golang-forgejo-go-chi-session/session_test.go

// Copyright 2014 The Macaron Authors
// Copyright 2024 The Forgejo Authors
//
// Licensed under the Apache License, Version 2.0 (the "License"): you may
// not use this file except in compliance with the License. You may obtain
// a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
// License for the specific language governing permissions and limitations
// under the License.

package session

import (
	"net/http"
	"net/http/httptest"
	"testing"
	"time"

	chi "github.com/go-chi/chi/v5"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func Test_Sessioner(t *testing.T) {
	t.Run("Use session middleware", func(t *testing.T) {
		c := chi.NewRouter()
		c.Use(Sessioner())
		c.Get("/", func(_ http.ResponseWriter, _ *http.Request) {})

		resp := httptest.NewRecorder()
		req, err := http.NewRequest("GET", "/", nil)
		require.NoError(t, err)

		c.ServeHTTP(resp, req)
	})

	t.Run("Register invalid provider", func(t *testing.T) {
		t.Run("Provider not exists", func(t *testing.T) {
			assert.Panics(t, func() {
				c := chi.NewRouter()
				c.Use(Sessioner(Options{
					Provider: "fake",
				}))
			})
		})

		t.Run("Provider value is nil", func(t *testing.T) {
			assert.Panics(t, func() {
				Register("fake", nil)
			})
		})

		t.Run("Register twice", func(t *testing.T) {
			assert.Panics(t, func() {
				Register("memory", &MemProvider{})
			})
		})
	})
}

func testProvider(t *testing.T, opt Options) {
	t.Run("Basic operation", func(t *testing.T) {
		c := chi.NewRouter()
		c.Use(Sessioner(opt))
		var initialSid string

		c.Get("/", func(_ http.ResponseWriter, req *http.Request) {
			sess := GetSession(req)
			assert.NoError(t, sess.Set("uname", "unknwon"))
			initialSid = sess.ID()
		})
		c.Get("/reg", func(resp http.ResponseWriter, req *http.Request) {
			sess := GetSession(req)
			assert.EqualValues(t, initialSid, sess.ID())
			raw, err := RegenerateSession(resp, req)
			assert.NoError(t, err)
			assert.NotNil(t, sess)
			assert.EqualValues(t, sess, raw)

			assert.NotEqualValues(t, initialSid, sess.ID())

			uname := sess.Get("uname")
			assert.NotNil(t, uname)
			assert.EqualValues(t, "unknwon", uname)

			assert.NoError(t, sess.Set("uname", "lunny"))
			uname = sess.Get("uname")
			assert.NotNil(t, uname)
			assert.EqualValues(t, "lunny", uname)
		})
		c.Get("/get", func(resp http.ResponseWriter, req *http.Request) {
			sess := GetSession(req)
			sid := sess.ID()
			assert.NotEmpty(t, sid)

			raw, err := sess.Read(sid)
			assert.NoError(t, err)
			assert.NotNil(t, raw)

			uname := sess.Get("uname")
			assert.NotNil(t, uname)
			assert.EqualValues(t, "lunny", uname)

			assert.NoError(t, sess.Delete("uname"))
			assert.Nil(t, sess.Get("uname"))

			assert.NoError(t, sess.Destroy(resp, req))
		})

		resp := httptest.NewRecorder()
		req, err := http.NewRequest("GET", "/", nil)
		require.NoError(t, err)
		c.ServeHTTP(resp, req)

		cookie := resp.Header().Get("Set-Cookie")

		resp = httptest.NewRecorder()
		req, err = http.NewRequest("GET", "/reg", nil)
		require.NoError(t, err)
		req.Header.Set("Cookie", cookie)
		c.ServeHTTP(resp, req)

		cookie = resp.Header().Get("Set-Cookie")

		resp = httptest.NewRecorder()
		req, err = http.NewRequest("GET", "/get", nil)
		require.NoError(t, err)
		req.Header.Set("Cookie", cookie)
		c.ServeHTTP(resp, req)
	})

	t.Run("Regenerate empty session", func(t *testing.T) {
		c := chi.NewRouter()
		c.Use(Sessioner(opt))
		c.Get("/", func(resp http.ResponseWriter, req *http.Request) {
			sess := GetSession(req)
			raw, err := sess.RegenerateID(resp, req)
			assert.NoError(t, err)
			assert.NotNil(t, raw)
		})

