unleash.unleash/src/lib/routes/logout.test.ts

import supertest from 'supertest';
import express from 'express';
import { createTestConfig } from '../../test/config/test-config';

import LogoutController from './logout';
import { IAuthRequest } from './unleash-types';
import SessionService from '../services/session-service';
import FakeSessionStore from '../../test/fixtures/fake-session-store';
import noLogger from '../../test/fixtures/no-logger';
import { addDays } from 'date-fns';

test('should redirect to "/" after logout', async () => {
    const baseUriPath = '';
    const app = express();
    const config = createTestConfig({ server: { baseUriPath } });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );
    app.use(
        '/logout',
        new LogoutController(config, {
            sessionService,
        }).router,
    );
    const request = supertest(app);
    expect.assertions(0);
    await request
        .get(`${baseUriPath}/logout`)
        .expect(302)
        .expect('Location', `${baseUriPath}/`);
});

test('should redirect to "/basePath" after logout when baseUriPath is set', async () => {
    const baseUriPath = '/basePath';
    const app = express();
    const config = createTestConfig({ server: { baseUriPath } });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );
    app.use('/logout', new LogoutController(config, { sessionService }).router);
    const request = supertest(app);
    expect.assertions(0);
    await request
        .get('/logout')
        .expect(302)
        .expect('Location', `${baseUriPath}/`);
});

test('should set "Clear-Site-Data" header', async () => {
    const baseUriPath = '';
    const app = express();
    const config = createTestConfig({ server: { baseUriPath } });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );

    app.use('/logout', new LogoutController(config, { sessionService }).router);
    const request = supertest(app);
    expect.assertions(0);
    await request
        .get(`${baseUriPath}/logout`)
        .expect(302)
        .expect('Clear-Site-Data', '"cookies", "storage"');
});

test('should not set "Clear-Site-Data" header', async () => {
    const baseUriPath = '';
    const app = express();
    const config = createTestConfig({
        server: { baseUriPath },
        session: { clearSiteDataOnLogout: false },
    });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );

    app.use('/logout', new LogoutController(config, { sessionService }).router);
    const request = supertest(app);
    expect.assertions(1);
    await request
        .get(`${baseUriPath}/logout`)
        .expect(302)
        .expect((res) =>
            expect(res.headers['Clear-Site-Data']).toBeUndefined(),
        );
});

test('should clear "unleash-session" cookies', async () => {
    const baseUriPath = '';
    const app = express();
    const config = createTestConfig({ server: { baseUriPath } });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );

    app.use('/logout', new LogoutController(config, { sessionService }).router);

    const request = supertest(app);
    expect.assertions(0);
    await request
        .get(`${baseUriPath}/logout`)
        .expect(302)
        .expect(
            'Set-Cookie',
            'unleash-session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',
        );
});

test('should clear "unleash-session" cookie even when disabled clear site data', async () => {
    const baseUriPath = '';
    const app = express();
    const config = createTestConfig({
        server: { baseUriPath },
        session: { clearSiteDataOnLogout: false },
    });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );

    app.use('/logout', new LogoutController(config, { sessionService }).router);

    const request = supertest(app);
    expect.assertions(0);
    await request
        .get(`${baseUriPath}/logout`)
        .expect(302)
        .expect(
            'Set-Cookie',
            'unleash-session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',
        );
});

test('should call destroy on session', async () => {
    const baseUriPath = '';
    const fakeSession = {
        destroy: jest.fn(),
    };
    const app = express();
    const config = createTestConfig({ server: { baseUriPath } });
    app.use((req: IAuthRequest, res, next) => {
        req.session = fakeSession;
        next();
    });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );

    app.use('/logout', new LogoutController(config, { sessionService }).router);

    const request = supertest(app);
    await request.get(`${baseUriPath}/logout`);

    expect(fakeSession.destroy.mock.calls.length).toBe(1);
});

