From 89dc3cb126ba46b486997c433adfdf34982fcc81 Mon Sep 17 00:00:00 2001
From: Rick Batka <rick.batka@gmail.com>
Date: Mon, 16 Oct 2017 23:50:31 -0400
Subject: [PLT-7396] Add the ability to revoke user sessions in System Console
 > Users #7493 (#7623)

* add endpoint and tests for revoking all sessions for a user

* fix failing test build
---
 api4/user_test.go | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

(limited to 'api4/user_test.go')

diff --git a/api4/user_test.go b/api4/user_test.go
index 0913819cc..3a1579e14 100644
--- a/api4/user_test.go
+++ b/api4/user_test.go
@@ -1971,6 +1971,51 @@ func TestRevokeSessions(t *testing.T) {
 	CheckNoError(t, resp)
 }
 
+func TestRevokeAllSessions(t *testing.T) {
+	th := Setup().InitBasic()
+	defer th.TearDown()
+	Client := th.Client
+
+	user := th.BasicUser
+	Client.Login(user.Email, user.Password)
+
+	_, resp := Client.RevokeAllSessions(th.BasicUser2.Id)
+	CheckForbiddenStatus(t, resp)
+
+	th.InitSystemAdmin()
+
+	_, resp = Client.RevokeAllSessions("junk" + user.Id)
+	CheckBadRequestStatus(t, resp)
+
+	status, resp := Client.RevokeAllSessions(user.Id)
+	if status == false {
+		t.Fatal("user all sessions revoke unsuccessful")
+	}
+	CheckNoError(t, resp)
+
+	Client.Logout()
+	_, resp = Client.RevokeAllSessions(user.Id)
+	CheckUnauthorizedStatus(t, resp)
+
+	Client.Login(user.Email, user.Password)
+
+	sessions, _ := Client.GetSessions(user.Id, "")
+	if len(sessions) < 1 {
+		t.Fatal("session should exist")
+	}
+
+	_, resp = Client.RevokeAllSessions(user.Id)
+	CheckNoError(t, resp)
+
+	sessions, _ = th.SystemAdminClient.GetSessions(user.Id, "")
+	if len(sessions) != 0 {
+		t.Fatal("no sessions should exist for user")
+	}
+
+	_, resp = Client.RevokeAllSessions(user.Id)
+	CheckUnauthorizedStatus(t, resp)
+}
+
 func TestAttachDeviceId(t *testing.T) {
 	th := Setup().InitBasic()
 	defer th.TearDown()
-- 
cgit v1.2.3-1-g7c22