		resp := httptest.NewRecorder()
		req, err := http.NewRequest("GET", "/", nil)
		require.NoError(t, err)
		req.Header.Set("Cookie", "MacaronSession=ad2c7e3cbecfcf48; Path=/;")
		c.ServeHTTP(resp, req)
	})

	t.Run("GC session", func(t *testing.T) {
		c := chi.NewRouter()
		opt2 := opt
		opt2.Gclifetime = 1
		c.Use(Sessioner(opt2))

		c.Get("/", func(_ http.ResponseWriter, req *http.Request) {
			sess := GetSession(req)
			assert.NoError(t, sess.Set("uname", "unknwon"))
			assert.NotEmpty(t, sess.ID())
			uname := sess.Get("uname")
			assert.NotNil(t, uname)
			assert.EqualValues(t, "unknwon", uname)

			assert.NoError(t, sess.Flush())
			assert.Nil(t, sess.Get("uname"))

			time.Sleep(2 * time.Second)
			sess.GC()
			assert.Zero(t, sess.Count())
		})

		resp := httptest.NewRecorder()
		req, err := http.NewRequest("GET", "/", nil)
		require.NoError(t, err)
		c.ServeHTTP(resp, req)
	})
	t.Run("Detect invalid sid", func(t *testing.T) {
		c := chi.NewRouter()
		c.Use(Sessioner(opt))
		c.Get("/", func(_ http.ResponseWriter, req *http.Request) {
			sess := GetSession(req)
			raw, err := sess.Read("../session/ad2c7e3cbecfcf486")
			assert.Contains(t, err.Error(), "invalid 'sid'")
			assert.Nil(t, raw)
		})

		resp := httptest.NewRecorder()
		req, err := http.NewRequest("GET", "/", nil)
		require.NoError(t, err)
		c.ServeHTTP(resp, req)
	})
}
Adding upstream version 1.0.1. Signed-off-by: Daniel Baumann <daniel@debian.org> 2025-05-18 15:03:50 +02:00			`// Copyright 2014 The Macaron Authors`
			`// Copyright 2024 The Forgejo Authors`
			`//`
			`// Licensed under the Apache License, Version 2.0 (the "License"): you may`
			`// not use this file except in compliance with the License. You may obtain`
			`// a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT`
			`// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the`
			`// License for the specific language governing permissions and limitations`
			`// under the License.`

			`package session`

			`import (`
			`"net/http"`
			`"net/http/httptest"`
			`"testing"`
			`"time"`

			`chi "github.com/go-chi/chi/v5"`
			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`
			`)`

			`func Test_Sessioner(t *testing.T) {`
			`t.Run("Use session middleware", func(t *testing.T) {`
			`c := chi.NewRouter()`
			`c.Use(Sessioner())`
			`c.Get("/", func(_ http.ResponseWriter, _ *http.Request) {})`

			`resp := httptest.NewRecorder()`
			`req, err := http.NewRequest("GET", "/", nil)`
			`require.NoError(t, err)`

			`c.ServeHTTP(resp, req)`
			`})`

			`t.Run("Register invalid provider", func(t *testing.T) {`
			`t.Run("Provider not exists", func(t *testing.T) {`
			`assert.Panics(t, func() {`
			`c := chi.NewRouter()`
			`c.Use(Sessioner(Options{`
			`Provider: "fake",`
			`}))`
			`})`
			`})`

			`t.Run("Provider value is nil", func(t *testing.T) {`
			`assert.Panics(t, func() {`
			`Register("fake", nil)`
			`})`
			`})`

			`t.Run("Register twice", func(t *testing.T) {`
			`assert.Panics(t, func() {`
			`Register("memory", &MemProvider{})`
			`})`
			`})`
			`})`
			`}`

			`func testProvider(t *testing.T, opt Options) {`
			`t.Run("Basic operation", func(t *testing.T) {`
			`c := chi.NewRouter()`
			`c.Use(Sessioner(opt))`
			`var initialSid string`

			`c.Get("/", func(_ http.ResponseWriter, req *http.Request) {`
			`sess := GetSession(req)`
			`assert.NoError(t, sess.Set("uname", "unknwon"))`
			`initialSid = sess.ID()`
			`})`
			`c.Get("/reg", func(resp http.ResponseWriter, req *http.Request) {`
			`sess := GetSession(req)`
			`assert.EqualValues(t, initialSid, sess.ID())`
			`raw, err := RegenerateSession(resp, req)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, sess)`
			`assert.EqualValues(t, sess, raw)`

