Adding upstream version 2.52.6.

Signed-off-by: Daniel Baumann <daniel@debian.org>
2025-05-17 06:50:16 +02:00 · 2025-05-17 06:50:16 +02:00 · 6d002e9543
commit 6d002e9543
parent a960158181
441 changed files with 95392 additions and 0 deletions
--- a/middleware/session/store_test.go
+++ b/middleware/session/store_test.go
@ -0,0 +1,119 @@
+package session
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/gofiber/fiber/v2"
+	"github.com/gofiber/fiber/v2/utils"
+
+	"github.com/valyala/fasthttp"
+)
+
+// go test -run TestStore_getSessionID
+func TestStore_getSessionID(t *testing.T) {
+	t.Parallel()
+	expectedID := "test-session-id"
+
+	// fiber instance
+	app := fiber.New()
+
+	t.Run("from cookie", func(t *testing.T) {
+		t.Parallel()
+		// session store
+		store := New()
+		// fiber context
+		ctx := app.AcquireCtx(&fasthttp.RequestCtx{})
+		defer app.ReleaseCtx(ctx)
+		// set cookie
+		ctx.Request().Header.SetCookie(store.sessionName, expectedID)
+
+		utils.AssertEqual(t, expectedID, store.getSessionID(ctx))
+	})
+
+	t.Run("from header", func(t *testing.T) {
+		t.Parallel()
+		// session store
+		store := New(Config{
+			KeyLookup: "header:session_id",
+		})
+		// fiber context
+		ctx := app.AcquireCtx(&fasthttp.RequestCtx{})
+		defer app.ReleaseCtx(ctx)
+		// set header
+		ctx.Request().Header.Set(store.sessionName, expectedID)
+
+		utils.AssertEqual(t, expectedID, store.getSessionID(ctx))
+	})
+
+	t.Run("from url query", func(t *testing.T) {
+		t.Parallel()
+		// session store
+		store := New(Config{
+			KeyLookup: "query:session_id",
+		})
+		// fiber context
+		ctx := app.AcquireCtx(&fasthttp.RequestCtx{})
+		defer app.ReleaseCtx(ctx)
+		// set url parameter
+		ctx.Request().SetRequestURI(fmt.Sprintf("/path?%s=%s", store.sessionName, expectedID))
+
+		utils.AssertEqual(t, expectedID, store.getSessionID(ctx))
+	})
+}
+
+// go test -run TestStore_Get
+// Regression: https://github.com/gofiber/fiber/issues/1408
+// Regression: https://github.com/gofiber/fiber/security/advisories/GHSA-98j2-3j3p-fw2v
+func TestStore_Get(t *testing.T) {
+	t.Parallel()
+	unexpectedID := "test-session-id"
+	// fiber instance
+	app := fiber.New()
+	t.Run("session should be re-generated if it is invalid", func(t *testing.T) {
+		t.Parallel()
+		// session store
+		store := New()
+		// fiber context
+		ctx := app.AcquireCtx(&fasthttp.RequestCtx{})
+		defer app.ReleaseCtx(ctx)
+		// set cookie
+		ctx.Request().Header.SetCookie(store.sessionName, unexpectedID)
+
+		acquiredSession, err := store.Get(ctx)
+		utils.AssertEqual(t, err, nil)
+
+		utils.AssertEqual(t, acquiredSession.ID() != unexpectedID, true)
+	})
+}
+
+// go test -run TestStore_DeleteSession
+func TestStore_DeleteSession(t *testing.T) {
+	t.Parallel()
+	// fiber instance
+	app := fiber.New()
+	// session store
+	store := New()
+
+	// fiber context
+	ctx := app.AcquireCtx(&fasthttp.RequestCtx{})
+	defer app.ReleaseCtx(ctx)
+
+	// Create a new session
+	session, err := store.Get(ctx)
+	utils.AssertEqual(t, err, nil)
+
+	// Save the session ID
+	sessionID := session.ID()
+
+	// Delete the session
+	err = store.Delete(sessionID)
+	utils.AssertEqual(t, err, nil)
+
+	// Try to get the session again
+	session, err = store.Get(ctx)
+	utils.AssertEqual(t, err, nil)
+
+	// The session ID should be different now, because the old session was deleted
+	utils.AssertEqual(t, session.ID() == sessionID, false)
+}