-
Notifications
You must be signed in to change notification settings - Fork 42
/
Session.t
217 lines (169 loc) · 8.61 KB
/
Session.t
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
#-------------------------------------------------------------------
# WebGUI is Copyright 2001-2012 Plain Black Corporation.
#-------------------------------------------------------------------
# Please read the legal notices (docs/legal.txt) and the license
# (docs/license.txt) that came with this distribution before using
# this software.
#-------------------------------------------------------------------
# http://www.plainblack.com info@plainblack.com
#-------------------------------------------------------------------
use strict;
use WebGUI::Test;
use WebGUI::Session;
use WebGUI::User;
use Test::More;
use Test::Deep;
my $session = WebGUI::Test->session;
my $user = WebGUI::User->new($session, "new");
WebGUI::Test->addToCleanup($user);
$session->user({user => $user});
my ($userId) = $session->db->quickArray("select userId from userSession where sessionId=?",[$session->getId]);
is($userId, $user->userId, 'changing session user changes sessionId inside userSession table');
$session->user({userId => 3});
is($session->user->userId, 3, 'Set session user to Admin, check userId==3');
is($session->user->get('uiLevel'), 9, 'Set session user to Admin, check uiLevel==9');
my $dupe = $session->duplicate;
WebGUI::Test->addToCleanup($dupe);
is($session->get('sessionId'), $session->getId, 'getId returns sessionId');
is $dupe->getId, $session->getId, 'duplicated session has the same sessionId';
################################################################
#
# dbSlave
#
################################################################
##Manually build one dbSlave in the config file to use
my $slaveHash2 = {
dsn => $session->config->get('dsn'),
user => $session->config->get('dbuser'),
pass => $session->config->get('dbpass'),
};
$session->config->set('dbslave2', $slaveHash2);
WebGUI::Test->addToCleanup(sub {$session->config->delete('dbslave2');});
my $slave2 = $session->dbSlave;
isa_ok($slave2, 'WebGUI::SQL::db');
cmp_ok($session->get("lastPageView"), '>', 0, "lastPageView set to something");
can_ok($session, qw/isAdminOn/);
$session->user({userId => 3});
is($session->isAdminOn, 1, "admin has admin on");
$session->user({userId => 1});
is($session->isAdminOn, 0, "visitor has admin off");
my $token = $session->scratch->get('webguiCsrfToken');
ok( $token, 'CSRF token set');
ok( $session->id->valid($token), '...is a valid GUID');
my $id = $session->getId;
my ($count) = $session->db->quickArray("select count(*) from userSession where sessionId=?", [$id]);
is($count, 1, "created an user session entry in the database");
my $env;
$session->request->env->{REMOTE_ADDR} = '192.168.0.34';
my $varSession = WebGUI::Session->open($session->config, $session->request->env);
WebGUI::Test->addToCleanup($varSession);
my $varTime = time();
isnt($varSession->scratch->get('webguiCsrfToken'), $token, '... calling new without sessionId creates a new token');
isnt($varSession->getId, $session->getId, "new session has a different id from current session");
my $varExpires = $varTime + $session->setting->get('sessionTimeout');
cmp_ok(abs($varSession->get('lastPageView') - $varTime), '<=', 1, 'lastPageView set correctly');
cmp_ok(abs($varSession->get('expires') - $varExpires), '<=', 1, 'expires set correctly');
is($varSession->get('userId'), 1, 'default userId is 1');
is($varSession->get('adminOn'), $varSession->isAdminOn, "get('adminOn') and isAdminOn return the same thing");
is($varSession->get('adminOn'), 0, "adminOn is off by default"); ##retest
is($varSession->get('lastIP'), '192.168.0.34', "lastIP fetched");
my $illegalSessionId = 'illegalSessionIdThatIsTooLong';
# '1234567890123456789012'
my $varIllegal = WebGUI::Session->open($session->config, undef, );
WebGUI::Test->addToCleanup($varIllegal);
isa_ok($varIllegal, 'WebGUI::Session', 'invalid sessionId will still produce a Session object');
ok($session->id->valid($varIllegal->getId), 'valid ID created for the new session, when bad Id was suggested');
ok(index($varIllegal->getId, $illegalSessionId) == -1, 'illegal session was not truncated to make the new Id');
