Merge bec1383 into 8544e4b

Badgerati · Aug 30, 2019 · e977e8f · e977e8f
2 parents 8544e4b + bec1383
commit e977e8f
Show file tree

Hide file tree

Showing 6 changed files with 129 additions and 30 deletions.
diff --git a/pode.build.ps1 b/pode.build.ps1
@@ -40,7 +40,6 @@ function Test-PodeBuildIsGitHub
 function Test-PodeBuildCanCodeCoverage
 {
     return (@('1', 'true') -icontains $env:PODE_RUN_CODE_COVERAGE)
-    #return ((Test-PodeBuildIsAppVeyor) -or (@('1', 'true') -icontains $env:PODE_RUN_CODE_COVERAGE))
 }
 
 function Get-PodeBuildService

diff --git a/src/Pode.psd1 b/src/Pode.psd1
@@ -138,6 +138,8 @@
         'Get-PodeCsrfMiddleware',
         'Initialize-PodeCsrf',
         'Enable-PodeCsrfMiddleware',
+        'Remove-PodeSession',
+        'Save-PodeSession',
 
         # auth
         'New-PodeAuthType',

diff --git a/src/Private/Authentication.ps1 b/src/Private/Authentication.ps1
@@ -146,7 +146,8 @@ function Get-PodeAuthMiddlewareScript
 
         # check for logout command
         if ($opts.Logout) {
-            Remove-PodeAuthSession -Event $e -Options $opts
+            Remove-PodeAuthSession -Event $e
+            $opts.Failure.Url = (Protect-PodeValue -Value $opts.Failure.Url -Default $e.Request.Url.AbsolutePath)
             return (Set-PodeAuthStatus -StatusCode 302 -Options $opts)
         }
 
@@ -206,11 +207,7 @@ function Remove-PodeAuthSession
     param (
         [Parameter(Mandatory=$true)]
         [ValidateNotNull()]
-        $Event,
-
-        [Parameter(Mandatory=$true)]
-        [ValidateNotNull()]
-        $Options
+        $Event
     )
 
     # blank out the auth
@@ -221,11 +218,6 @@ function Remove-PodeAuthSession
         $Event.Session.Data.Remove('Auth')
     }
 
-    # redirect to a failure url, or onto the current path?
-    if ([string]::IsNullOrWhiteSpace($Options.Failure.Url)) {
-        $Options.Failure.Url = $Event.Request.Url.AbsolutePath
-    }
-
     # Delete the session (remove from store, blank it, and remove from Response)
     Remove-PodeSessionCookie -Session $Event.Session
 }

diff --git a/src/Public/Middleware.ps1 b/src/Public/Middleware.ps1
@@ -278,14 +278,7 @@ function Enable-PodeSessionMiddleware
             # assign endware for session to set cookie/storage
             $e.OnEnd += @{
                 Logic = {
-                    param($e)
-
-                    # if auth is in use, then assign to session store
-                    if (!(Test-IsEmpty $e.Auth) -and $e.Auth.Store) {
-                        $e.Session.Data.Auth = $e.Auth
-                    }
-
-                    Invoke-PodeScriptBlock -ScriptBlock $e.Session.Save -Arguments @($e.Session, $true) -Splat
+                    Save-PodeSession -Force
                 }
             }
         }
@@ -301,6 +294,75 @@ function Enable-PodeSessionMiddleware
     (New-PodeMiddleware -ScriptBlock $script) | Add-PodeMiddleware -Name '__pode_mw_sessions__'
 }
 