test('should handle req.logout with callback function', async () => {
    // passport >=0.6.0
    const baseUriPath = '';
    const logoutFunction = jest.fn((cb: (err?: any) => void) => cb());
    const app = express();
    const config = createTestConfig({ server: { baseUriPath } });
    app.use((req: IAuthRequest, res, next) => {
        req.logout = logoutFunction;
        next();
    });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );

    app.use('/logout', new LogoutController(config, { sessionService }).router);

    const request = supertest(app);
    await request.get(`${baseUriPath}/logout`);

    expect(logoutFunction).toHaveBeenCalledTimes(1);
    expect(logoutFunction).toHaveBeenCalledWith(expect.anything());
});

test('should handle req.logout without callback function', async () => {
    // passport <0.6.0
    const baseUriPath = '';
    const logoutFunction = jest.fn();
    const app = express();
    const config = createTestConfig({ server: { baseUriPath } });
    app.use((req: IAuthRequest, res, next) => {
        req.logout = logoutFunction;
        next();
    });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );

    app.use('/logout', new LogoutController(config, { sessionService }).router);

    const request = supertest(app);
    await request.get(`${baseUriPath}/logout`);

    expect(logoutFunction).toHaveBeenCalledTimes(1);
    expect(logoutFunction).toHaveBeenCalledWith();
});

test('should redirect to alternative logoutUrl', async () => {
    const fakeSession = {
        destroy: jest.fn(),
        logoutUrl: '/some-other-path',
    };
    const app = express();
    const config = createTestConfig();
    app.use((req: IAuthRequest, res, next) => {
        req.session = fakeSession;
        next();
    });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );

    app.use('/logout', new LogoutController(config, { sessionService }).router);

    const request = supertest(app);
    await request
        .get('/logout')
        .expect(302)
        .expect('Location', '/some-other-path');
});

test('Should destroy sessions for user', async () => {
    const app = express();
    const config = createTestConfig();
    const fakeSession = {
        destroy: jest.fn(),
        user: {
            id: 1,
        },
    };
    app.use((req: IAuthRequest, res, next) => {
        req.session = fakeSession;
        next();
    });
    const sessionStore = new FakeSessionStore();
    const sessionService = new SessionService(
        { sessionStore },
        { getLogger: noLogger },
    );
    await sessionStore.insertSession({
        sid: '1',
        sess: {
            user: {
                id: 1,
            },
        },
        expired: addDays(new Date(), 2),
    });
    await sessionStore.insertSession({
        sid: '2',
        sess: {
            user: {
                id: 1,
            },
        },
        expired: addDays(new Date(), 2),
    });
    let activeSessionsBeforeLogout = await sessionStore.getSessionsForUser(1);
    expect(activeSessionsBeforeLogout).toHaveLength(2);
    app.use('/logout', new LogoutController(config, { sessionService }).router);
    await supertest(app).get('/logout').expect(302);
    let activeSessions = await sessionStore.getSessionsForUser(1);
    expect(activeSessions).toHaveLength(0);
});
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`import supertest from 'supertest';`
			`import express from 'express';`
			`import { createTestConfig } from '../../test/config/test-config';`

			`import LogoutController from './logout';`
			`import { IAuthRequest } from './unleash-types';`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`import SessionService from '../services/session-service';`
			`import FakeSessionStore from '../../test/fixtures/fake-session-store';`
			`import noLogger from '../../test/fixtures/no-logger';`
			`import { addDays } from 'date-fns';`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00
			`test('should redirect to "/" after logout', async () => {`
			`const baseUriPath = '';`
			`const app = express();`
			`const config = createTestConfig({ server: { baseUriPath } });`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`
			`app.use(`
			`'/logout',`
			`new LogoutController(config, {`
			`sessionService,`
			`}).router,`
			`);`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`const request = supertest(app);`
			`expect.assertions(0);`
			`await request`
			.get(`${baseUriPath}/logout`)
			`.expect(302)`
			.expect('Location', `${baseUriPath}/`);
			`});`

