From 15b361094a64fe024db6d3eaf9539143cee73ce4 Mon Sep 17 00:00:00 2001 From: Joram Wilander Date: Thu, 28 Sep 2017 09:04:52 -0400 Subject: PLT-7633 (E20) Add session idle timeout config setting (#7524) * Add session idle timeout config setting * Modify config setting name to SessionIdleTimeoutInMinutes * Small re-org of if statement * Merge with latest master --- app/session_test.go | 119 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) (limited to 'app/session_test.go') diff --git a/app/session_test.go b/app/session_test.go index e91132a8a..c001655db 100644 --- a/app/session_test.go +++ b/app/session_test.go @@ -7,6 +7,10 @@ import ( "testing" "github.com/mattermost/mattermost-server/model" + "github.com/mattermost/mattermost-server/utils" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func TestCache(t *testing.T) { @@ -32,3 +36,118 @@ func TestCache(t *testing.T) { t.Fatal("should have one less") } } + +func TestGetSessionIdleTimeoutInMinutes(t *testing.T) { + th := Setup().InitBasic() + + session := &model.Session{ + UserId: model.NewId(), + } + + session, _ = th.App.CreateSession(session) + + isLicensed := utils.IsLicensed() + license := utils.License() + timeout := *utils.Cfg.ServiceSettings.SessionIdleTimeoutInMinutes + defer func() { + utils.SetIsLicensed(isLicensed) + utils.SetLicense(license) + *utils.Cfg.ServiceSettings.SessionIdleTimeoutInMinutes = timeout + }() + utils.SetIsLicensed(true) + utils.SetLicense(&model.License{Features: &model.Features{}}) + utils.License().Features.SetDefaults() + *utils.License().Features.Compliance = true + *utils.Cfg.ServiceSettings.SessionIdleTimeoutInMinutes = 5 + + rsession, err := th.App.GetSession(session.Token) + require.Nil(t, err) + assert.Equal(t, rsession.Id, session.Id) + + rsession, err = th.App.GetSession(session.Token) + + // Test regular session, should timeout + time := session.LastActivityAt - (1000 * 60 * 6) + <-th.App.Srv.Store.Session().UpdateLastActivityAt(session.Id, time) + th.App.ClearSessionCacheForUserSkipClusterSend(session.UserId) + + rsession, err = th.App.GetSession(session.Token) + require.NotNil(t, err) + assert.Equal(t, "api.context.invalid_token.error", err.Id) + assert.Equal(t, "idle timeout", err.DetailedError) + assert.Nil(t, rsession) + + // Test mobile session, should not timeout + session = &model.Session{ + UserId: model.NewId(), + DeviceId: "android:" + model.NewId(), + } + + session, _ = th.App.CreateSession(session) + time = session.LastActivityAt - (1000 * 60 * 6) + <-th.App.Srv.Store.Session().UpdateLastActivityAt(session.Id, time) + th.App.ClearSessionCacheForUserSkipClusterSend(session.UserId) + + _, err = th.App.GetSession(session.Token) + assert.Nil(t, err) + + // Test oauth session, should not timeout + session = &model.Session{ + UserId: model.NewId(), + IsOAuth: true, + } + + session, _ = th.App.CreateSession(session) + time = session.LastActivityAt - (1000 * 60 * 6) + <-th.App.Srv.Store.Session().UpdateLastActivityAt(session.Id, time) + th.App.ClearSessionCacheForUserSkipClusterSend(session.UserId) + + _, err = th.App.GetSession(session.Token) + assert.Nil(t, err) + + // Test personal access token session, should not timeout + session = &model.Session{ + UserId: model.NewId(), + } + session.AddProp(model.SESSION_PROP_TYPE, model.SESSION_TYPE_USER_ACCESS_TOKEN) + + session, _ = th.App.CreateSession(session) + time = session.LastActivityAt - (1000 * 60 * 6) + <-th.App.Srv.Store.Session().UpdateLastActivityAt(session.Id, time) + th.App.ClearSessionCacheForUserSkipClusterSend(session.UserId) + + _, err = th.App.GetSession(session.Token) + assert.Nil(t, err) + + // Test regular session with license off, should not timeout + *utils.License().Features.Compliance = false + + session = &model.Session{ + UserId: model.NewId(), + } + + session, _ = th.App.CreateSession(session) + time = session.LastActivityAt - (1000 * 60 * 6) + <-th.App.Srv.Store.Session().UpdateLastActivityAt(session.Id, time) + th.App.ClearSessionCacheForUserSkipClusterSend(session.UserId) + + _, err = th.App.GetSession(session.Token) + assert.Nil(t, err) + + *utils.License().Features.Compliance = true + + // Test regular session with timeout set to 0, should not timeout + *utils.Cfg.ServiceSettings.SessionIdleTimeoutInMinutes = 0 + + session = &model.Session{ + UserId: model.NewId(), + } + + session, _ = th.App.CreateSession(session) + time = session.LastActivityAt - (1000 * 60 * 6) + <-th.App.Srv.Store.Session().UpdateLastActivityAt(session.Id, time) + th.App.ClearSessionCacheForUserSkipClusterSend(session.UserId) + + _, err = th.App.GetSession(session.Token) + assert.Nil(t, err) +} -- cgit v1.2.3-1-g7c22