2021-07-18 21:42:36 +02:00
|
|
|
import supertest from 'supertest';
|
|
|
|
import express from 'express';
|
|
|
|
import { createTestConfig } from '../../test/config/test-config';
|
|
|
|
|
|
|
|
import LogoutController from './logout';
|
|
|
|
import { IAuthRequest } from './unleash-types';
|
2022-09-23 14:19:17 +02:00
|
|
|
import SessionService from '../services/session-service';
|
|
|
|
import FakeSessionStore from '../../test/fixtures/fake-session-store';
|
|
|
|
import noLogger from '../../test/fixtures/no-logger';
|
|
|
|
import { addDays } from 'date-fns';
|
2021-07-18 21:42:36 +02:00
|
|
|
|
|
|
|
test('should redirect to "/" after logout', async () => {
|
|
|
|
const baseUriPath = '';
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig({ server: { baseUriPath } });
|
2022-09-23 14:19:17 +02:00
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
app.use(
|
|
|
|
'/logout',
|
|
|
|
new LogoutController(config, {
|
|
|
|
sessionService,
|
|
|
|
}).router,
|
|
|
|
);
|
2021-07-18 21:42:36 +02:00
|
|
|
const request = supertest(app);
|
|
|
|
expect.assertions(0);
|
|
|
|
await request
|
2023-04-06 11:46:54 +02:00
|
|
|
.post(`${baseUriPath}/logout`)
|
2021-07-18 21:42:36 +02:00
|
|
|
.expect(302)
|
|
|
|
.expect('Location', `${baseUriPath}/`);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should redirect to "/basePath" after logout when baseUriPath is set', async () => {
|
|
|
|
const baseUriPath = '/basePath';
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig({ server: { baseUriPath } });
|
2022-09-23 14:19:17 +02:00
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
app.use('/logout', new LogoutController(config, { sessionService }).router);
|
2021-07-18 21:42:36 +02:00
|
|
|
const request = supertest(app);
|
|
|
|
expect.assertions(0);
|
|
|
|
await request
|
2023-04-06 11:46:54 +02:00
|
|
|
.post('/logout')
|
2021-07-18 21:42:36 +02:00
|
|
|
.expect(302)
|
|
|
|
.expect('Location', `${baseUriPath}/`);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should set "Clear-Site-Data" header', async () => {
|
|
|
|
const baseUriPath = '';
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig({ server: { baseUriPath } });
|
2022-09-23 14:19:17 +02:00
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
|
|
|
|
app.use('/logout', new LogoutController(config, { sessionService }).router);
|
2021-07-18 21:42:36 +02:00
|
|
|
const request = supertest(app);
|
|
|
|
expect.assertions(0);
|
|
|
|
await request
|
2023-04-06 11:46:54 +02:00
|
|
|
.post(`${baseUriPath}/logout`)
|
2021-07-18 21:42:36 +02:00
|
|
|
.expect(302)
|
|
|
|
.expect('Clear-Site-Data', '"cookies", "storage"');
|
|
|
|
});
|
|
|
|
|
2022-06-03 11:50:58 +02:00
|
|
|
test('should not set "Clear-Site-Data" header', async () => {
|
|
|
|
const baseUriPath = '';
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig({
|
|
|
|
server: { baseUriPath },
|
|
|
|
session: { clearSiteDataOnLogout: false },
|
|
|
|
});
|
2022-09-23 14:19:17 +02:00
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
|
|
|
|
app.use('/logout', new LogoutController(config, { sessionService }).router);
|
2022-06-03 11:50:58 +02:00
|
|
|
const request = supertest(app);
|
|
|
|
expect.assertions(1);
|
|
|
|
await request
|
2023-04-06 11:46:54 +02:00
|
|
|
.post(`${baseUriPath}/logout`)
|
2022-06-03 11:50:58 +02:00
|
|
|