+<#
+.SYNOPSIS
+Remove the current Session, logging it out.
+
+.DESCRIPTION
+Remove the current Session, logging it out. This will remove the session from Storage, and Cookies.
+
+.EXAMPLE
+Remove-PodeSession
+#>
+function Remove-PodeSession
+{
+    [CmdletBinding()]
+    param()
+
+    # if sessions haven't been setup, error
+    if (!(Test-PodeSessionsConfigured)) {
+        throw 'Sessions have not been configured'
+    }
+
+    # error if session is null
+    if ($null -eq $WebEvent.Session) {
+        return
+    }
+
+    # remove the session, and from auth and cookies
+    Remove-PodeAuthSession -Event $WebEvent
+}
+
+<#
+.SYNOPSIS
+Saves the current Session's data.
+
+.DESCRIPTION
+Saves the current Session's data.
+
+.PARAMETER Force
+If supplied, the data will be saved even if nothing has changed.
+
+.EXAMPLE
+Save-PodeSession -Force
+#>
+function Save-PodeSession
+{
+    [CmdletBinding()]
+    param(
+        [switch]
+        $Force
+    )
+
+    # if sessions haven't been setup, error
+    if (!(Test-PodeSessionsConfigured)) {
+        throw 'Sessions have not been configured'
+    }
+
+    # error if session is null
+    if ($null -eq $WebEvent.Session) {
+        throw 'There is no session available to save'
+    }
+
+    # if auth is in use, then assign to session store
+    if (!(Test-IsEmpty $WebEvent.Auth) -and $WebEvent.Auth.Store) {
+        $WebEvent.Session.Data.Auth = $WebEvent.Auth
+    }
+
+    # save the session
+    Invoke-PodeScriptBlock -ScriptBlock $WebEvent.Session.Save -Arguments @($WebEvent.Session, $Force) -Splat
+}
+
 <#
 .SYNOPSIS
 Creates and returns a new secure token for use with CSRF.

diff --git a/tests/unit/Authentication.Tests.ps1 b/tests/unit/Authentication.Tests.ps1
@@ -78,11 +78,7 @@ Describe 'Remove-PodeAuthSession' {
             }
         }
 
-        Remove-PodeAuthSession -Event $event -Options @{
-            Failure = @{
-                Url = 'http://example.com'
-            }
-        }
+        Remove-PodeAuthSession -Event $event
 
         $event.Auth.Count | Should Be 0
         $event.Auth.User | Should Be $null
@@ -106,11 +102,7 @@ Describe 'Remove-PodeAuthSession' {
             }
         }
 
-        Remove-PodeAuthSession -Event $event -Options @{
-            Failure = @{
-                Url = 'http://example.com'
-            }
-        }
+        Remove-PodeAuthSession -Event $event
 
         $event.Auth.Count | Should Be 0
         $event.Auth.User | Should Be $null

diff --git a/tests/unit/Sessions.Tests.ps1 b/tests/unit/Sessions.Tests.ps1
@@ -208,4 +208,56 @@ Describe 'Set-PodeSessionCookie' {
         Assert-MockCalled Set-PodeCookie -Times 1 -Scope It
         Assert-MockCalled Get-PodeSessionCookieExpiry -Times 1 -Scope It
     }
+}
+
+Describe 'Remove-PodeSession' {
+    It 'Throws an error if sessions are not configured' {
+        Mock Test-PodeSessionsConfigured { return $false }
+        { Remove-PodeSession } | Should Throw 'sessions have not been configured'
+    }
+
+    It 'Does nothing if there is no session' {
+        Mock Test-PodeSessionsConfigured { return $true }
+        Mock Remove-PodeAuthSession {}
+
+        $WebEvent = @{}
+        Remove-PodeSession
+
+        Assert-MockCalled Remove-PodeAuthSession -Times 0 -Scope It
+    }
+
+    It 'Call removes the session' {
+        Mock Test-PodeSessionsConfigured { return $true }
+        Mock Remove-PodeAuthSession {}
+
+        $WebEvent = @{ Session = @{} }
+        Remove-PodeSession
+
+        Assert-MockCalled Remove-PodeAuthSession -Times 1 -Scope It
+    }
+}
+
+Describe 'Save-PodeSession' {
+    It 'Throws an error if sessions are not configured' {
+        Mock Test-PodeSessionsConfigured { return $false }
+        { Save-PodeSession } | Should Throw 'sessions have not been configured'
+    }
+
+    It 'Throws error if there is no session' {
+        Mock Test-PodeSessionsConfigured { return $true }
+        $WebEvent = @{}
+        { Save-PodeSession } | Should Throw 'There is no session available to save'
+    }
+
+    It 'Call saves the session' {
+        Mock Test-PodeSessionsConfigured { return $true }
+        Mock Invoke-PodeScriptBlock {}
+
+        $WebEvent = @{ Session = @{
+            Save = {}
+        } }
+
+        Save-PodeSession
+        Assert-MockCalled Invoke-PodeScriptBlock -Times 1 -Scope It
+    }
 }