			`assert.NotEqualValues(t, initialSid, sess.ID())`

			`uname := sess.Get("uname")`
			`assert.NotNil(t, uname)`
			`assert.EqualValues(t, "unknwon", uname)`

			`assert.NoError(t, sess.Set("uname", "lunny"))`
			`uname = sess.Get("uname")`
			`assert.NotNil(t, uname)`
			`assert.EqualValues(t, "lunny", uname)`
			`})`
			`c.Get("/get", func(resp http.ResponseWriter, req *http.Request) {`
			`sess := GetSession(req)`
			`sid := sess.ID()`
			`assert.NotEmpty(t, sid)`

			`raw, err := sess.Read(sid)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, raw)`

			`uname := sess.Get("uname")`
			`assert.NotNil(t, uname)`
			`assert.EqualValues(t, "lunny", uname)`

			`assert.NoError(t, sess.Delete("uname"))`
			`assert.Nil(t, sess.Get("uname"))`

			`assert.NoError(t, sess.Destroy(resp, req))`
			`})`

			`resp := httptest.NewRecorder()`
			`req, err := http.NewRequest("GET", "/", nil)`
			`require.NoError(t, err)`
			`c.ServeHTTP(resp, req)`

			`cookie := resp.Header().Get("Set-Cookie")`

			`resp = httptest.NewRecorder()`
			`req, err = http.NewRequest("GET", "/reg", nil)`
			`require.NoError(t, err)`
			`req.Header.Set("Cookie", cookie)`
			`c.ServeHTTP(resp, req)`

			`cookie = resp.Header().Get("Set-Cookie")`

			`resp = httptest.NewRecorder()`
			`req, err = http.NewRequest("GET", "/get", nil)`
			`require.NoError(t, err)`
			`req.Header.Set("Cookie", cookie)`
			`c.ServeHTTP(resp, req)`
			`})`

			`t.Run("Regenerate empty session", func(t *testing.T) {`
			`c := chi.NewRouter()`
			`c.Use(Sessioner(opt))`
			`c.Get("/", func(resp http.ResponseWriter, req *http.Request) {`
			`sess := GetSession(req)`
			`raw, err := sess.RegenerateID(resp, req)`
			`assert.NoError(t, err)`
			`assert.NotNil(t, raw)`
			`})`

			`resp := httptest.NewRecorder()`
			`req, err := http.NewRequest("GET", "/", nil)`
			`require.NoError(t, err)`
			`req.Header.Set("Cookie", "MacaronSession=ad2c7e3cbecfcf48; Path=/;")`
			`c.ServeHTTP(resp, req)`
			`})`

			`t.Run("GC session", func(t *testing.T) {`
			`c := chi.NewRouter()`
			`opt2 := opt`
			`opt2.Gclifetime = 1`
			`c.Use(Sessioner(opt2))`

			`c.Get("/", func(_ http.ResponseWriter, req *http.Request) {`
			`sess := GetSession(req)`
			`assert.NoError(t, sess.Set("uname", "unknwon"))`
			`assert.NotEmpty(t, sess.ID())`
			`uname := sess.Get("uname")`
			`assert.NotNil(t, uname)`
			`assert.EqualValues(t, "unknwon", uname)`

			`assert.NoError(t, sess.Flush())`
			`assert.Nil(t, sess.Get("uname"))`

			`time.Sleep(2 * time.Second)`
			`sess.GC()`
			`assert.Zero(t, sess.Count())`
			`})`

			`resp := httptest.NewRecorder()`
			`req, err := http.NewRequest("GET", "/", nil)`
			`require.NoError(t, err)`
			`c.ServeHTTP(resp, req)`
			`})`
			`t.Run("Detect invalid sid", func(t *testing.T) {`
			`c := chi.NewRouter()`
			`c.Use(Sessioner(opt))`
			`c.Get("/", func(_ http.ResponseWriter, req *http.Request) {`
			`sess := GetSession(req)`
			`raw, err := sess.Read("../session/ad2c7e3cbecfcf486")`
			`assert.Contains(t, err.Error(), "invalid 'sid'")`
			`assert.Nil(t, raw)`
			`})`

			`resp := httptest.NewRecorder()`
			`req, err := http.NewRequest("GET", "/", nil)`
			`require.NoError(t, err)`
			`c.ServeHTTP(resp, req)`
			`})`
			`}`