.expect(302)
|
|
|
|
.expect((res) =>
|
|
|
|
expect(res.headers['Clear-Site-Data']).toBeUndefined(),
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should clear "unleash-session" cookies', async () => {
|
|
|
|
const baseUriPath = '';
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig({ server: { baseUriPath } });
|
2022-09-23 14:19:17 +02:00
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
|
|
|
|
app.use('/logout', new LogoutController(config, { sessionService }).router);
|
|
|
|
|
2022-06-03 11:50:58 +02:00
|
|
|
const request = supertest(app);
|
|
|
|
expect.assertions(0);
|
|
|
|
await request
|
2023-04-06 11:46:54 +02:00
|
|
|
.post(`${baseUriPath}/logout`)
|
2022-06-03 11:50:58 +02:00
|
|
|
.expect(302)
|
|
|
|
.expect(
|
|
|
|
'Set-Cookie',
|
|
|
|
'unleash-session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should clear "unleash-session" cookie even when disabled clear site data', async () => {
|
|
|
|
const baseUriPath = '';
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig({
|
|
|
|
server: { baseUriPath },
|
|
|
|
session: { clearSiteDataOnLogout: false },
|
|
|
|
});
|
2022-09-23 14:19:17 +02:00
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
|
|
|
|
app.use('/logout', new LogoutController(config, { sessionService }).router);
|
|
|
|
|
2022-06-03 11:50:58 +02:00
|
|
|
const request = supertest(app);
|
|
|
|
expect.assertions(0);
|
|
|
|
await request
|
2023-04-06 11:46:54 +02:00
|
|
|
.post(`${baseUriPath}/logout`)
|
2022-06-03 11:50:58 +02:00
|
|
|
.expect(302)
|
|
|
|
.expect(
|
|
|
|
'Set-Cookie',
|
|
|
|
'unleash-session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',
|
|
|
|
);
|
|
|
|
});
|
|
|
|
|
2021-07-18 21:42:36 +02:00
|
|
|
test('should call destroy on session', async () => {
|
|
|
|
const baseUriPath = '';
|
|
|
|
const fakeSession = {
|
|
|
|
destroy: jest.fn(),
|
|
|
|
};
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig({ server: { baseUriPath } });
|
|
|
|
app.use((req: IAuthRequest, res, next) => {
|
|
|
|
req.session = fakeSession;
|
|
|
|
next();
|
|
|
|
});
|
2022-09-23 14:19:17 +02:00
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
|
|
|
|
app.use('/logout', new LogoutController(config, { sessionService }).router);
|
|
|
|
|
2021-07-18 21:42:36 +02:00
|
|
|
const request = supertest(app);
|
2023-04-06 11:46:54 +02:00
|
|
|
await request.post(`${baseUriPath}/logout`);
|
2021-07-18 21:42:36 +02:00
|
|
|
|
|
|
|
expect(fakeSession.destroy.mock.calls.length).toBe(1);
|
|
|
|
});
|
|
|
|
|
2022-09-13 09:59:34 +02:00
|
|
|
test('should handle req.logout with callback function', async () => {
|
|
|
|
// passport >=0.6.0
|
|
|
|
const baseUriPath = '';
|
|
|
|
const logoutFunction = jest.fn((cb: (err?: any) => void) => cb());
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig({ server: { baseUriPath } });
|
|
|
|
app.use((req: IAuthRequest, res, next) => {
|
|
|
|
req.logout = logoutFunction;
|
|
|
|
next();
|
|
|
|
});
|
2022-09-23 14:19:17 +02:00
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
|
|
|
|
app.use('/logout', new LogoutController(config, { sessionService }).router);
|
|
|
|
|
2022-09-13 09:59:34 +02:00
|
|
|
const request = supertest(app);
|
2023-04-06 11:46:54 +02:00
|
|
|
await request.post(`${baseUriPath}/logout`);
|
2022-09-13 09:59:34 +02:00
|
|
|
|
|
|
|
