await agent.get("/auth/login")
.set("Accept", "application/json")
.expect(200);
expect(res.body).to.have.property("username", user.username);
});

it("obtains a valid login link (application/json)", async function(){
Expand Down
6 changes: 5 additions & 1 deletion source/server/routes/auth/login.ts
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,11 @@ export async function getLogin(req :Request, res:Response){
console.log((e as any).message);
throw new BadRequestError(`Failed to parse login payload`);
}
Object.assign((req as any).session as any, User.safe(user));
Object.assign(
(req as any).session as any,
{expires: Date.now() + getLocals(req).sessionMaxAge },
User.safe(user),
);
if(redirect && typeof redirect === "string"){
return res.redirect(302, redirect );
}else{
Expand Down

0 comments on commit 61dbb15

Please sign in to comment.