$session->request->env->{REMOTE_ADDR} = '10.0.0.5';
my $varCopy = WebGUI::Session->open($session->config, $session->request->env, $varSession->getId);
is($varCopy->scratch->get('webguiCsrfToken'), $varSession->scratch->get('webguiCsrfToken'), 'opening a copy of a user session did not change the CSRF token');
cmp_deeply(
$varCopy,
methods(
['get', 'sessionId'] => $varSession->get('sessionId'),
['get', 'userId'] => $varSession->get('userId'),
['get', 'adminOn'] => $varSession->get('adminOn'),
),
'similar methods in copy of original var object'
);
is($varCopy->get('lastIP'), '10.0.0.5', "lastIP set on copy");
my $varSessionId = $varSession->getId;
$varSession->end;
($count) = $session->db->quickArray("select count(*) from userSession where sessionId=?",[$varSession->getId]);
ok($count == 0,"end() removes current entry from database");
{
my $sessionId = 'nonExistantIdButValid0';
# '1234567890123456789012'
my $testSession = WebGUI::Session->open($session->config, undef, $sessionId);
my $guard = WebGUI::Test->cleanupGuard($testSession);
isa_ok($testSession, 'WebGUI::Session', 'non-existant sessionId will still produce a Var object');
is($testSession->getId, $sessionId, 'user session Id set to non-existant Id');
}
{
my $expire = WebGUI::Session->open($session->config);
my $guard = WebGUI::Test->cleanupGuard($expire);
$expire->user({ userId => 3 });
# jury rig the database and the cache to expire
my $expire_time = $expire->get('lastPageView') - 1;
$session->db->write("update userSession set userId=?, expires=? where sessionId=?", [3, $expire_time, $expire->getId]);
$session->user({userId => 3});
my $copyOfSession = { %{ $expire->get() } };
$copyOfSession->{expires} = $expire_time;
$session->cache->set($expire->getId, $copyOfSession);
my $copy = WebGUI::Session->open($session->config, undef, $expire->getId);
my $guard2 = WebGUI::Test->cleanupGuard($copy);
is $copy->getId, $expire->getId, 'new Var object has correct id';
isnt $copy->isAdminOn, $expire->isAdminOn, 'new adminOn not equal to old adminOn';
is $copy->isAdminOn, 0, 'new Var object has default adminOn';
isnt $copy->get('userId'), 3, 'new userId not equal to old userId';
}
{
##Var objects for noFuss tests
my $trial = WebGUI::Session->open($session->config);
my $expiring = WebGUI::Session->open($session->config);
my $guard = WebGUI::Test->cleanupGuard($trial, $expiring);
$session->db->write("update userSession set expires=? where sessionId=?", [$expiring->get('lastPageView')-5, $expiring->getId]);
$expiring->{_var}{expires} = $expiring->get('lastPageView')-5;
##Valid fetch with no fuss
my $varTest = WebGUI::Session->open($session->config, $session->request->env, $trial->getId, 1);
my $guard2 = WebGUI::Test->cleanupGuard($varTest);
cmp_deeply(
$varTest,
methods(
['get', 'sessionId'] => $trial->getId,
['get', 'userId'] => 1,
['get', 'adminOn'] => 0,
['get', 'lastIP'] => '127.0.0.1',
['get', 'expires'] => $trial->get('expires'),
['get', 'lastPageView'] => $trial->get('lastPageView'),
),
'fetching a valid session with noFuss does not update the object info'
);
##Test a valid fetch
my $expired = WebGUI::Session->open($session->config, undef, $expiring->getId, 1);
my $guard3 = WebGUI::Test->cleanupGuard($expired);
cmp_deeply(
$expired,
methods(
['get', 'sessionId'] => $expiring->getId,
['get', 'userId'] => 1,
['get', 'adminOn'] => 0,
['get', 'lastIP'] => '127.0.0.1',
['get', 'lastPageView'] => $expiring->get('lastPageView'),
['get', 'expires'] => $expiring->get('expires'),
),
'fetching a valid session with noFuss does not update the object info, even if it has expired'
);
}
my $varId4 = 'idDoesNotExist00779988';
# '1234567890123456789012'
my $varTest = WebGUI::Session->open($session->config, undef, $varId4, 1);
WebGUI::Test->addToCleanup($varTest);
isa_ok($varTest, "WebGUI::Session", "non-existant Id with noFuss returns a valid object...");
is($varTest->getId, $varId4, "...and we got our requested Id");
$varTest->start(3, $varTest->getId);
is($varTest->get('userId'), 3, 'userId set via start');
$varTest->start("", $varTest->getId);
is($varTest->get('userId'), 1, 'calling start with null userId returns default user (visitor)');
done_testing;
#vim:ft=perl