			`test('should redirect to "/basePath" after logout when baseUriPath is set', async () => {`
			`const baseUriPath = '/basePath';`
			`const app = express();`
			`const config = createTestConfig({ server: { baseUriPath } });`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`
			`app.use('/logout', new LogoutController(config, { sessionService }).router);`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`const request = supertest(app);`
			`expect.assertions(0);`
			`await request`
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-08-12 15:04:37 +02:00			`.get('/logout')`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`.expect(302)`
			.expect('Location', `${baseUriPath}/`);
			`});`

			`test('should set "Clear-Site-Data" header', async () => {`
			`const baseUriPath = '';`
			`const app = express();`
			`const config = createTestConfig({ server: { baseUriPath } });`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`

			`app.use('/logout', new LogoutController(config, { sessionService }).router);`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`const request = supertest(app);`
			`expect.assertions(0);`
			`await request`
			.get(`${baseUriPath}/logout`)
			`.expect(302)`
			`.expect('Clear-Site-Data', '"cookies", "storage"');`
			`});`

feat: add option to disable 'Clear-Site-Data' header on logout (#1645) 2022-06-03 11:50:58 +02:00			`test('should not set "Clear-Site-Data" header', async () => {`
			`const baseUriPath = '';`
			`const app = express();`
			`const config = createTestConfig({`
			`server: { baseUriPath },`
			`session: { clearSiteDataOnLogout: false },`
			`});`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`

			`app.use('/logout', new LogoutController(config, { sessionService }).router);`
feat: add option to disable 'Clear-Site-Data' header on logout (#1645) 2022-06-03 11:50:58 +02:00			`const request = supertest(app);`
			`expect.assertions(1);`
			`await request`
			.get(`${baseUriPath}/logout`)
			`.expect(302)`
			`.expect((res) =>`
			`expect(res.headers['Clear-Site-Data']).toBeUndefined(),`
			`);`
			`});`

			`test('should clear "unleash-session" cookies', async () => {`
			`const baseUriPath = '';`
			`const app = express();`
			`const config = createTestConfig({ server: { baseUriPath } });`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`

			`app.use('/logout', new LogoutController(config, { sessionService }).router);`

feat: add option to disable 'Clear-Site-Data' header on logout (#1645) 2022-06-03 11:50:58 +02:00			`const request = supertest(app);`
			`expect.assertions(0);`
			`await request`
			.get(`${baseUriPath}/logout`)
			`.expect(302)`
			`.expect(`
			`'Set-Cookie',`
			`'unleash-session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',`
			`);`
			`});`

			`test('should clear "unleash-session" cookie even when disabled clear site data', async () => {`
			`const baseUriPath = '';`
			`const app = express();`
			`const config = createTestConfig({`
			`server: { baseUriPath },`
			`session: { clearSiteDataOnLogout: false },`
			`});`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`

			`app.use('/logout', new LogoutController(config, { sessionService }).router);`

feat: add option to disable 'Clear-Site-Data' header on logout (#1645) 2022-06-03 11:50:58 +02:00			`const request = supertest(app);`
			`expect.assertions(0);`
			`await request`
			.get(`${baseUriPath}/logout`)
			`.expect(302)`
			`.expect(`
			`'Set-Cookie',`
			`'unleash-session=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT',`
			`);`
			`});`

fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`test('should call destroy on session', async () => {`
			`const baseUriPath = '';`
			`const fakeSession = {`
			`destroy: jest.fn(),`
			`};`
			`const app = express();`
			`const config = createTestConfig({ server: { baseUriPath } });`
			`app.use((req: IAuthRequest, res, next) => {`
			`req.session = fakeSession;`
			`next();`
			`});`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`

			`app.use('/logout', new LogoutController(config, { sessionService }).router);`

fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`const request = supertest(app);`
			await request.get(`${baseUriPath}/logout`);

			`expect(fakeSession.destroy.mock.calls.length).toBe(1);`
			`});`

Add support for `req.logout` with passport version 0.6.0 and onwards (#2041) Handle logout based on passport version 2022-09-13 09:59:34 +02:00			`test('should handle req.logout with callback function', async () => {`
			`// passport >=0.6.0`
			`const baseUriPath = '';`
			`const logoutFunction = jest.fn((cb: (err?: any) => void) => cb());`
			`const app = express();`
			`const config = createTestConfig({ server: { baseUriPath } });`
			`app.use((req: IAuthRequest, res, next) => {`
			`req.logout = logoutFunction;`
			`next();`
			`});`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`

