From ce0c66d127a1a4b27733d961f36969ff091af82f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ivar=20Conradi=20=C3=98sthus?= Date: Fri, 2 Oct 2020 16:32:05 +0200 Subject: [PATCH] fix: add TTL to sessions --- examples/basic-auth-hook.js | 6 ------ lib/middleware/no-authentication.js | 2 +- lib/middleware/no-authentication.test.js | 2 +- lib/middleware/session.js | 12 +++++++++++- lib/middleware/simple-authentication.js | 6 ------ test/e2e/api/admin/feature.e2e.test.js | 2 +- 6 files changed, 14 insertions(+), 16 deletions(-) diff --git a/examples/basic-auth-hook.js b/examples/basic-auth-hook.js index 09f078d42a..54984b0b4f 100644 --- a/examples/basic-auth-hook.js +++ b/examples/basic-auth-hook.js @@ -21,12 +21,6 @@ function basicAuthentication(app) { .set({ 'WWW-Authenticate': 'Basic realm="example"' }) .end('access denied'); }); - - app.use((req, res, next) => { - // Updates active sessions every hour - req.session.nowInHours = Math.floor(Date.now() / 3600e3); - next(); - }); } module.exports = basicAuthentication; diff --git a/lib/middleware/no-authentication.js b/lib/middleware/no-authentication.js index 3b4a9e9861..7797a75810 100644 --- a/lib/middleware/no-authentication.js +++ b/lib/middleware/no-authentication.js @@ -4,7 +4,7 @@ const User = require('../user'); function noneAuthentication(basePath = '', app) { app.use(`${basePath}/api/admin/`, (req, res, next) => { - req.user = new User({ email: 'none@unknown.com' }); + req.user = new User({ username: 'unknown' }); next(); }); } diff --git a/lib/middleware/no-authentication.test.js b/lib/middleware/no-authentication.test.js index 5ceef1c9ae..9a5dc52290 100644 --- a/lib/middleware/no-authentication.test.js +++ b/lib/middleware/no-authentication.test.js @@ -24,6 +24,6 @@ test('should add dummy user object to all requests', t => { .get('/api/admin/test') .expect(200) .expect(res => { - t.true(res.body.email === 'none@unknown.com'); + t.true(res.body.username === 'unknown'); }); }); diff --git a/lib/middleware/session.js b/lib/middleware/session.js index 7fcfb0537c..2e0d495ee0 100644 --- a/lib/middleware/session.js +++ b/lib/middleware/session.js @@ -3,11 +3,21 @@ const cookieSession = require('cookie-session'); module.exports = function(config) { - return cookieSession({ + const sessionMiddleware = cookieSession({ name: 'unleash-session', keys: [config.secret], maxAge: config.sessionAge, secureProxy: !!config.secureHeaders, path: config.baseUriPath === '' ? '/' : config.baseUriPath, }); + + const extendTTL = (req, res, next) => { + // Updates active sessions every hour + req.session.nowInHours = Math.floor(Date.now() / 3600e3); + next(); + }; + + return (req, res, next) => { + sessionMiddleware(req, res, () => extendTTL(req, res, next)); + }; }; diff --git a/lib/middleware/simple-authentication.js b/lib/middleware/simple-authentication.js index db921c3b2a..5f211d3a3d 100644 --- a/lib/middleware/simple-authentication.js +++ b/lib/middleware/simple-authentication.js @@ -35,12 +35,6 @@ function unsecureAuthentication(basePath = '', app) { ) .end(); }); - - app.use((req, res, next) => { - // Updates active sessions every hour - req.session.nowInHours = Math.floor(Date.now() / 3600e3); - next(); - }); } module.exports = unsecureAuthentication; diff --git a/test/e2e/api/admin/feature.e2e.test.js b/test/e2e/api/admin/feature.e2e.test.js index f74ecf710b..0b525cb5d1 100644 --- a/test/e2e/api/admin/feature.e2e.test.js +++ b/test/e2e/api/admin/feature.e2e.test.js @@ -96,7 +96,7 @@ test.serial('creates new feature toggle with createdBy unknown', async t => { strategies: [{ name: 'default' }], }); await request.get('/api/admin/events').expect(res => { - t.true(res.body.events[0].createdBy === 'none@unknown.com'); + t.is(res.body.events[0].createdBy, 'unknown'); }); });