adds more tests signing out session

2025-01-21 22:13:38 -06:00 · 2019-01-31 22:24:04 +01:00 · 2019-01-31 22:24:04 +01:00 · 91bd908e03
commit 91bd908e03
parent 88ca54eba9
2 changed files with 28 additions and 9 deletions
--- a/pkg/services/auth/auth_token.go
+++ b/pkg/services/auth/auth_token.go
@ -86,7 +86,7 @@ func (s *UserAuthTokenServiceImpl) InitContextWithToken(ctx *models.ReqContext,

 func (s *UserAuthTokenServiceImpl) writeSessionCookie(ctx *models.ReqContext, value string, maxAge int) {
 	if setting.Env == setting.DEV {
-		ctx.Logger.Info("new token", "unhashed token", value)
+		ctx.Logger.Debug("new token", "unhashed token", value)
 	}

 	ctx.Resp.Header().Del("Set-Cookie")
--- a/pkg/services/auth/auth_token_test.go
+++ b/pkg/services/auth/auth_token_test.go
@ -1,13 +1,15 @@
 package auth

 import (
+	"fmt"
 	"net/http"
+	"net/http/httptest"
 	"testing"
 	"time"

 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/setting"
-	"gopkg.in/macaron.v1"
+	macaron "gopkg.in/macaron.v1"

 	"github.com/grafana/grafana/pkg/log"
 	"github.com/grafana/grafana/pkg/services/sqlstore"
@ -51,20 +53,37 @@ func TestUserAuthToken(t *testing.T) {
 			})

 			Convey("signing out should delete token and cookie if present", func() {
-				token, err := userAuthTokenService.CreateToken(userID, "192.168.1.1:1234", "user agent")
-				So(err, ShouldBeNil)
-				So(token, ShouldNotBeNil)
-
 				httpreq := &http.Request{Header: make(http.Header)}
-				httpreq.AddCookie(&http.Cookie{Name: userAuthTokenService.Cfg.LoginCookieName, Value: token.AuthToken})
+				httpreq.AddCookie(&http.Cookie{Name: userAuthTokenService.Cfg.LoginCookieName, Value: token.UnhashedToken})

-				ctx := &models.ReqContext{Context: &macaron.Context{Req: macaron.Request{Request: httpreq}}}
+				ctx := &models.ReqContext{Context: &macaron.Context{
+					Req:  macaron.Request{Request: httpreq},
+					Resp: macaron.NewResponseWriter("POST", httptest.NewRecorder()),
+				},
+					Logger: log.New("fakelogger"),
+				}

 				err = userAuthTokenService.SignOutUser(ctx)
 				So(err, ShouldBeNil)

 				// makes sure we tell the browser to overwrite the cookie
-				//So(ctx.Resp.Header().Get("Set-Cookie"), ShouldEqual, "")
+				cookieHeader := fmt.Sprintf("%s=; Path=/; Max-Age=0; HttpOnly", userAuthTokenService.Cfg.LoginCookieName)
+				So(ctx.Resp.Header().Get("Set-Cookie"), ShouldEqual, cookieHeader)
+			})
+
+			Convey("signing out an none existing session should return an error", func() {
+				httpreq := &http.Request{Header: make(http.Header)}
+				httpreq.AddCookie(&http.Cookie{Name: userAuthTokenService.Cfg.LoginCookieName, Value: "missing-session-cookie"})
+
+				ctx := &models.ReqContext{Context: &macaron.Context{
+					Req:  macaron.Request{Request: httpreq},
+					Resp: macaron.NewResponseWriter("POST", httptest.NewRecorder()),
+				},
+					Logger: log.New("fakelogger"),
+				}
+
+				err = userAuthTokenService.SignOutUser(ctx)
+				So(err, ShouldNotBeNil)
 			})
 		})