			`app.use('/logout', new LogoutController(config, { sessionService }).router);`

Add support for `req.logout` with passport version 0.6.0 and onwards (#2041) Handle logout based on passport version 2022-09-13 09:59:34 +02:00			`const request = supertest(app);`
			await request.get(`${baseUriPath}/logout`);

			`expect(logoutFunction).toHaveBeenCalledTimes(1);`
			`expect(logoutFunction).toHaveBeenCalledWith(expect.anything());`
			`});`

			`test('should handle req.logout without callback function', async () => {`
			`// passport <0.6.0`
			`const baseUriPath = '';`
			`const logoutFunction = jest.fn();`
			`const app = express();`
			`const config = createTestConfig({ server: { baseUriPath } });`
			`app.use((req: IAuthRequest, res, next) => {`
			`req.logout = logoutFunction;`
			`next();`
			`});`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`

			`app.use('/logout', new LogoutController(config, { sessionService }).router);`

Add support for `req.logout` with passport version 0.6.0 and onwards (#2041) Handle logout based on passport version 2022-09-13 09:59:34 +02:00			`const request = supertest(app);`
			await request.get(`${baseUriPath}/logout`);

			`expect(logoutFunction).toHaveBeenCalledTimes(1);`
			`expect(logoutFunction).toHaveBeenCalledWith();`
			`});`

fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`test('should redirect to alternative logoutUrl', async () => {`
			`const fakeSession = {`
			`destroy: jest.fn(),`
			`logoutUrl: '/some-other-path',`
			`};`
			`const app = express();`
			`const config = createTestConfig();`
			`app.use((req: IAuthRequest, res, next) => {`
			`req.session = fakeSession;`
			`next();`
			`});`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`

			`app.use('/logout', new LogoutController(config, { sessionService }).router);`

fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`const request = supertest(app);`
			`await request`
fix: Stores as typescript and with interfaces. (#902) Co-authored-by: Ivar Conradi Østhus <ivarconr@gmail.com> 2021-08-12 15:04:37 +02:00			`.get('/logout')`
fix: logout-controller should support logoutUrl override (#881) 2021-07-18 21:42:36 +02:00			`.expect(302)`
			`.expect('Location', '/some-other-path');`
			`});`
fix: deletes all sessions for user on logout (#2071) * fix: deletes all sessions for user on logout 2022-09-23 14:19:17 +02:00
			`test('Should destroy sessions for user', async () => {`
			`const app = express();`
			`const config = createTestConfig();`
			`const fakeSession = {`
			`destroy: jest.fn(),`
			`user: {`
			`id: 1,`
			`},`
			`};`
			`app.use((req: IAuthRequest, res, next) => {`
			`req.session = fakeSession;`
			`next();`
			`});`
			`const sessionStore = new FakeSessionStore();`
			`const sessionService = new SessionService(`
			`{ sessionStore },`
			`{ getLogger: noLogger },`
			`);`
			`await sessionStore.insertSession({`
			`sid: '1',`
			`sess: {`
			`user: {`
			`id: 1,`
			`},`
			`},`
			`expired: addDays(new Date(), 2),`
			`});`
			`await sessionStore.insertSession({`
			`sid: '2',`
			`sess: {`
			`user: {`
			`id: 1,`
			`},`
			`},`
			`expired: addDays(new Date(), 2),`
			`});`
			`let activeSessionsBeforeLogout = await sessionStore.getSessionsForUser(1);`
			`expect(activeSessionsBeforeLogout).toHaveLength(2);`
			`app.use('/logout', new LogoutController(config, { sessionService }).router);`
			`await supertest(app).get('/logout').expect(302);`
			`let activeSessions = await sessionStore.getSessionsForUser(1);`
			`expect(activeSessions).toHaveLength(0);`
			`});`