chore(auth): #331 add first session test

2024-12-22 22:14:55 +01:00
parent ea653f0087
commit 0246ada70e
7 changed files with 55 additions and 19 deletions
--- a/main_test.go
+++ b/main_test.go
@@ -90,7 +90,7 @@ func TestIntegrationSecurityHeader(t *testing.T) {
 			"frame-ancestors 'none';", value)

 		value = resp.Header.Get("Cross-Origin-Resource-Policy")
-		assert.Equal(t, "same-origin", value)
+		assert.Equal(t, "same-site", value)

 		value = resp.Header.Get("Cross-Origin-Opener-Policy")
 		assert.Equal(t, "same-origin", value)
@@ -300,6 +300,41 @@ func TestIntegrationAuth(t *testing.T) {
 			assert.False(t, sessions.Next())
 		})
 	})
+
+	t.Run("Session", func(t *testing.T) {
+		t.Run("should create new anonymous session if current session gets outdated", func(t *testing.T) {
+			t.Parallel()
+
+			d, basePath, ctx := setupIntegrationTest(t)
+
+			userId := uuid.New()
+			sessionId := "session-id"
+
+			_, err := d.Exec(`
+				INSERT INTO user (user_id, email, email_verified, is_admin, password, salt, created_at) 
+				VALUES (?, "mail@mail.de", FALSE, FALSE, ?, ?, datetime())`, userId, []byte("pass"), []byte("salt"))
+			assert.Nil(t, err)
+			_, err = d.Exec(`
+				INSERT INTO session (session_id, user_id, created_at, expires_at)
+				VALUES (?, ?, datetime("now", "-8 hour"), datetime("now", "-1 minute"))`, sessionId, userId)
+			assert.Nil(t, err)
+
+			req, err := http.NewRequestWithContext(ctx, "GET", basePath+"/", nil)
+			assert.Nil(t, err)
+			req.Header.Set("Cookie", "id="+sessionId)
+			resp, err := httpClient.Do(req)
+			assert.Nil(t, err)
+
+			newSession := findCookie(resp, "id")
+			assert.NotNil(t, newSession)
+			assert.NotEqual(t, sessionId, newSession.Value)
+
+			var rows int
+			err = d.QueryRow("SELECT COUNT(*) FROM session WHERE user_id = ?", userId).Scan(&rows)
+			assert.Nil(t, err)
+			assert.Equal(t, 0, rows)
+		})
+	})
 }

 func findCookie(resp *http.Response, name string) *http.Cookie {