expect(logoutFunction).toHaveBeenCalledTimes(1);
|
|
|
|
expect(logoutFunction).toHaveBeenCalledWith(expect.anything());
|
|
|
|
});
|
|
|
|
|
|
|
|
test('should handle req.logout without callback function', async () => {
|
|
|
|
// passport <0.6.0
|
|
|
|
const baseUriPath = '';
|
|
|
|
const logoutFunction = jest.fn();
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig({ server: { baseUriPath } });
|
|
|
|
app.use((req: IAuthRequest, res, next) => {
|
|
|
|
req.logout = logoutFunction;
|
|
|
|
next();
|
|
|
|
});
|
2022-09-23 14:19:17 +02:00
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
|
|
|
|
app.use('/logout', new LogoutController(config, { sessionService }).router);
|
|
|
|
|
2022-09-13 09:59:34 +02:00
|
|
|
const request = supertest(app);
|
2023-04-06 11:46:54 +02:00
|
|
|
await request.post(`${baseUriPath}/logout`);
|
2022-09-13 09:59:34 +02:00
|
|
|
|
|
|
|
expect(logoutFunction).toHaveBeenCalledTimes(1);
|
|
|
|
expect(logoutFunction).toHaveBeenCalledWith();
|
|
|
|
});
|
|
|
|
|
2021-07-18 21:42:36 +02:00
|
|
|
test('should redirect to alternative logoutUrl', async () => {
|
|
|
|
const fakeSession = {
|
|
|
|
destroy: jest.fn(),
|
|
|
|
logoutUrl: '/some-other-path',
|
|
|
|
};
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig();
|
|
|
|
app.use((req: IAuthRequest, res, next) => {
|
|
|
|
req.session = fakeSession;
|
|
|
|
next();
|
|
|
|
});
|
2022-09-23 14:19:17 +02:00
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
|
|
|
|
app.use('/logout', new LogoutController(config, { sessionService }).router);
|
|
|
|
|
2021-07-18 21:42:36 +02:00
|
|
|
const request = supertest(app);
|
|
|
|
await request
|
2023-04-06 11:46:54 +02:00
|
|
|
.post('/logout')
|
2021-07-18 21:42:36 +02:00
|
|
|
.expect(302)
|
|
|
|
.expect('Location', '/some-other-path');
|
|
|
|
});
|
2022-09-23 14:19:17 +02:00
|
|
|
|
|
|
|
test('Should destroy sessions for user', async () => {
|
|
|
|
const app = express();
|
|
|
|
const config = createTestConfig();
|
|
|
|
const fakeSession = {
|
|
|
|
destroy: jest.fn(),
|
|
|
|
user: {
|
|
|
|
id: 1,
|
|
|
|
},
|
|
|
|
};
|
|
|
|
app.use((req: IAuthRequest, res, next) => {
|
|
|
|
req.session = fakeSession;
|
|
|
|
next();
|
|
|
|
});
|
|
|
|
const sessionStore = new FakeSessionStore();
|
|
|
|
const sessionService = new SessionService(
|
|
|
|
{ sessionStore },
|
|
|
|
{ getLogger: noLogger },
|
|
|
|
);
|
|
|
|
await sessionStore.insertSession({
|
|
|
|
sid: '1',
|
|
|
|
sess: {
|
|
|
|
user: {
|
|
|
|
id: 1,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expired: addDays(new Date(), 2),
|
|
|
|
});
|
|
|
|
await sessionStore.insertSession({
|
|
|
|
sid: '2',
|
|
|
|
sess: {
|
|
|
|
user: {
|
|
|
|
id: 1,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
expired: addDays(new Date(), 2),
|
|
|
|
});
|
2023-09-29 14:18:21 +02:00
|
|
|
const activeSessionsBeforeLogout = await sessionStore.getSessionsForUser(1);
|
2022-09-23 14:19:17 +02:00
|
|
|
expect(activeSessionsBeforeLogout).toHaveLength(2);
|
|
|
|
app.use('/logout', new LogoutController(config, { sessionService }).router);
|
2023-04-06 11:46:54 +02:00
|
|
|
await supertest(app).post('/logout').expect(302);
|
2023-09-29 14:18:21 +02:00
|
|
|
const activeSessions = await sessionStore.getSessionsForUser(1);
|
2022-09-23 14:19:17 +02:00
|
|
|
expect(activeSessions).toHaveLength(0);
|
|
|
|
});
|